grafana/pkg/cmd/grafana-cli/commands/reset_password_command.go

package commands

import (
	"bufio"
	"context"
	"fmt"
	"os"

	"github.com/fatih/color"

	"github.com/grafana/grafana/pkg/cmd/grafana-cli/logger"
	"github.com/grafana/grafana/pkg/cmd/grafana-cli/utils"
	"github.com/grafana/grafana/pkg/server"
	"github.com/grafana/grafana/pkg/services/user"
	"github.com/grafana/grafana/pkg/util"
)

const DefaultAdminUserId = 1

func resetPasswordCommand(c utils.CommandLine, runner server.Runner) error {
	newPassword := ""
	adminId := int64(c.Int("user-id"))

	if c.Bool("password-from-stdin") {
		logger.Infof("New Password: ")

		scanner := bufio.NewScanner(os.Stdin)
		if ok := scanner.Scan(); !ok {
			if err := scanner.Err(); err != nil {
				return fmt.Errorf("can't read password from stdin: %w", err)
			}
			return fmt.Errorf("can't read password from stdin")
		}
		newPassword = scanner.Text()
	} else {
		newPassword = c.Args().First()
	}

	err := resetPassword(adminId, newPassword, runner.UserService)
	if err == nil {
		logger.Infof("\n")
		logger.Infof("Admin password changed successfully %s", color.GreenString("✔"))
	}
	return err
}

func resetPassword(adminId int64, newPassword string, userSvc user.Service) error {
	password := user.Password(newPassword)
	if password.IsWeak() {
		return fmt.Errorf("new password is too short")
	}

	userQuery := user.GetUserByIDQuery{ID: adminId}
	usr, err := userSvc.GetByID(context.Background(), &userQuery)
	if err != nil {
		return fmt.Errorf("could not read user from database. Error: %v", err)
	}
	if !usr.IsAdmin {
		return ErrMustBeAdmin
	}

	passwordHashed, err := util.EncodePassword(newPassword, usr.Salt)
	if err != nil {
		return err
	}

	cmd := user.ChangeUserPasswordCommand{
		UserID:      adminId,
		NewPassword: passwordHashed,
	}

	if err := userSvc.ChangePassword(context.Background(), &cmd); err != nil {
		return fmt.Errorf("failed to update user password: %w", err)
	}

	return nil
}

var ErrMustBeAdmin = fmt.Errorf("reset-admin-password can only be used to reset an admin user account")
feat(cli): add db command to cli. 2016-07-01 05:15:47 +08:00			`package commands`

