Aller au contenu principal
Jahia Store
FR

Bulk create users

community
Télécharger 2.0.1

Informations

Identifiant du module
bulk-create-users
Identifiant de groupe
org.jahia.community
Statut
community
Catégorie
Admin Features
Auteur
Florent BOURASSE
Site web du développeur
http://www.jahia.com
Nécessite Jahia
8.2.1.0
Mis à jour
2026-07-09
Source
scm:git:git@github.com:Jahia/bulk-create-users.git
Étiquettes
  • user

A Jahia community module that provides a UI and GraphQL API to bulk-create users from a CSV file, with optional group assignment.

Features

  • Bulk user creation from a CSV file via a React admin UI
  • Column selection: choose which optional properties to import per run
  • Group assignment using [group1],[group2] bracket notation
  • Skips existing users (increments skipped count) instead of failing
  • Detailed import result: created, skipped, error counts and per-row error messages
  • Max upload size enforced from Jahia's own SettingsBean configuration
  • GraphQL mutation API (bulkCreateUsersImport) for programmatic imports
  • Site-scoped or global user creation

Captures d'écran

Versions

Highlights

  • Major security hardening of the bulk user import flow: privilege-escalation guards, sensitive-property blocklist, upload-size enforcement, and per-row commit isolation so a single malformed row no longer poisons an entire batch.
  • Full WCAG 2.1 AA accessibility pass on the admin UI (contrast, labeling, aria-live, focus styling).
  • Backend quality refactor to fit SonarQube limits (cognitive complexity, lazy logging, narrowed exception scope) — no behavior change.
  • Toolchain modernization: ESLint v8, Dependabot enabled, yarn PnP artifacts removed, CVE fixes pulled in via resolutions.

Features

  • Restrictive default for selectedColumns (7dca079): when omitted/empty, only required user properties are written; optional CSV columns now require explicit opt-in. The groups column remains special-cased and honored whenever present in the CSV header.

Fixes

Security (b662a287dca079)

  • Refuse adding users to privileged groups (administrators, server-/root-/site-/system-administrators, compliance-managers, etc.).
  • Reject writes to sensitive user properties (jcr:*j:rolesIn*j:account*j:external*j:passwordj:rolesj:permissions, ...).
  • Enforce server-side upload size limit on csvContent via SettingsBean.getJahiaFileUploadMaxSize().
  • Case-insensitive root protection based on the resolved JCR name rather than the raw CSV value.
  • Bounds-check row length to prevent malformed CSV rows from aborting the import.
  • Sanitize CRLF/tabs and truncate attacker-controlled values written to logs.
  • Stop leaking JCR exception messages to GraphQL clients (generic error returned; details kept server-side).
  • Per-row commit isolation with refresh(false) on failure to avoid staged partial mutations leaking across rows.

Accessibility (070bb0057ec71c, 62646b, ac0f4db957a1f174628509588568)

  • Resolve WCAG 2.1 AA audit issues in the admin UI (multiple passes).
  • AAA contrast fixes; submit-button contrast and file-input labeling fixed.
  • Hide empty result box visually while keeping the aria-live region in the DOM.
  • Hide bcu-missing-required styling when no fields are actually missing.

Dependencies / CVE

  • 7a228f4 — Upgrade systeminformation 5.31.5 → 5.31.6 via resolution (CVE).
  • 7e75def — Upgrade @babel/plugin-transform-modules-systemjs (Dependabot alert).
  • c7a685c — Add Dependabot configuration.

Refactoring

  • 0f0a0b2 — backend quality refactor: split the monolithic UsersHandler.processUser / addUserToGroups paths into focused helpers; bundle per-import state into immutable carriers (ImportRequestCsvLayoutRowContext) to keep parameter counts and cognitive complexity inside SonarQube limits. Added lazy() wrapper around sanitizeForLog (rule S2629). Narrowed the import-level catch to IOException (rule S112). No behavior change.
  • 0912cec — style: simplify bcu_columnFieldset to keep only border-bottom.

Tests

  • 86b2c1d — Cypress selector fix: select the file input by name attribute (input[name="csvFile"]) so tests stay aligned with the a11y refactor that restructured the file-input markup; resilient to future label/id changes.
  • 7dca079 — Cypress coverage for the new restrictive selectedColumns default and for row-level isolation of malformed rows.
  • Additional adjustments across 02-bulkCreateUsersUI-Layout.cy.ts03-bulkCreateUsersUI-Import.cy.ts04-bulkCreateUsersUI-ColumnSelection.cy.ts.

Tooling / Build

  • cc2343e — Upgrade ESLint to v8 and @jahia/eslint-config to v2.2.0 (flatten config).
  • a78af1a — Clean up yarn PnP files (.pnp.cjs.pnp.loader.mjs removed at both root and tests/).
  • c23b197 — Rename CLAUDE.md to AGENTS.md and add a CLAUDE.md reference pointer.

Full Changelog2_0_0...2_0_1

Nécessite Jahia 8.2.1.0Mis à jour 2026-05-19
Nécessite Jahia 8.2.1.0Mis à jour 2026-04-26
Nécessite Jahia 8.1.7.2Mis à jour 2025-07-10
Nécessite Jahia 8.0.1.0Mis à jour 2025-06-12