Bug fixes (#355)

* we should not require password to update users

* Fixing an issue were roles would not be added.

lemur/auth/views.py

@@ -191,9 +191,7 @@ class Ping(Resource):
             roles.append(role)
 
         # if we get an sso user create them an account
-        # we still pick a random password in case sso is down
         if not user:
-
             # every user is an operator (tied to a default role)
             if current_app.config.get('LEMUR_DEFAULT_ROLE'):
                 v = role_service.get_by_name(current_app.config.get('LEMUR_DEFAULT_ROLE'))

lemur/users/schemas.py

@@ -14,7 +14,7 @@ from lemur.schemas import AssociatedRoleSchema, AssociatedCertificateSchema, Ass
 class UserInputSchema(LemurInputSchema):
     username = fields.String(required=True)
     email = fields.Email(required=True)
-    password = fields.String(required=True)  # TODO add complexity requirements
+    password = fields.String()  # TODO add complexity requirements
     active = fields.Boolean()
     roles = fields.Nested(AssociatedRoleSchema, many=True, missing=[])
     certificates = fields.Nested(AssociatedCertificateSchema, many=True, missing=[])

lemur/users/service.py

@@ -29,8 +29,8 @@ def create(username, password, email, active, profile_picture, roles):
         email=email,
         active=active,
         profile_picture=profile_picture,
-        role=roles
     )
+    user.roles = roles
     return database.create(user)