fix(idm): allow setting user name on pw reset

Signed-off-by: jkoberg <jkoberg@owncloud.com>
2026-04-27 06:19:25 -05:00 · 2024-06-27 10:30:22 +02:00
parent 5f03a566ee
commit 1fcc445b3d
2 changed files with 24 additions and 11 deletions
@@ -0,0 +1,5 @@
+Bugfix: Fix Password Reset
+
+The `ocis idm resetpassword` always used the hardcoded `admin` name for the user. Now user name can be specified via the `--user-name` (`-u`) flag.
+
+https://github.com/owncloud/ocis/pull/9479
@@ -25,9 +25,17 @@ import (
 func ResetPassword(cfg *config.Config) *cli.Command {
 	return &cli.Command{
 		Name:     "resetpassword",
-		Usage:    "Reset admin password",
+		Usage:    "Reset user password",
 		Category: "password reset",
-		Before: func(c *cli.Context) error {
+		Flags: []cli.Flag{
+			&cli.StringFlag{
+				Name:    "user-name",
+				Aliases: []string{"u"},
+				Usage:   "User name",
+				Value:   "admin",
+			},
+		},
+		Before: func(_ *cli.Context) error {
 			return configlog.ReturnFatal(parser.ParseConfig(cfg))
 		},
 		Action: func(c *cli.Context) error {
@@ -40,12 +48,12 @@ func ResetPassword(cfg *config.Config) *cli.Command {
 			}()

 			defer cancel()
-			return resetPassword(ctx, logger, cfg)
+			return resetPassword(ctx, logger, cfg, c.String("user-name"))
 		},
 	}
 }

-func resetPassword(ctx context.Context, logger log.Logger, cfg *config.Config) error {
+func resetPassword(_ context.Context, logger log.Logger, cfg *config.Config, userName string) error {
 	servercfg := server.Config{
 		Logger:      log.LogrusWrap(logger.Logger),
 		LDAPHandler: "boltdb",
@@ -54,8 +62,8 @@ func resetPassword(ctx context.Context, logger log.Logger, cfg *config.Config) e
 		BoltDBFile: cfg.IDM.DatabasePath,
 	}

-	adminUserDN := "uid=admin,ou=users," + servercfg.LDAPBaseDN
-	fmt.Printf("Resetting password for user '%s'.\n", adminUserDN)
+	userDN := fmt.Sprintf("uid=%s,ou=users,%s", userName, servercfg.LDAPBaseDN)
+	fmt.Printf("Resetting password for user '%s'.\n", userDN)
 	if _, err := os.Stat(servercfg.BoltDBFile); errors.Is(err, os.ErrNotExist) {
 		fmt.Fprintf(os.Stderr, "IDM database does not exist.\n")
 		return err
@@ -82,23 +90,23 @@ func resetPassword(ctx context.Context, logger log.Logger, cfg *config.Config) e
 		return err
 	}

-	pwRequest := ldap.NewPasswordModifyRequest(adminUserDN, "", newPw)
+	pwRequest := ldap.NewPasswordModifyRequest(userDN, "", newPw)
 	if err := bdb.UpdatePassword(pwRequest); err != nil {
-		fmt.Fprintf(os.Stderr, "Failed to update admin password: %v\n", err)
+		fmt.Fprintf(os.Stderr, "Failed to update user password: %v\n", err)
 	}
-	fmt.Printf("Password for user '%s' updated.\n", adminUserDN)
+	fmt.Printf("Password for user '%s' updated.\n", userDN)
 	return nil
 }

 func getPassword() (string, error) {
 	fmt.Print("Enter new password: ")
-	bytePassword, err := term.ReadPassword(int(syscall.Stdin))
+	bytePassword, err := term.ReadPassword(syscall.Stdin)
 	if err != nil {
 		return "", err
 	}
 	fmt.Println("")
 	fmt.Print("Re-enter new password: ")
-	bytePasswordVerify, err := term.ReadPassword(int(syscall.Stdin))
+	bytePasswordVerify, err := term.ReadPassword(syscall.Stdin)
 	if err != nil {
 		return "", err
 	}