			`import (`
grafana-cli: Add ability to read password from stdin to reset admin password (#26016) * grafana-cli: Add ability to read password from stdin to reset admin password Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com> Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> 2020-07-02 22:29:10 +08:00			`"bufio"`
add context to getsignedinUser calls (#35963) Signed-off-by: bergquist <carl.bergquist@gmail.com> 2021-06-21 13:51:33 +08:00			`"context"`
feat(cli): add db command to cli. 2016-07-01 05:15:47 +08:00			`"fmt"`
grafana-cli: Add ability to read password from stdin to reset admin password (#26016) * grafana-cli: Add ability to read password from stdin to reset admin password Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com> Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> 2020-07-02 22:29:10 +08:00			`"os"`
feat(cli): add db command to cli. 2016-07-01 05:15:47 +08:00
			`"github.com/fatih/color"`
feat(grafana-cli): allow configuring admin ID for reset-admin-password (#60603) * feat(grafana-cli): add a flag to control the admin user's ID for reset-admin-password Since this is now more permissive, I've also added validation that the requested user is an admin. * slight refactor to support testing 2022-12-21 21:24:33 +08:00
feat(cli): add db command to cli. 2016-07-01 05:15:47 +08:00			`"github.com/grafana/grafana/pkg/cmd/grafana-cli/logger"`
CLI: Add command to migrate all datasources to use encrypted password fields (#17118) closes: #17107 2019-05-27 16:47:21 +08:00			`"github.com/grafana/grafana/pkg/cmd/grafana-cli/utils"`
Chore: Unite wire graphs for cli and server (#61143) * Chore: unite wire graphs for cli and server * remove cli wire once again * try to fix runner wire injection * unify runner initialisation 2023-03-17 23:36:39 +08:00			`"github.com/grafana/grafana/pkg/server"`
Chore: Split get user by ID (#52442) * Remove user from preferences, stars, orguser, team member * Fix lint * Add Delete user from org and dashboard acl * Delete user from user auth * Add DeleteUser to quota * Add test files and adjust user auth store * Rename package in wire for user auth * Import Quota Service interface in other services * do the same in tests * fix lint tests * Fix tests * Add some tests * Rename InsertUser and DeleteUser to InsertOrgUser and DeleteOrgUser * Rename DeleteUser to DeleteByUser in quota * changing a method name in few additional places * Fix in other places * Fix lint * Fix tests * Chore: Split Delete User method * Add fakes for userauth * Add mock for access control Delete User permossion, use interface * Use interface for ream guardian * Add simple fake for dashboard acl * Add go routines, clean up, use interfaces * fix lint * Update pkg/services/user/userimpl/user_test.go Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com> * Update pkg/services/user/userimpl/user_test.go Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com> * Update pkg/services/user/userimpl/user_test.go Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com> * Split get user by ID * Use new method in api * Add tests * Aplly emthod in auth info service * Fix lint and some tests * Fix get user by ID * Fix lint Remove unused fakes * Use split get user id in admin users * Use GetbyID in cli commands * Clean up after merge * Remove commented out code * Clena up imports * add back ) * Fix wire generation for runner after merge with main Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com> 2022-08-02 22:58:05 +08:00			`"github.com/grafana/grafana/pkg/services/user"`
feat(cli): add db command to cli. 2016-07-01 05:15:47 +08:00			`"github.com/grafana/grafana/pkg/util"`
			`)`

feat(grafana-cli): allow configuring admin ID for reset-admin-password (#60603) * feat(grafana-cli): add a flag to control the admin user's ID for reset-admin-password Since this is now more permissive, I've also added validation that the requested user is an admin. * slight refactor to support testing 2022-12-21 21:24:33 +08:00			`const DefaultAdminUserId = 1`
style(cli): minor fix 2016-08-25 02:27:41 +08:00
Chore: Unite wire graphs for cli and server (#61143) * Chore: unite wire graphs for cli and server * remove cli wire once again * try to fix runner wire injection * unify runner initialisation 2023-03-17 23:36:39 +08:00			`func resetPasswordCommand(c utils.CommandLine, runner server.Runner) error {`
grafana-cli: Add ability to read password from stdin to reset admin password (#26016) * grafana-cli: Add ability to read password from stdin to reset admin password Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com> Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> 2020-07-02 22:29:10 +08:00			`newPassword := ""`
feat(grafana-cli): allow configuring admin ID for reset-admin-password (#60603) * feat(grafana-cli): add a flag to control the admin user's ID for reset-admin-password Since this is now more permissive, I've also added validation that the requested user is an admin. * slight refactor to support testing 2022-12-21 21:24:33 +08:00			`adminId := int64(c.Int("user-id"))`
grafana-cli: Add ability to read password from stdin to reset admin password (#26016) * grafana-cli: Add ability to read password from stdin to reset admin password Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com> Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> 2020-07-02 22:29:10 +08:00
			`if c.Bool("password-from-stdin") {`
			`logger.Infof("New Password: ")`

