Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-55084

Improve reset_password.php cli script to allow arguments

XMLWordPrintable

    • Icon: Improvement Improvement
    • Resolution: Fixed
    • Icon: Minor Minor
    • 3.2
    • 3.0.4, 3.1
    • Administration
    • MOODLE_30_STABLE, MOODLE_31_STABLE
    • MOODLE_32_STABLE
    • Hide
      Help text
      1. Open a terminal and go to your Moodle installation's root folder.
      2. Enter the following command:

        php admin/cli/reset_password.php --help
        

        • Confirm that the help text is displayed.
      3. Repeat the command, but use the short form "-h" instead.
        • Confirm that the help text is displayed.
      Password policy off, no options
      1. Go to Site administration ► Security ► Site policies
      2. Make sure that Password policy is unchecked.
      3. Open a terminal and go to your Moodle installation's root folder.
      4. Enter the following command:

        php admin/cli/reset_password.php
        

      5. Enter an non-existing user's username when prompted.
        • Confirm that you get an error about the non-existing user.
      6. Enter an existing user's username and enter a password "test" when prompted.
        • Confirm that the password is successfully changed.
      Password policy off, username only
      1. Enter the following command:

        php admin/cli/reset_password.php --username=[NONEXISTING USER]
        

      2. Enter a password when prompted.
        • Confirm that you get an error about the non-existing user.
      3. Enter the following command:

        php admin/cli/reset_password.php --username=[VALID USER]
        

      4. Enter a password when prompted.
        • Confirm that the password is successfully changed.
      5. Repeat using the above shorthand form "-u.
        • Confirm that the results are the same.
      Password policy off, password only
      1. Enter the following command:

        php admin/cli/reset_password.php --password=test
        

      2. Enter a valid user name when prompted.
        • Confirm that the password is successfully changed.
      3. Repeat using the above shorthand form "-p".
        • Confirm that the results are the same.
      Password policy off, username and password
      1. Enter the following command:

        php admin/cli/reset_password.php --username=admin --password=test
        

        • Confirm that the password is successfully changed.
      2. Repeat using the above shorthand forms "-u" and "-p.
        • Confirm that the results are the same.
      Password policy on
      1. Go to Site administration ► Security ► Site policies
      2. Tick Password policy.
      3. Enter the following command:

        php admin/cli/reset_password.php --username=admin --password=test
        

        • Confirm that you get an error message about the bad password.
      4. Enter the following command:

        php admin/cli/reset_password.php --username=admin --password=Go0dPassword!
        

        • Confirm that the password is successfully changed.
      Password policy on, ignore-password-policy
      1. Go to Site administration ► Security ► Site policies
      2. Tick Password policy.
      3. Enter the following command:

        php admin/cli/reset_password.php --username=admin --password=test --ignore-password-policy
        

        • Confirm that the password is successfully changed.
      Show
      Help text Open a terminal and go to your Moodle installation's root folder. Enter the following command: php admin/cli/reset_password.php --help Confirm that the help text is displayed. Repeat the command, but use the short form " -h " instead. Confirm that the help text is displayed. Password policy off, no options Go to Site administration ► Security ► Site policies Make sure that Password policy is unchecked. Open a terminal and go to your Moodle installation's root folder. Enter the following command: php admin/cli/reset_password.php Enter an non-existing user's username when prompted. Confirm that you get an error about the non-existing user. Enter an existing user's username and enter a password " test " when prompted. Confirm that the password is successfully changed. Password policy off, username only Enter the following command: php admin/cli/reset_password.php --username=[NONEXISTING USER] Enter a password when prompted. Confirm that you get an error about the non-existing user. Enter the following command: php admin/cli/reset_password.php --username=[VALID USER] Enter a password when prompted. Confirm that the password is successfully changed. Repeat using the above shorthand form " -u . Confirm that the results are the same. Password policy off, password only Enter the following command: php admin/cli/reset_password.php --password=test Enter a valid user name when prompted. Confirm that the password is successfully changed. Repeat using the above shorthand form " -p ". Confirm that the results are the same. Password policy off, username and password Enter the following command: php admin/cli/reset_password.php --username=admin --password=test Confirm that the password is successfully changed. Repeat using the above shorthand forms " -u " and " -p . Confirm that the results are the same. Password policy on Go to Site administration ► Security ► Site policies Tick Password policy . Enter the following command: php admin/cli/reset_password.php --username=admin --password=test Confirm that you get an error message about the bad password. Enter the following command: php admin/cli/reset_password.php --username=admin --password=Go0dPassword! Confirm that the password is successfully changed. Password policy on, ignore-password-policy Go to Site administration ► Security ► Site policies Tick Password policy . Enter the following command: php admin/cli/reset_password.php --username=admin --password=test --ignore-password-policy Confirm that the password is successfully changed.

      I needed a method to change passwords reliably from the command line without directly accessing the database, so this patch adds functionality to change passwords directly via CLI. Also needed a way to bypass password sanity checks.

      Added --username and --password to allow for resetting passwords via the CLI script.
      Also added a --badpassword entry to bypass the password integrity checks.

      Tested against 3.1

      Security issue because adding the badpassword option has security implications, however I believe the value of being able to do the wrong thing here if required is worthwhile. Users/Administrators can and should change their password via the web interface as soon as they can.

            prg3 Mark Paget [nee Paul]
            prg3 Mark Paget [nee Paul]
            Jake Dallimore Jake Dallimore
            David Monllaó David Monllaó
            Jun Pataleta Jun Pataleta
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved:

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.