2023-02-14 15:12:19 -07:00
// Copyright 2023 The Gitea Authors. All rights reserved.
// SPDX-License-Identifier: MIT
package cmd
import (
"errors"
"fmt"
user_model "code.gitea.io/gitea/models/user"
2024-02-04 06:29:09 -07:00
"code.gitea.io/gitea/modules/auth/password"
"code.gitea.io/gitea/modules/optional"
2023-02-14 15:12:19 -07:00
"code.gitea.io/gitea/modules/setting"
2024-02-04 06:29:09 -07:00
user_service "code.gitea.io/gitea/services/user"
2023-02-14 15:12:19 -07:00
2023-07-21 03:28:19 -06:00
"github.com/urfave/cli/v2"
2023-02-14 15:12:19 -07:00
)
2023-07-21 03:28:19 -06:00
var microcmdUserChangePassword = & cli . Command {
2023-02-14 15:12:19 -07:00
Name : "change-password" ,
Usage : "Change a user's password" ,
Action : runChangePassword ,
Flags : [ ] cli . Flag {
2023-07-21 03:28:19 -06:00
& cli . StringFlag {
Name : "username" ,
Aliases : [ ] string { "u" } ,
Value : "" ,
Usage : "The user to change password for" ,
2023-02-14 15:12:19 -07:00
} ,
2023-07-21 03:28:19 -06:00
& cli . StringFlag {
Name : "password" ,
Aliases : [ ] string { "p" } ,
Value : "" ,
Usage : "New password to set for user" ,
2023-02-14 15:12:19 -07:00
} ,
2024-02-03 10:53:27 -07:00
& cli . BoolFlag {
Name : "must-change-password" ,
2024-04-27 06:23:37 -06:00
Usage : "User must change password (can be disabled by --must-change-password=false)" ,
2024-04-14 11:22:14 -06:00
Value : true ,
2024-02-03 10:53:27 -07:00
} ,
2023-02-14 15:12:19 -07:00
} ,
}
func runChangePassword ( c * cli . Context ) error {
if err := argsSet ( c , "username" , "password" ) ; err != nil {
return err
}
ctx , cancel := installSignals ( )
defer cancel ( )
if err := initDB ( ctx ) ; err != nil {
return err
}
2024-02-04 06:29:09 -07:00
user , err := user_model . GetUserByName ( c tx , c . String ( "username" ) )
2023-02-14 15:12:19 -07:00
if err != nil {
return err
}
2024-02-04 06:29:09 -07:00
opts := & user_service . UpdateAuthOptions {
Password : optional . Some ( c . String ( "password" ) ) ,
2024-04-14 11:22:14 -06:00
MustChangePassword : optional . Some ( c . Bool ( "must-change-password" ) ) ,
2024-02-04 06:29:09 -07:00
}
if err := user_service . UpdateAuth ( ctx , user , opts ) ; err != nil {
switch {
case errors . Is ( err , password . ErrMinLength ) :
2024-04-14 11:22:14 -06:00
return fmt . Errorf ( "password is not long enough, needs to be at least %d characters" , setting . MinPasswordLength )
2024-02-04 06:29:09 -07:00
case errors . Is ( err , password . ErrComplexity ) :
2024-04-14 11:22:14 -06:00
return errors . New ( "password does not meet complexity requirements" )
2024-02-04 06:29:09 -07:00
case errors . Is ( err , password . ErrIsPwned ) :
2024-04-14 11:22:14 -06:00
return errors . New ( "the password is in a list of stolen passwords previously exposed in public data breaches, please try again with a different password, to see more details: https://haveibeenpwned.com/Passwords" )
2024-02-04 06:29:09 -07:00
default :
return err
}
2023-02-14 15:12:19 -07:00
}
fmt . Printf ( "%s's password has been successfully updated!\n" , user . Name )
return nil
}