			`scanner := bufio.NewScanner(os.Stdin)`
			`if ok := scanner.Scan(); !ok {`
			`if err := scanner.Err(); err != nil {`
			`return fmt.Errorf("can't read password from stdin: %w", err)`
			`}`
			`return fmt.Errorf("can't read password from stdin")`
			`}`
			`newPassword = scanner.Text()`
			`} else {`
			`newPassword = c.Args().First()`
			`}`
feat(cli): add db command to cli. 2016-07-01 05:15:47 +08:00
feat(grafana-cli): allow configuring admin ID for reset-admin-password (#60603) * feat(grafana-cli): add a flag to control the admin user's ID for reset-admin-password Since this is now more permissive, I've also added validation that the requested user is an admin. * slight refactor to support testing 2022-12-21 21:24:33 +08:00			`err := resetPassword(adminId, newPassword, runner.UserService)`
			`if err == nil {`
			`logger.Infof("\n")`
			`logger.Infof("Admin password changed successfully %s", color.GreenString("✔"))`
			`}`
			`return err`
			`}`

			`func resetPassword(adminId int64, newPassword string, userSvc user.Service) error {`
Chore: Delete password and search from models package (#62482) * Chore: Delete password and search from models package * Rename model to AdminCreateUserResponse 2023-01-31 18:04:55 +08:00			`password := user.Password(newPassword)`
feat(cli): adds command to reset admin password closes #5479 2016-12-09 22:25:02 +08:00			`if password.IsWeak() {`
grafana-cli: Upgrade to urfave/cli v2 (#22402) * grafana-cli: Upgrade to urfave/cli v2 2020-02-26 19:27:31 +08:00			`return fmt.Errorf("new password is too short")`
feat(cli): add db command to cli. 2016-07-01 05:15:47 +08:00			`}`

