forgejo/cmd/admin_user_change_password.go

// Copyright 2023 The Gitea Authors. All rights reserved.
// SPDX-License-Identifier: MIT

package cmd

import (
	"context"
	"errors"
	"fmt"

	user_model "code.gitea.io/gitea/models/user"
	pwd "code.gitea.io/gitea/modules/auth/password"
	"code.gitea.io/gitea/modules/setting"

	"github.com/urfave/cli"
)

var microcmdUserChangePassword = cli.Command{
	Name:   "change-password",
	Usage:  "Change a user's password",
	Action: runChangePassword,
	Flags: []cli.Flag{
		cli.StringFlag{
			Name:  "username,u",
			Value: "",
			Usage: "The user to change password for",
		},
		cli.StringFlag{
			Name:  "password,p",
			Value: "",
			Usage: "New password to set for user",
		},
	},
}

func runChangePassword(c *cli.Context) error {
	if err := argsSet(c, "username", "password"); err != nil {
		return err
	}

	ctx, cancel := installSignals()
	defer cancel()

	if err := initDB(ctx); err != nil {
		return err
	}
	if len(c.String("password")) < setting.MinPasswordLength {
		return fmt.Errorf("Password is not long enough. Needs to be at least %d", setting.MinPasswordLength)
	}

	if !pwd.IsComplexEnough(c.String("password")) {
		return errors.New("Password does not meet complexity requirements")
	}
	pwned, err := pwd.IsPwned(context.Background(), c.String("password"))
	if err != nil {
		return err
	}
	if pwned {
		return errors.New("The password you chose is on a list of stolen passwords previously exposed in public data breaches. Please try again with a different password.\nFor more details, see https://haveibeenpwned.com/Passwords")
	}
	uname := c.String("username")
	user, err := user_model.GetUserByName(ctx, uname)
	if err != nil {
		return err
	}
	if err = user.SetPassword(c.String("password")); err != nil {
		return err
	}

	if err = user_model.UpdateUserCols(ctx, user, "passwd", "passwd_hash_algo", "salt"); err != nil {
		return err
	}

	fmt.Printf("%s's password has been successfully updated!\n", user.Name)
	return nil
}
Add command to bulk set must-change-password (#22823) As part of administration sometimes it is appropriate to forcibly tell users to update their passwords. This PR creates a new command `gitea admin user must-change-password` which will set the `MustChangePassword` flag on the provided users. Signed-off-by: Andrew Thornton <art27@cantab.net> 2023-02-14 22:12:19 +00:00			`// Copyright 2023 The Gitea Authors. All rights reserved.`
			`// SPDX-License-Identifier: MIT`

			`package cmd`

			`import (`
			`"context"`
			`"errors"`
			`"fmt"`

			`user_model "code.gitea.io/gitea/models/user"`
Provide the ability to set password hash algorithm parameters (#22942) This PR refactors and improves the password hashing code within gitea and makes it possible for server administrators to set the password hashing parameters In addition it takes the opportunity to adjust the settings for `pbkdf2` in order to make the hashing a little stronger. The majority of this work was inspired by PR #14751 and I would like to thank @boppy for their work on this. Thanks to @gusted for the suggestion to adjust the `pbkdf2` hashing parameters. Close #14751 --------- Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: delvh <dev.lh@web.de> Co-authored-by: John Olheiser <john.olheiser@gmail.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> 2023-02-19 07:35:20 +00:00			`pwd "code.gitea.io/gitea/modules/auth/password"`
Add command to bulk set must-change-password (#22823) As part of administration sometimes it is appropriate to forcibly tell users to update their passwords. This PR creates a new command `gitea admin user must-change-password` which will set the `MustChangePassword` flag on the provided users. Signed-off-by: Andrew Thornton <art27@cantab.net> 2023-02-14 22:12:19 +00:00			`"code.gitea.io/gitea/modules/setting"`

			`"github.com/urfave/cli"`
			`)`

			`var microcmdUserChangePassword = cli.Command{`
			`Name: "change-password",`
			`Usage: "Change a user's password",`
			`Action: runChangePassword,`
			`Flags: []cli.Flag{`
			`cli.StringFlag{`
			`Name: "username,u",`
			`Value: "",`
			`Usage: "The user to change password for",`
			`},`
			`cli.StringFlag{`
			`Name: "password,p",`
			`Value: "",`
			`Usage: "New password to set for user",`
			`},`
			`},`
			`}`

			`func runChangePassword(c *cli.Context) error {`
			`if err := argsSet(c, "username", "password"); err != nil {`
			`return err`
			`}`

			`ctx, cancel := installSignals()`
			`defer cancel()`

			`if err := initDB(ctx); err != nil {`
			`return err`
			`}`
			`if len(c.String("password")) < setting.MinPasswordLength {`
			`return fmt.Errorf("Password is not long enough. Needs to be at least %d", setting.MinPasswordLength)`
			`}`

			`if !pwd.IsComplexEnough(c.String("password")) {`
			`return errors.New("Password does not meet complexity requirements")`
			`}`
			`pwned, err := pwd.IsPwned(context.Background(), c.String("password"))`
			`if err != nil {`
			`return err`
			`}`
			`if pwned {`
			`return errors.New("The password you chose is on a list of stolen passwords previously exposed in public data breaches. Please try again with a different password.\nFor more details, see https://haveibeenpwned.com/Passwords")`
			`}`
			`uname := c.String("username")`
			`user, err := user_model.GetUserByName(ctx, uname)`
			`if err != nil {`
			`return err`
			`}`
			`if err = user.SetPassword(c.String("password")); err != nil {`
			`return err`
			`}`

			`if err = user_model.UpdateUserCols(ctx, user, "passwd", "passwd_hash_algo", "salt"); err != nil {`
			`return err`
			`}`

			`fmt.Printf("%s's password has been successfully updated!\n", user.Name)`
			`return nil`
			`}`