From 6450ece8cf1f29ef7334fb944186bb41bf2b25b2 Mon Sep 17 00:00:00 2001
From: Marcus Eibrink-Lunzenauer <lunzenauer@elan-ev.de>
Date: Wed, 27 Mar 2024 05:51:29 +0000
Subject: [PATCH] Add `ChangePassword` CLI script.
Closes #3896
Merge request studip/studip!2754
---
cli/Commands/User/ChangePassword.php | 95 ++++++++++++++++++++++++++++
cli/studip | 1 +
2 files changed, 96 insertions(+)
create mode 100644 cli/Commands/User/ChangePassword.php
diff --git a/cli/Commands/User/ChangePassword.php b/cli/Commands/User/ChangePassword.php
new file mode 100644
index 00000000000..f9763f94398
--- /dev/null
+++ b/cli/Commands/User/ChangePassword.php
@@ -0,0 +1,95 @@
+<?php
+
+namespace Studip\Cli\Commands\User;
+
+use email_validation_class;
+use StudipLog;
+use Symfony\Component\Console\Command\Command;
+use Symfony\Component\Console\Input\InputArgument;
+use Symfony\Component\Console\Input\InputOption;
+use Symfony\Component\Console\Input\InputInterface;
+use Symfony\Component\Console\Output\OutputInterface;
+use Symfony\Component\Console\Helper\Table;
+use Symfony\Component\Console\Question\Question;
+use UserManagement;
+
+/**
+ * @SuppressWarnings(PHPMD.StaticAccess)
+ */
+class ChangePassword extends Command
+{
+ protected static $defaultName = 'user:password';
+
+ protected function configure(): void
+ {
+ $this->setDescription('Change the password of a Stud.IP user.');
+ $this->setHelp('This command will change the password of a user.');
+ $this->addArgument(
+ 'username',
+ InputArgument::REQUIRED,
+ 'The username of the user whose password will be changed.'
+ );
+ }
+
+ protected function execute(InputInterface $input, OutputInterface $output)
+ {
+ $username = $input->getArgument('username');
+
+ $user = \User::findOneBySQL('username = ?', [$username]);
+ if (!$user) {
+ $output->writeln('<error>Could not find this user.</error>');
+ return Command::FAILURE;
+ }
+
+ $helper = $this->getHelper('question');
+
+ $question = new Question('New password: ', '');
+ $question->setHidden(true);
+ $password = $helper->ask($input, $output, $question);
+
+ $question2 = new Question('Re-type password: ', '');
+ $question2->setHidden(true);
+ $password2 = $helper->ask($input, $output, $question2);
+
+ $status = $this->changePassword($user, $password, $password2);
+ if (isset($status)) {
+ $output->writeln('<error>' . $status . '</error>');
+
+ return Command::FAILURE;
+ }
+
+ return Command::SUCCESS;
+ }
+
+ private function changePassword(\User $user, string $password, string $password2): ?string
+ {
+ if ($password !== $password2) {
+ return 'Password and re-type password don\'t match.';
+ }
+
+ $validator = new email_validation_class();
+ $validator->timeout = 10;
+ if (!$validator->ValidatePassword($password)) {
+ return 'The password is too short. It should have at least 8 characters.';
+ }
+
+ if ($password === $user->username) {
+ return 'Password may not match the username.';
+ }
+
+ if (str_replace(['.', ' '], '', mb_strtolower($password)) == 'studip') {
+ return 'For security reasons the password may not be "Stud.IP" or any modification of "Stud.IP".';
+ }
+
+ $userManagement = new UserManagement($user->id);
+ $changed = $userManagement->changePassword($password);
+
+ if (!$changed) {
+ return 'The password could not be set.';
+ }
+
+ StudipLog::USER_NEWPWD($user->id, null, 'Passwort neu gesetzt', null, $user->id);
+
+ return null;
+ }
+}
diff --git a/cli/studip b/cli/studip
index 3acd4bc32a8..a46a00debd5 100755
--- a/cli/studip
+++ b/cli/studip
@@ -60,6 +60,7 @@ $commands = [
Commands\Resources\UpdateBookingIntervals::class,
Commands\SORM\DescribeModels::class,
Commands\Twillo\PrivateKeys::class,
+ Commands\User\ChangePassword::class,
Commands\User\GetUser::class,
Commands\User\UsersDelete::class,
];
--
GitLab