feat(grafana-cli): allow configuring admin ID for reset-admin-password (#60603) * feat(grafana-cli): add a flag to control the admin user's ID for reset-admin-password Since this is now more permissive, I've also added validation that the requested user is an admin. * slight refactor to support testing 2022-12-21 21:24:33 +08:00			`userQuery := user.GetUserByIDQuery{ID: adminId}`
			`usr, err := userSvc.GetByID(context.Background(), &userQuery)`
Chore: Split get user by ID (#52442) * Remove user from preferences, stars, orguser, team member * Fix lint * Add Delete user from org and dashboard acl * Delete user from user auth * Add DeleteUser to quota * Add test files and adjust user auth store * Rename package in wire for user auth * Import Quota Service interface in other services * do the same in tests * fix lint tests * Fix tests * Add some tests * Rename InsertUser and DeleteUser to InsertOrgUser and DeleteOrgUser * Rename DeleteUser to DeleteByUser in quota * changing a method name in few additional places * Fix in other places * Fix lint * Fix tests * Chore: Split Delete User method * Add fakes for userauth * Add mock for access control Delete User permossion, use interface * Use interface for ream guardian * Add simple fake for dashboard acl * Add go routines, clean up, use interfaces * fix lint * Update pkg/services/user/userimpl/user_test.go Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com> * Update pkg/services/user/userimpl/user_test.go Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com> * Update pkg/services/user/userimpl/user_test.go Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com> * Split get user by ID * Use new method in api * Add tests * Aplly emthod in auth info service * Fix lint and some tests * Fix get user by ID * Fix lint Remove unused fakes * Use split get user id in admin users * Use GetbyID in cli commands * Clean up after merge * Remove commented out code * Clena up imports * add back ) * Fix wire generation for runner after merge with main Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com> 2022-08-02 22:58:05 +08:00			`if err != nil {`
grafana-cli: Upgrade to urfave/cli v2 (#22402) * grafana-cli: Upgrade to urfave/cli v2 2020-02-26 19:27:31 +08:00			`return fmt.Errorf("could not read user from database. Error: %v", err)`
feat(cli): add db command to cli. 2016-07-01 05:15:47 +08:00			`}`
feat(grafana-cli): allow configuring admin ID for reset-admin-password (#60603) * feat(grafana-cli): add a flag to control the admin user's ID for reset-admin-password Since this is now more permissive, I've also added validation that the requested user is an admin. * slight refactor to support testing 2022-12-21 21:24:33 +08:00			`if !usr.IsAdmin {`
			`return ErrMustBeAdmin`
			`}`
feat(cli): add db command to cli. 2016-07-01 05:15:47 +08:00
Chore: Split get user by ID (#52442) * Remove user from preferences, stars, orguser, team member * Fix lint * Add Delete user from org and dashboard acl * Delete user from user auth * Add DeleteUser to quota * Add test files and adjust user auth store * Rename package in wire for user auth * Import Quota Service interface in other services * do the same in tests * fix lint tests * Fix tests * Add some tests * Rename InsertUser and DeleteUser to InsertOrgUser and DeleteOrgUser * Rename DeleteUser to DeleteByUser in quota * changing a method name in few additional places * Fix in other places * Fix lint * Fix tests * Chore: Split Delete User method * Add fakes for userauth * Add mock for access control Delete User permossion, use interface * Use interface for ream guardian * Add simple fake for dashboard acl * Add go routines, clean up, use interfaces * fix lint * Update pkg/services/user/userimpl/user_test.go Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com> * Update pkg/services/user/userimpl/user_test.go Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com> * Update pkg/services/user/userimpl/user_test.go Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com> * Split get user by ID * Use new method in api * Add tests * Aplly emthod in auth info service * Fix lint and some tests * Fix get user by ID * Fix lint Remove unused fakes * Use split get user id in admin users * Use GetbyID in cli commands * Clean up after merge * Remove commented out code * Clena up imports * add back ) * Fix wire generation for runner after merge with main Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com> 2022-08-02 22:58:05 +08:00			`passwordHashed, err := util.EncodePassword(newPassword, usr.Salt)`
pkg/util: Check errors (#19832) * pkg/util: Check errors * pkg/services: DRY up code 2019-10-23 16:40:12 +08:00			`if err != nil {`
			`return err`
			`}`
feat(cli): add db command to cli. 2016-07-01 05:15:47 +08:00
Chore: Add user service method ChangePassword (#53303) * Chore: Add user service method ChangePassword * Fix lint 2022-08-04 21:05:05 +08:00			`cmd := user.ChangeUserPasswordCommand{`
feat(grafana-cli): allow configuring admin ID for reset-admin-password (#60603) * feat(grafana-cli): add a flag to control the admin user's ID for reset-admin-password Since this is now more permissive, I've also added validation that the requested user is an admin. * slight refactor to support testing 2022-12-21 21:24:33 +08:00			`UserID: adminId,`
feat(cli): add db command to cli. 2016-07-01 05:15:47 +08:00			`NewPassword: passwordHashed,`
			`}`

feat(grafana-cli): allow configuring admin ID for reset-admin-password (#60603) * feat(grafana-cli): add a flag to control the admin user's ID for reset-admin-password Since this is now more permissive, I've also added validation that the requested user is an admin. * slight refactor to support testing 2022-12-21 21:24:33 +08:00			`if err := userSvc.ChangePassword(context.Background(), &cmd); err != nil {`
Chore: Remove Wrapf (#50128) * Chore: Remove Wrapf * Remove all Wrapf refs * Remove last Wrapf ref * Fix lint errors * Remove Wrap and Wrapf definitions * Remove unnecessary colon 2022-06-07 04:30:31 +08:00			`return fmt.Errorf("failed to update user password: %w", err)`
feat(cli): add db command to cli. 2016-07-01 05:15:47 +08:00			`}`

			`return nil`
			`}`
feat(grafana-cli): allow configuring admin ID for reset-admin-password (#60603) * feat(grafana-cli): add a flag to control the admin user's ID for reset-admin-password Since this is now more permissive, I've also added validation that the requested user is an admin. * slight refactor to support testing 2022-12-21 21:24:33 +08:00
			`var ErrMustBeAdmin = fmt.Errorf("reset-admin-password can only be used to reset an admin user account")`