/juju

Reset password, state layer. #7740

Merged
merged 2 commits into from Aug 15, 2017

Conversation

Reviewers

@axw axw

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
3 participants
@anastasiamac @jujubot @axw
@anastasiamac
Member

anastasiamac commented Aug 14, 2017

Description of change

This is part of the functionality to provide controller admins with ability to reset user passwords/re-issue login tokens.

QA steps

This is only one the layers, there is no full-stack funcationaliy yet. All unit tests pass.

Documentation changes

n/a
This is an internal addition atm.

Bug reference

Initial part for https://bugs.launchpad.net/juju/+bug/1657187
@axw

axw approved these changes Aug 15, 2017
View changes

state/user.go
@@ -543,6 +540,61 @@ func (u *User) ensureNotDeleted() error {
return nil
}
+// ResetPassword cleans up password related field.
@axw

axw Aug 15, 2017

Member

ResetPassword clears the user's password (if there is one), and generates a new secret key for the user.
?

@anastasiamac

anastasiamac Aug 15, 2017

Member

updated

state/user.go
+ return nil, errors.Trace(err)
+ }
+ if u.IsDisabled() {
+ return nil, fmt.Errorf("user deactivated")
@axw

axw Aug 15, 2017

Member

cannot reset password for disabled user?
or maybe add a DeferredAnnotate at the top of the function instead

@anastasiamac

anastasiamac Aug 15, 2017

Member

I am not convinced that this needs further clarification. The overall error that will come from here will be cannot reset password for user "bob": user deactivated.

@axw

axw Aug 15, 2017

Member

Agreed, I missed the fact that there's additional context below.

state/user.go
+ if err := u.st.db().Run(buildTxn); err != nil {
+ return nil, errors.Annotatef(err, "cannot reset password for user %q", u.Name())
+ }
+ u.doc.SecretKey = key
@axw

axw Aug 15, 2017

Member 
u.doc.PasswordHash = ""
u.doc.PasswordSalt = ""
@anastasiamac

anastasiamac Aug 15, 2017

Member

good point! done :D

state/user.go
+ return key, nil
+}
+
+// generateSecretKey generates a random, 32-byte secret key. This can be used
@axw

axw Aug 15, 2017

Member

can you you please delete the bit about the CA cert? we're not using it for that. not sure why it was in there before, probably copy pasta

@anastasiamac

anastasiamac Aug 15, 2017

Member

done

state/user_test.go
+
+ key, err := u.ResetPassword()
+ c.Assert(err, jc.ErrorIsNil)
+ c.Assert(u.SecretKey(), gc.DeepEquals, key)
@axw

axw Aug 15, 2017

Member

also check that PasswordValid("anything") fails here

@anastasiamac

anastasiamac Aug 15, 2017

Member

added check.

@anastasiamac
Member

anastasiamac commented Aug 15, 2017

$$merge$$
@jujubot
Contributor

jujubot commented Aug 15, 2017

Status: merge request accepted. Url: http://juju-ci.vapour.ws:8080/job/github-merge-juju

@jujubot jujubot merged commit a801c19 into juju:develop Aug 15, 2017
1 check passed

1 check passed

continuous-integration/jenkins/pr-merge This commit looks good
Details

@anastasiamac anastasiamac deleted the anastasiamac:reset-pwd-state branch Aug 15, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment