-
-
Notifications
You must be signed in to change notification settings - Fork 5.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add must-change-password
cli parameter
#27626
Conversation
2e17689
to
3a08cc3
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we use it on the other user option that way ... reverting this in that way will just make it more difficult as we have now two similar options but they work the other way
This reverts commit 77e2e23.
@KN4CK3R I did make it the same as the other option ... if you disagree please force push that change away :) |
@6543 So, what's the command line for changing a users password without requesting a change from them? |
|
Yep, and that's wrong:
inverted command:
|
ah now I get your concerns ... let me fix that issue ... |
diff --git a/cmd/admin_user_change_password.go b/cmd/admin_user_change_password.go
index f1b08c197e..1a7d96a920 100644
--- a/cmd/admin_user_change_password.go
+++ b/cmd/admin_user_change_password.go
@@ -32,11 +32,7 @@ var microcmdUserChangePassword = &cli.Command{
Value: "",
Usage: "New password to set for user",
},
- &cli.BoolFlag{
- Name: "must-change-password",
- Value: true,
- Usage: "User must change password",
- },
+ mustChangePasswordFlag,
},
}
@@ -74,7 +70,7 @@ func runChangePassword(c *cli.Context) error {
return err
}
- user.MustChangePassword = c.Bool("must-change-password")
+ user.MustChangePassword = mustChangePassword(c)
if err = user_model.UpdateUserCols(ctx, user, "must_change_password", "passwd", "passwd_hash_algo", "salt"); err != nil {
return err
diff --git a/cmd/admin_user_create.go b/cmd/admin_user_create.go
index fefe18d39c..2f4a1d0843 100644
--- a/cmd/admin_user_create.go
+++ b/cmd/admin_user_create.go
@@ -45,10 +45,7 @@ var microcmdUserCreate = &cli.Command{
Name: "random-password",
Usage: "Generate a random password for the user",
},
- &cli.BoolFlag{
- Name: "must-change-password",
- Usage: "Set this option to false to prevent forcing the user to change their password after initial login, (Default: true)",
- },
+ mustChangePasswordFlag,
&cli.IntFlag{
Name: "random-password-length",
Usage: "Length of the random password to be generated",
@@ -110,19 +107,14 @@ func runCreateUser(c *cli.Context) error {
return errors.New("must set either password or random-password flag")
}
- // always default to true
- changePassword := true
+ changePassword := mustChangePassword(c)
// If this is the first user being created.
// Take it as the admin and don't force a password update.
- if n := user_model.CountUsers(ctx, nil); n == 0 {
+ if !c.IsSet("must-change-password") && user_model.CountUsers(ctx, nil) == 0 {
changePassword = false
}
- if c.IsSet("must-change-password") {
- changePassword = c.Bool("must-change-password")
- }
-
restricted := util.OptionalBoolNone
if c.IsSet("restricted") { |
// Copyright 2023 The Gitea Authors. All rights reserved.
// SPDX-License-Identifier: MIT
package cmd
import (
"strconv"
"github.com/urfave/cli/v2"
)
var mustChangePasswordFlag = &cli.StringFlag{
Name: "must-change-password",
Value: "true",
Usage: "Set this option to false to prevent forcing the user to change their password after initial login, (Default: true)",
}
// return bool of must-change-password flag
func mustChangePassword(c *cli.Context) bool {
v, _ := strconv.ParseBool(c.String("must-change-password"))
return v
} |
what do you think? |
Personally I would not want this workaround because it's different to every other command. |
@@ -95,6 +95,7 @@ Admin operations: | |||
- Options: | |||
- `--username value`, `-u value`: Username. Required. | |||
- `--password value`, `-p value`: New password. Required. | |||
- `--must-change-password`: If provided, the user is required to choose a new password after the login. Optional. (default: true). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- `--must-change-password`: If provided, the user is required to choose a new password after the login. Optional. (default: true). | |
- `--must-change-password`, `--must-change-password=true/false`: If provided, the user is required to choose a new password after the login. Optional. |
The (default: true)
and optional
might cause misunderstanding IMO.
I think everyone could understand that --must-change-password
means --must-change-password=true
Or just follow the wording above, like - `--admin`: If provided, this makes the user an admin. Optional.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there any other suggestion? If no, could I commit this suggestion and approve?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The suggestion sounds good
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changed the wording. Now the default is false
if the flag is not set. I still think this should default to true
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sure, but I think if it defaults to true, then it might needs some new wording. (the old one makes me think for quite a long time to understand what is "optional" and what is "default: true" ....)
Maybe like this?
- `--must-change-password`: Default to true, the user is required to choose a new password after login. Use `--must-change-password=false` to disable this option.
Anyway, no better idea from my side. Either is fine to me.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think I just used the wording from here:
gitea/docs/content/administration/command-line.en-us.md
Lines 86 to 87 in 360b3fd
- `--must-change-password`: If provided, the created user will be required to choose a newer password after the | |
initial login. Optional. (default: true). |
Maybe we should have a common format for optional and required parameters.
* giteaofficial/main: Add `must-change-password` cli parameter (go-gitea#27626) Include username in email headers (go-gitea#28981) Update tool dependencies (go-gitea#29030) Add artifacts v4 jwt to job message and accept it (go-gitea#28885) Pass es2020 to esbuild-loader as well (go-gitea#29027) Fix default avatar image size in PR diff page (go-gitea#28971) Update JS and PY dependencies, build for `es2020` browsers (go-gitea#28977)
This PR adds a new `must-change-password` parameter to the `change-password` cli command. We already have the `must-change-password` command but it feels natural to have this integrated into the `change-password` cli command. --------- Co-authored-by: 6543 <6543@obermui.de>
-> Improve "must-change-password" logic and document #30472 |
This PR adds a new
must-change-password
parameter to thechange-password
cli command.We already have the
must-change-password
command but it feels natural to have this integrated into thechange-password
cli command.