From 1fcc445b3d26a99e8953da32fadba650313ac5b1 Mon Sep 17 00:00:00 2001 From: jkoberg Date: Thu, 27 Jun 2024 10:30:22 +0200 Subject: [PATCH] fix(idm): allow setting user name on pw reset Signed-off-by: jkoberg --- changelog/unreleased/fix-pw-reset.md | 5 +++++ services/idm/pkg/command/resetpw.go | 30 ++++++++++++++++++---------- 2 files changed, 24 insertions(+), 11 deletions(-) create mode 100644 changelog/unreleased/fix-pw-reset.md diff --git a/changelog/unreleased/fix-pw-reset.md b/changelog/unreleased/fix-pw-reset.md new file mode 100644 index 0000000000..023eb53a66 --- /dev/null +++ b/changelog/unreleased/fix-pw-reset.md @@ -0,0 +1,5 @@ +Bugfix: Fix Password Reset + +The `ocis idm resetpassword` always used the hardcoded `admin` name for the user. Now user name can be specified via the `--user-name` (`-u`) flag. + +https://github.com/owncloud/ocis/pull/9479 diff --git a/services/idm/pkg/command/resetpw.go b/services/idm/pkg/command/resetpw.go index 415b047922..0fd204c501 100644 --- a/services/idm/pkg/command/resetpw.go +++ b/services/idm/pkg/command/resetpw.go @@ -25,9 +25,17 @@ import ( func ResetPassword(cfg *config.Config) *cli.Command { return &cli.Command{ Name: "resetpassword", - Usage: "Reset admin password", + Usage: "Reset user password", Category: "password reset", - Before: func(c *cli.Context) error { + Flags: []cli.Flag{ + &cli.StringFlag{ + Name: "user-name", + Aliases: []string{"u"}, + Usage: "User name", + Value: "admin", + }, + }, + Before: func(_ *cli.Context) error { return configlog.ReturnFatal(parser.ParseConfig(cfg)) }, Action: func(c *cli.Context) error { @@ -40,12 +48,12 @@ func ResetPassword(cfg *config.Config) *cli.Command { }() defer cancel() - return resetPassword(ctx, logger, cfg) + return resetPassword(ctx, logger, cfg, c.String("user-name")) }, } } -func resetPassword(ctx context.Context, logger log.Logger, cfg *config.Config) error { +func resetPassword(_ context.Context, logger log.Logger, cfg *config.Config, userName string) error { servercfg := server.Config{ Logger: log.LogrusWrap(logger.Logger), LDAPHandler: "boltdb", @@ -54,8 +62,8 @@ func resetPassword(ctx context.Context, logger log.Logger, cfg *config.Config) e BoltDBFile: cfg.IDM.DatabasePath, } - adminUserDN := "uid=admin,ou=users," + servercfg.LDAPBaseDN - fmt.Printf("Resetting password for user '%s'.\n", adminUserDN) + userDN := fmt.Sprintf("uid=%s,ou=users,%s", userName, servercfg.LDAPBaseDN) + fmt.Printf("Resetting password for user '%s'.\n", userDN) if _, err := os.Stat(servercfg.BoltDBFile); errors.Is(err, os.ErrNotExist) { fmt.Fprintf(os.Stderr, "IDM database does not exist.\n") return err @@ -82,23 +90,23 @@ func resetPassword(ctx context.Context, logger log.Logger, cfg *config.Config) e return err } - pwRequest := ldap.NewPasswordModifyRequest(adminUserDN, "", newPw) + pwRequest := ldap.NewPasswordModifyRequest(userDN, "", newPw) if err := bdb.UpdatePassword(pwRequest); err != nil { - fmt.Fprintf(os.Stderr, "Failed to update admin password: %v\n", err) + fmt.Fprintf(os.Stderr, "Failed to update user password: %v\n", err) } - fmt.Printf("Password for user '%s' updated.\n", adminUserDN) + fmt.Printf("Password for user '%s' updated.\n", userDN) return nil } func getPassword() (string, error) { fmt.Print("Enter new password: ") - bytePassword, err := term.ReadPassword(int(syscall.Stdin)) + bytePassword, err := term.ReadPassword(syscall.Stdin) if err != nil { return "", err } fmt.Println("") fmt.Print("Re-enter new password: ") - bytePasswordVerify, err := term.ReadPassword(int(syscall.Stdin)) + bytePasswordVerify, err := term.ReadPassword(syscall.Stdin) if err != nil { return "", err }