mirror of
https://github.com/grafana/grafana.git
synced 2024-11-27 03:11:01 -06:00
c90756eef5
* feat(grafana-cli): add a flag to control the admin user's ID for reset-admin-password Since this is now more permissive, I've also added validation that the requested user is an admin. * slight refactor to support testing
81 lines
2.0 KiB
Go
81 lines
2.0 KiB
Go
package commands
|
|
|
|
import (
|
|
"bufio"
|
|
"context"
|
|
"fmt"
|
|
"os"
|
|
|
|
"github.com/fatih/color"
|
|
|
|
"github.com/grafana/grafana/pkg/cmd/grafana-cli/logger"
|
|
"github.com/grafana/grafana/pkg/cmd/grafana-cli/runner"
|
|
"github.com/grafana/grafana/pkg/cmd/grafana-cli/utils"
|
|
"github.com/grafana/grafana/pkg/models"
|
|
"github.com/grafana/grafana/pkg/services/user"
|
|
"github.com/grafana/grafana/pkg/util"
|
|
)
|
|
|
|
const DefaultAdminUserId = 1
|
|
|
|
func resetPasswordCommand(c utils.CommandLine, runner runner.Runner) error {
|
|
newPassword := ""
|
|
adminId := int64(c.Int("user-id"))
|
|
|
|
if c.Bool("password-from-stdin") {
|
|
logger.Infof("New Password: ")
|
|
|
|
scanner := bufio.NewScanner(os.Stdin)
|
|
if ok := scanner.Scan(); !ok {
|
|
if err := scanner.Err(); err != nil {
|
|
return fmt.Errorf("can't read password from stdin: %w", err)
|
|
}
|
|
return fmt.Errorf("can't read password from stdin")
|
|
}
|
|
newPassword = scanner.Text()
|
|
} else {
|
|
newPassword = c.Args().First()
|
|
}
|
|
|
|
err := resetPassword(adminId, newPassword, runner.UserService)
|
|
if err == nil {
|
|
logger.Infof("\n")
|
|
logger.Infof("Admin password changed successfully %s", color.GreenString("✔"))
|
|
}
|
|
return err
|
|
}
|
|
|
|
func resetPassword(adminId int64, newPassword string, userSvc user.Service) error {
|
|
password := models.Password(newPassword)
|
|
if password.IsWeak() {
|
|
return fmt.Errorf("new password is too short")
|
|
}
|
|
|
|
userQuery := user.GetUserByIDQuery{ID: adminId}
|
|
usr, err := userSvc.GetByID(context.Background(), &userQuery)
|
|
if err != nil {
|
|
return fmt.Errorf("could not read user from database. Error: %v", err)
|
|
}
|
|
if !usr.IsAdmin {
|
|
return ErrMustBeAdmin
|
|
}
|
|
|
|
passwordHashed, err := util.EncodePassword(newPassword, usr.Salt)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
cmd := user.ChangeUserPasswordCommand{
|
|
UserID: adminId,
|
|
NewPassword: passwordHashed,
|
|
}
|
|
|
|
if err := userSvc.ChangePassword(context.Background(), &cmd); err != nil {
|
|
return fmt.Errorf("failed to update user password: %w", err)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
var ErrMustBeAdmin = fmt.Errorf("reset-admin-password can only be used to reset an admin user account")
|