Integrate password reset

2023-01-31 22:03:36 +01:00 · 2023-01-31 22:03:36 +01:00 · 07c369b46c
parent 94acd6205d
commit 07c369b46c
4 changed files with 69 additions and 19 deletions
--- a/backend/db/migrations/20220414171336_create_users.sql
+++ b/backend/db/migrations/20220414171336_create_users.sql
@ -23,6 +23,8 @@ CREATE TABLE users(
  id serial PRIMARY KEY,
  username text UNIQUE NOT NULL,
  password_hash text NOT NULL,
+  initial_password text NOT NULL,
+  password_changed boolean NOT NULL,
  first_name text NOT NULL,
  last_name text NOT NULL,
  role user_roles NOT NULL,
--- a/backend/src/backend/cli.cr
+++ b/backend/src/backend/cli.cr
@ -86,12 +86,14 @@ module Backend
              )
            )
            user = Db::User.create!({
-              username:   s.username,
-              password:   password,
-              first_name: s.first_name,
-              last_name:  s.last_name,
-              role:       Db::UserRole::Student,
-              admin:      false,
+              username:         s.username,
+              password:         password,
+              initial_password: password,
+              password_changed: false,
+              first_name:       s.first_name,
+              last_name:        s.last_name,
+              role:             Db::UserRole::Student,
+              admin:            false,
            })
            Db::Student.create!({
              user_id:  user.id,
@ -112,12 +114,14 @@ module Backend
            )

            Db::User.new({
-              username:   t.username,
-              password:   password,
-              first_name: t.first_name,
-              last_name:  t.last_name,
-              role:       Db::UserRole::Teacher,
-              admin:      false,
+              username:         t.username,
+              password:         password,
+              initial_password: password,
+              password_changed: false,
+              first_name:       t.first_name,
+              last_name:        t.last_name,
+              role:             Db::UserRole::Teacher,
+              admin:            false,
            })
          end
        )
@ -162,21 +166,22 @@ module Backend
    # ameba:disable Lint/ShadowingOuterLocalVar
    cmd.commands.add do |cmd|
      cmd.use = "user:export"
-      cmd.short = "Generates report for all users and resets their password"
+      cmd.short = "Generates report for all users"
      cmd.long = cmd.short

      cmd.run do
-        print "Do you really want to reset all passwords? [y/N] "
-        exit unless gets(chomp: true).not_nil!.strip.to_b
+        # print "Do you really want to reset all passwords? [y/N] "
+        # exit unless gets(chomp: true).not_nil!.strip.to_b

        time = Time.local

        students = [] of Templates::Users::Student
        teachers = [] of Templates::Users::User
        Db::User.query.each do |user|
-          password = Password.generate(Password::DEFAULT_LEN)
-          user.password = password
-          user.save!
+          # password = Password.generate(Password::DEFAULT_LEN)
+          # user.password = password
+          # user.save!
+          password = user.password_changed ? nil : user.initial_password
          case user.role.to_api
          in Api::Schema::UserRole::Student
            students << Templates::Users::Student.new(
@ -235,5 +240,46 @@ module Backend
        puts table
      end
    end
+
+    # ameba:disable Lint/ShadowingOuterLocalVar
+    cmd.commands.add do |cmd|
+      cmd.use = "user:reset <id>"
+      cmd.short = "Reset user's password"
+      cmd.long = cmd.short
+
+      cmd.run do |_opts, args|
+        user = Db::User.find!(args[0].to_i)
+        puts "Changing password for user:"
+        table = Tallboy.table do
+          header ["id", "username", "first_name", "last_name", "role", "admin"]
+
+          row [
+            user.id,
+            user.username,
+            user.first_name,
+            user.last_name,
+            user.role,
+            user.admin,
+          ]
+        end
+        puts table
+
+        print "New password: "
+        new_password = gets(chomp: true).not_nil!
+        puts "New password is: \"#{Regex.escape(new_password)}\""
+        print "Reenter new password: "
+        if gets(chomp: true).not_nil! == new_password
+          user.password = new_password
+          user.password_changed = true
+          user.save!
+
+          Db::Token.query
+            .where { user_id == user.id }
+            .to_update
+            .set(active: false)
+            .execute
+        end
+      end
+    end
  end
 end
--- a/backend/src/backend/db/user.cr
+++ b/backend/src/backend/db/user.cr
@ -28,6 +28,8 @@ module Backend::Db

    column username : String
    column password_hash : Crypto::Bcrypt::Password
+    column initial_password : String
+    column password_changed : Bool = false
    column first_name : String
    column last_name : String
    column role : UserRole
--- a/backend/src/backend/templates/users.cr
+++ b/backend/src/backend/templates/users.cr
@ -9,7 +9,7 @@ class Backend::Templates::Users
      @first_name : String,
      @last_name : String,
      @username : String,
-      @password : String
+      @password : String?
    )
    end
  end