Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-55084

Improve reset_password.php cli script to allow arguments

    XMLWordPrintable

Details

    • MOODLE_30_STABLE, MOODLE_31_STABLE
    • MOODLE_32_STABLE
    • Hide
      Help text
      1. Open a terminal and go to your Moodle installation's root folder.
      2. Enter the following command: 

        php admin/cli/reset_password.php --help

        • Confirm that the help text is displayed.
      3. Repeat the command, but use the short form "-h" instead.
        • Confirm that the help text is displayed.
      Password policy off, no options
      1. Go to Site administration ► Security ► Site policies
      2. Make sure that Password policy is unchecked.
      3. Open a terminal and go to your Moodle installation's root folder.
      4. Enter the following command: 

        php admin/cli/reset_password.php

      5. Enter an non-existing user's username when prompted.
        • Confirm that you get an error about the non-existing user.
      6. Enter an existing user's username and enter a password "test" when prompted.
        • Confirm that the password is successfully changed.
      Password policy off, username only
      1. Enter the following command: 

        php admin/cli/reset_password.php --username=[NONEXISTING USER]

      2. Enter a password when prompted.
        • Confirm that you get an error about the non-existing user.
      3. Enter the following command: 

        php admin/cli/reset_password.php --username=[VALID USER]

      4. Enter a password when prompted.
        • Confirm that the password is successfully changed.
      5. Repeat using the above shorthand form "-u.
        • Confirm that the results are the same.
      Password policy off, password only
      1. Enter the following command: 

        php admin/cli/reset_password.php --password=test

      2. Enter a valid user name when prompted.
        • Confirm that the password is successfully changed.
      3. Repeat using the above shorthand form "-p".
        • Confirm that the results are the same.
      Password policy off, username and password
      1. Enter the following command: 

        php admin/cli/reset_password.php --username=admin --password=test

        • Confirm that the password is successfully changed.
      2. Repeat using the above shorthand forms "-u" and "-p.
        • Confirm that the results are the same.
      Password policy on
      1. Go to Site administration ► Security ► Site policies
      2. Tick Password policy.
      3. Enter the following command: 

        php admin/cli/reset_password.php --username=admin --password=test

        • Confirm that you get an error message about the bad password.
      4. Enter the following command: 

        php admin/cli/reset_password.php --username=admin --password=Go0dPassword!

        • Confirm that the password is successfully changed.
      Password policy on, ignore-password-policy
      1. Go to Site administration ► Security ► Site policies
      2. Tick Password policy.
      3. Enter the following command: 

        php admin/cli/reset_password.php --username=admin --password=test --ignore-password-policy

        • Confirm that the password is successfully changed.
      Show
      Help text Open a terminal and go to your Moodle installation's root folder. Enter the following command: php admin/cli/reset_password.php --help Confirm that the help text is displayed. Repeat the command, but use the short form " -h " instead. Confirm that the help text is displayed. Password policy off, no options Go to Site administration ► Security ► Site policies Make sure that Password policy is unchecked. Open a terminal and go to your Moodle installation's root folder. Enter the following command: php admin/cli/reset_password.php Enter an non-existing user's username when prompted. Confirm that you get an error about the non-existing user. Enter an existing user's username and enter a password " test " when prompted. Confirm that the password is successfully changed. Password policy off, username only Enter the following command: php admin/cli/reset_password.php --username=[NONEXISTING USER] Enter a password when prompted. Confirm that you get an error about the non-existing user. Enter the following command: php admin/cli/reset_password.php --username=[VALID USER] Enter a password when prompted. Confirm that the password is successfully changed. Repeat using the above shorthand form " -u . Confirm that the results are the same. Password policy off, password only Enter the following command: php admin/cli/reset_password.php --password=test Enter a valid user name when prompted. Confirm that the password is successfully changed. Repeat using the above shorthand form " -p ". Confirm that the results are the same. Password policy off, username and password Enter the following command: php admin/cli/reset_password.php --username=admin --password=test Confirm that the password is successfully changed. Repeat using the above shorthand forms " -u " and " -p . Confirm that the results are the same. Password policy on Go to Site administration ► Security ► Site policies Tick Password policy . Enter the following command: php admin/cli/reset_password.php --username=admin --password=test Confirm that you get an error message about the bad password. Enter the following command: php admin/cli/reset_password.php --username=admin --password=Go0dPassword! Confirm that the password is successfully changed. Password policy on, ignore-password-policy Go to Site administration ► Security ► Site policies Tick Password policy . Enter the following command: php admin/cli/reset_password.php --username=admin --password=test --ignore-password-policy Confirm that the password is successfully changed.

    Description

      I needed a method to change passwords reliably from the command line without directly accessing the database, so this patch adds functionality to change passwords directly via CLI. Also needed a way to bypass password sanity checks.

      Added --username and --password to allow for resetting passwords via the CLI script.
      Also added a --badpassword entry to bypass the password integrity checks.

      Tested against 3.1

      Security issue because adding the badpassword option has security implications, however I believe the value of being able to do the wrong thing here if required is worthwhile. Users/Administrators can and should change their password via the web interface as soon as they can.

      Attachments

        Issue Links

          Testing discovered

          Bug - A problem which impairs or prevents Moodle from functioning correctly. MDL-55206 reset_password's password policy error contains div tags

          • Minor - Minor loss of function where workaround is possible
          • Closed

          Activity

            People

              prg3 Mark Paget [nee Paul]
              prg3 Mark Paget [nee Paul]
              Jake Dallimore Jake Dallimore
              David Monllaó David Monllaó
              Jun Pataleta Jun Pataleta
              Andrew Lyons, Huong Nguyen, Jun Pataleta, Michael Hawkins, Shamim Rezaie, Simey Lameze
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                5/Dec/16