forked from mirror/gitea
f8b471ace1
Fixes #28660 Fixes an admin api bug related to `user.LoginSource` Fixed `/user/emails` response not identical to GitHub api This PR unifies the user update methods. The goal is to keep the logic only at one place (having audit logs in mind). For example, do the password checks only in one method not everywhere a password is updated. After that PR is merged, the user creation should be next.
85 lines
2.2 KiB
Go
85 lines
2.2 KiB
Go
// Copyright 2023 The Gitea Authors. All rights reserved.
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
package cmd
|
|
|
|
import (
|
|
"errors"
|
|
"fmt"
|
|
|
|
user_model "code.gitea.io/gitea/models/user"
|
|
"code.gitea.io/gitea/modules/auth/password"
|
|
"code.gitea.io/gitea/modules/optional"
|
|
"code.gitea.io/gitea/modules/setting"
|
|
user_service "code.gitea.io/gitea/services/user"
|
|
|
|
"github.com/urfave/cli/v2"
|
|
)
|
|
|
|
var microcmdUserChangePassword = &cli.Command{
|
|
Name: "change-password",
|
|
Usage: "Change a user's password",
|
|
Action: runChangePassword,
|
|
Flags: []cli.Flag{
|
|
&cli.StringFlag{
|
|
Name: "username",
|
|
Aliases: []string{"u"},
|
|
Value: "",
|
|
Usage: "The user to change password for",
|
|
},
|
|
&cli.StringFlag{
|
|
Name: "password",
|
|
Aliases: []string{"p"},
|
|
Value: "",
|
|
Usage: "New password to set for user",
|
|
},
|
|
&cli.BoolFlag{
|
|
Name: "must-change-password",
|
|
Usage: "User must change password",
|
|
},
|
|
},
|
|
}
|
|
|
|
func runChangePassword(c *cli.Context) error {
|
|
if err := argsSet(c, "username", "password"); err != nil {
|
|
return err
|
|
}
|
|
|
|
ctx, cancel := installSignals()
|
|
defer cancel()
|
|
|
|
if err := initDB(ctx); err != nil {
|
|
return err
|
|
}
|
|
|
|
user, err := user_model.GetUserByName(ctx, c.String("username"))
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
var mustChangePassword optional.Option[bool]
|
|
if c.IsSet("must-change-password") {
|
|
mustChangePassword = optional.Some(c.Bool("must-change-password"))
|
|
}
|
|
|
|
opts := &user_service.UpdateAuthOptions{
|
|
Password: optional.Some(c.String("password")),
|
|
MustChangePassword: mustChangePassword,
|
|
}
|
|
if err := user_service.UpdateAuth(ctx, user, opts); err != nil {
|
|
switch {
|
|
case errors.Is(err, password.ErrMinLength):
|
|
return fmt.Errorf("Password is not long enough. Needs to be at least %d", setting.MinPasswordLength)
|
|
case errors.Is(err, password.ErrComplexity):
|
|
return errors.New("Password does not meet complexity requirements")
|
|
case errors.Is(err, password.ErrIsPwned):
|
|
return errors.New("The password you chose is on a list of stolen passwords previously exposed in public data breaches. Please try again with a different password.\nFor more details, see https://haveibeenpwned.com/Passwords")
|
|
default:
|
|
return err
|
|
}
|
|
}
|
|
|
|
fmt.Printf("%s's password has been successfully updated!\n", user.Name)
|
|
return nil
|
|
}
|