Skip to content

Reset admin password CLI #8311

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Oct 14, 2020
Merged

Reset admin password CLI #8311

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
c81af9a
Init admin reset
alexandrebodin Oct 12, 2020
b8d206e
Cleanup some useless option config
alexandrebodin Oct 12, 2020
fa43dd8
Add tests
alexandrebodin Oct 13, 2020
8af6025
Add CLI documentation
alexandrebodin Oct 13, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
33 changes: 30 additions & 3 deletions docs/v3.x/cli/CLI.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,9 @@ options: [--no-run|--use-npm|--debug|--quickstart|--dbclient=<dbclient> --dbhost
- **&#60;dbssl&#62;** and **&#60;dbauth&#62;** are available only for `mongo` and are optional.
- **--dbforce** Allows you to overwrite content if the provided database is not empty. Only available for `postgres`, `mysql`, and is optional.

## strapi develop|dev
## strapi develop

**Alias**: `dev`

Start a Strapi application with autoReload enabled.

Expand Down Expand Up @@ -89,7 +91,9 @@ options: [--no-optimization]
- **strapi build --no-optimization**<br/>
Builds the administration panel without minimizing the assets. The build duration is faster.

## strapi configuration:dump|config:dump
## strapi configuration:dump

**Alias**: `config:dump`

Dumps configurations to a file or stdout to help you migrate to production.

Expand Down Expand Up @@ -120,7 +124,9 @@ In case of doubt, you should avoid committing the dump file into a versioning sy

:::

## strapi configuration:restore|config:restore
## strapi configuration:restore

**Alias**: `config:restore`

Restores a configuration dump into your application.

Expand Down Expand Up @@ -151,6 +157,27 @@ When running the restore command, you can choose from three different strategies
- **merge**: Will create missing keys and merge existing keys with their new value.
- **keep**: Will create missing keys and keep existing keys as is.

## strapi admin:reset-user-password

**Alias** `admin:reset-password`

Reset an admin user's password.
You can pass the email and new password as options or set them interactivly if you call the command without passing the options.

**Example**

```bash
strapi admin:reset-user-password --email=chef@strapi.io --password=Gourmet1234
```

**Options**

| Option | Type | Description |
| -------------- | ------ | ------------------------- |
| -e, --email | string | The user email |
| -p, --password | string | New password for the user |
| -h, --help | | display help for command |

## strapi generate:api

Scaffold a complete API with its configurations, controller, model and service.
Expand Down
2 changes: 1 addition & 1 deletion packages/create-strapi-app/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@
"index.js"
],
"dependencies": {
"commander": "^2.20.0",
"commander": "6.1.0",
"strapi-generate-new": "3.2.3"
},
"scripts": {
Expand Down
82 changes: 82 additions & 0 deletions packages/strapi-admin/services/__tests__/user.test.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -744,4 +744,86 @@ describe('User', () => {
);
});
});

describe('resetPasswordByEmail', () => {
test('Throws on missing user', async () => {
const email = 'email@email.fr';
const password = 'invalidpass';

const findOne = jest.fn(() => {
return null;
});

global.strapi = {
query() {
return {
findOne,
};
},
};

await expect(userService.resetPasswordByEmail(email, password)).rejects.toEqual(
new Error(`User not found for email: ${email}`)
);

expect(findOne).toHaveBeenCalledWith({ email }, undefined);
});

test.each(['abc', 'Abcd', 'Abcdefgh', 'Abcd123'])(
'Throws on invalid password',
async password => {
const email = 'email@email.fr';

const findOne = jest.fn(() => ({ id: 1 }));

global.strapi = {
query() {
return {
findOne,
};
},
};

await expect(userService.resetPasswordByEmail(email, password)).rejects.toEqual(
new Error(
'Invalid password. Expected a minimum of 8 characters with at least one number and one uppercase letter'
)
);

expect(findOne).toHaveBeenCalledWith({ email }, undefined);
}
);
});

test('Call the update function with the expected params', async () => {
const email = 'email@email.fr';
const password = 'Testing1234';
const hash = 'hash';
const userId = 1;

const findOne = jest.fn(() => ({ id: userId }));
const update = jest.fn();
const hashPassword = jest.fn(() => hash);

global.strapi = {
query() {
return {
findOne,
update,
};
},
admin: {
services: {
auth: {
hashPassword,
},
},
},
};

await userService.resetPasswordByEmail(email, password);
expect(findOne).toHaveBeenCalledWith({ email }, undefined);
expect(update).toHaveBeenCalledWith({ id: userId }, { password: hash });
expect(hashPassword).toHaveBeenCalledWith(password);
});
});
27 changes: 26 additions & 1 deletion packages/strapi-admin/services/user.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ const _ = require('lodash');
const { stringIncludes } = require('strapi-utils');
const { createUser, hasSuperAdminRole } = require('../domain/user');
const { SUPER_ADMIN_CODE } = require('./constants');
const { password: passwordValidator } = require('../validation/common-validators');

const sanitizeUserRoles = role => _.pick(role, ['id', 'name', 'description', 'code']);

Expand Down Expand Up @@ -43,7 +44,7 @@ const create = async attributes => {

/**
* Update a user in database
* @param params query params to find the user to update
* @param id query params to find the user to update
* @param attributes A partial user object
* @returns {Promise<user>}
*/
Expand Down Expand Up @@ -89,6 +90,29 @@ const updateById = async (id, attributes) => {
return strapi.query('user', 'admin').update({ id }, attributes);
};

/**
* Reset a user password by email. (Used in admin:reset CLI)
* @param {string} email - user email
* @param {string} password - new password
*/
const resetPasswordByEmail = async (email, password) => {
const user = await findOne({ email });

if (!user) {
throw new Error(`User not found for email: ${email}`);
}

try {
await passwordValidator.validate(password);
} catch (error) {
throw new Error(
'Invalid password. Expected a minimum of 8 characters with at least one number and one uppercase letter'
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

And a symbol no?

);
}

await updateById(user.id, { password });
};

/**
* Check if a user is the last super admin
* @param {int|string} userId user's id to look for
Expand Down Expand Up @@ -320,4 +344,5 @@ module.exports = {
assignARoleToAll,
displayWarningIfUsersDontHaveRole,
migrateUsers,
resetPasswordByEmail,
};
Loading