Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-55084

Improve reset_password.php cli script to allow arguments

    XMLWordPrintable

    Details

    • Testing Instructions:
      Hide
      Help text
      1. Open a terminal and go to your Moodle installation's root folder.
      2. Enter the following command:

        php admin/cli/reset_password.php --help
        

        • Confirm that the help text is displayed.
      3. Repeat the command, but use the short form "-h" instead.
        • Confirm that the help text is displayed.
      Password policy off, no options
      1. Go to Site administration ► Security ► Site policies
      2. Make sure that Password policy is unchecked.
      3. Open a terminal and go to your Moodle installation's root folder.
      4. Enter the following command:

        php admin/cli/reset_password.php
        

      5. Enter an non-existing user's username when prompted.
        • Confirm that you get an error about the non-existing user.
      6. Enter an existing user's username and enter a password "test" when prompted.
        • Confirm that the password is successfully changed.
      Password policy off, username only
      1. Enter the following command:

        php admin/cli/reset_password.php --username=[NONEXISTING USER]
        

      2. Enter a password when prompted.
        • Confirm that you get an error about the non-existing user.
      3. Enter the following command:

        php admin/cli/reset_password.php --username=[VALID USER]
        

      4. Enter a password when prompted.
        • Confirm that the password is successfully changed.
      5. Repeat using the above shorthand form "-u.
        • Confirm that the results are the same.
      Password policy off, password only
      1. Enter the following command:

        php admin/cli/reset_password.php --password=test
        

      2. Enter a valid user name when prompted.
        • Confirm that the password is successfully changed.
      3. Repeat using the above shorthand form "-p".
        • Confirm that the results are the same.
      Password policy off, username and password
      1. Enter the following command:

        php admin/cli/reset_password.php --username=admin --password=test
        

        • Confirm that the password is successfully changed.
      2. Repeat using the above shorthand forms "-u" and "-p.
        • Confirm that the results are the same.
      Password policy on
      1. Go to Site administration ► Security ► Site policies
      2. Tick Password policy.
      3. Enter the following command:

        php admin/cli/reset_password.php --username=admin --password=test
        

        • Confirm that you get an error message about the bad password.
      4. Enter the following command:

        php admin/cli/reset_password.php --username=admin --password=Go0dPassword!
        

        • Confirm that the password is successfully changed.
      Password policy on, ignore-password-policy
      1. Go to Site administration ► Security ► Site policies
      2. Tick Password policy.
      3. Enter the following command:

        php admin/cli/reset_password.php --username=admin --password=test --ignore-password-policy
        

        • Confirm that the password is successfully changed.
      Show
      Help text Open a terminal and go to your Moodle installation's root folder. Enter the following command: php admin/cli/reset_password.php --help Confirm that the help text is displayed. Repeat the command, but use the short form " -h " instead. Confirm that the help text is displayed. Password policy off, no options Go to Site administration ► Security ► Site policies Make sure that Password policy is unchecked. Open a terminal and go to your Moodle installation's root folder. Enter the following command: php admin/cli/reset_password.php Enter an non-existing user's username when prompted. Confirm that you get an error about the non-existing user. Enter an existing user's username and enter a password " test " when prompted. Confirm that the password is successfully changed. Password policy off, username only Enter the following command: php admin/cli/reset_password.php --username=[NONEXISTING USER] Enter a password when prompted. Confirm that you get an error about the non-existing user. Enter the following command: php admin/cli/reset_password.php --username=[VALID USER] Enter a password when prompted. Confirm that the password is successfully changed. Repeat using the above shorthand form " -u . Confirm that the results are the same. Password policy off, password only Enter the following command: php admin/cli/reset_password.php --password=test Enter a valid user name when prompted. Confirm that the password is successfully changed. Repeat using the above shorthand form " -p ". Confirm that the results are the same. Password policy off, username and password Enter the following command: php admin/cli/reset_password.php --username=admin --password=test Confirm that the password is successfully changed. Repeat using the above shorthand forms " -u " and " -p . Confirm that the results are the same. Password policy on Go to Site administration ► Security ► Site policies Tick Password policy . Enter the following command: php admin/cli/reset_password.php --username=admin --password=test Confirm that you get an error message about the bad password. Enter the following command: php admin/cli/reset_password.php --username=admin --password=Go0dPassword! Confirm that the password is successfully changed. Password policy on, ignore-password-policy Go to Site administration ► Security ► Site policies Tick Password policy . Enter the following command: php admin/cli/reset_password.php --username=admin --password=test --ignore-password-policy Confirm that the password is successfully changed.
    • Affected Branches:
      MOODLE_30_STABLE, MOODLE_31_STABLE
    • Fixed Branches:
      MOODLE_32_STABLE
    • Pull from Repository:
    • Pull Master Branch:

      Description

      I needed a method to change passwords reliably from the command line without directly accessing the database, so this patch adds functionality to change passwords directly via CLI. Also needed a way to bypass password sanity checks.

      Added --username and --password to allow for resetting passwords via the CLI script.
      Also added a --badpassword entry to bypass the password integrity checks.

      Tested against 3.1

      Security issue because adding the badpassword option has security implications, however I believe the value of being able to do the wrong thing here if required is worthwhile. Users/Administrators can and should change their password via the web interface as soon as they can.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              prg3 Mark Paget [nee Paul]
              Reporter:
              prg3 Mark Paget [nee Paul]
              Peer reviewer:
              Jake Dallimore
              Integrator:
              David Monllaó
              Tester:
              Jun Pataleta
              Participants:
              Component watchers:
              Andrew Nicols, Jun Pataleta, Michael Hawkins, Shamim Rezaie, Simey Lameze
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Fix Release Date:
                5/Dec/16