Added command line utility to reset user password and to disable 2FA

6 files changed, 141 insertions, 0 deletions

diff --git a/ChangeLog b/ChangeLog
index 6282ecee..398ec499 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -6,6 +6,7 @@ New features:
 * Search in activity stream
 * Search in comments
 * Search by task creator
+* Added command line utility to reset user password and to disable 2FA
 
 Improvements:
 
diff --git a/app/Console/BaseCommand.php b/app/Console/BaseCommand.php
index bf86ae0d..23cdcc9c 100644
--- a/app/Console/BaseCommand.php
+++ b/app/Console/BaseCommand.php
@@ -11,6 +11,7 @@ use Symfony\Component\Console\Command\Command;
  * @package  console
  * @author   Frederic Guillot
  *
+ * @property \Kanboard\Validator\PasswordResetValidator                 $passwordResetValidator
  * @property \Kanboard\Export\SubtaskExport                             $subtaskExport
  * @property \Kanboard\Export\TaskExport                                $taskExport
  * @property \Kanboard\Export\TransitionExport                          $transitionExport
@@ -21,6 +22,7 @@ use Symfony\Component\Console\Command\Command;
  * @property \Kanboard\Model\ProjectDailyStats                          $projectDailyStats
  * @property \Kanboard\Model\Task                                       $task
  * @property \Kanboard\Model\TaskFinder                                 $taskFinder
+ * @property \Kanboard\Model\User                                       $user
  * @property \Kanboard\Model\UserNotification                           $userNotification
  * @property \Kanboard\Model\UserNotificationFilter                     $userNotificationFilter
  * @property \Symfony\Component\EventDispatcher\EventDispatcher         $dispatcher
diff --git a/app/Console/ResetPasswordCommand.php b/app/Console/ResetPasswordCommand.php
new file mode 100644
index 00000000..93dc3761
--- /dev/null
+++ b/app/Console/ResetPasswordCommand.php
@@ -0,0 +1,79 @@
+<?php
+
+namespace Kanboard\Console;
+
+use Symfony\Component\Console\Input\InputArgument;
+use Symfony\Component\Console\Input\InputInterface;
+use Symfony\Component\Console\Output\OutputInterface;
+use Symfony\Component\Console\Question\Question;
+
+class ResetPasswordCommand extends BaseCommand
+{
+    protected function configure()
+    {
+        $this
+            ->setName('user:reset-password')
+            ->setDescription('Change user password')
+            ->addArgument('username', InputArgument::REQUIRED, 'Username')
+        ;
+    }
+
+    protected function execute(InputInterface $input, OutputInterface $output)
+    {
+        $helper = $this->getHelper('question');
+        $username = $input->getArgument('username');
+
+        $passwordQuestion = new Question('What is the new password for '.$username.'? (characters are not printed)'.PHP_EOL);
+        $passwordQuestion->setHidden(true);
+        $passwordQuestion->setHiddenFallback(false);
+
+        $password = $helper->ask($input, $output, $passwordQuestion);
+
+        $confirmationQuestion = new Question('Confirmation:'.PHP_EOL);
+        $confirmationQuestion->setHidden(true);
+        $confirmationQuestion->setHiddenFallback(false);
+
+        $confirmation = $helper->ask($input, $output, $confirmationQuestion);
+
+        if ($this->validatePassword($output, $password, $confirmation)) {
+            $this->resetPassword($output, $username, $password);
+        }
+    }
+
+    private function validatePassword(OutputInterface $output, $password, $confirmation)
+    {
+        list($valid, $errors) = $this->passwordResetValidator->validateModification(array(
+            'password' => $password,
+            'confirmation' => $confirmation,
+        ));
+
+        if (!$valid) {
+            foreach ($errors as $error_list) {
+                foreach ($error_list as $error) {
+                    $output->writeln('<error>'.$error.'</error>');
+                }
+            }
+        }
+
+        return $valid;
+    }
+
+    private function resetPassword(OutputInterface $output, $username, $password)
+    {
+        $userId = $this->user->getIdByUsername($username);
+
+        if (empty($userId)) {
+            $output->writeln('<error>User not found</error>');
+            return false;
+        }
+
+        if (!$this->user->update(array('id' => $userId, 'password' => $password))) {
+            $output->writeln('<error>Unable to update password</error>');
+            return false;
+        }
+
+        $output->writeln('<info>Password updated successfully</info>');
+
+        return true;
+    }
+}
diff --git a/app/Console/ResetTwoFactorCommand.php b/app/Console/ResetTwoFactorCommand.php
new file mode 100644
index 00000000..3bf01e81
--- /dev/null
+++ b/app/Console/ResetTwoFactorCommand.php
@@ -0,0 +1,38 @@
+<?php
+
+namespace Kanboard\Console;
+
+use Symfony\Component\Console\Input\InputArgument;
+use Symfony\Component\Console\Input\InputInterface;
+use Symfony\Component\Console\Output\OutputInterface;
+
+class ResetTwoFactorCommand extends BaseCommand
+{
+    protected function configure()
+    {
+        $this
+            ->setName('user:reset-2fa')
+            ->setDescription('Remove two-factor authentication for a user')
+            ->addArgument('username', InputArgument::REQUIRED, 'Username');
+    }
+
+    protected function execute(InputInterface $input, OutputInterface $output)
+    {
+        $username = $input->getArgument('username');
+        $userId = $this->user->getIdByUsername($username);
+
+        if (empty($userId)) {
+            $output->writeln('<error>User not found</error>');
+            return false;
+        }
+
+        if (!$this->user->update(array('id' => $userId, 'twofactor_activated' => 0, 'twofactor_secret' => ''))) {
+            $output->writeln('<error>Unable to update user profile</error>');
+            return false;
+        }
+
+        $output->writeln('<info>Two-factor authentication disabled</info>');
+
+        return true;
+    }
+}
diff --git a/doc/cli.markdown b/doc/cli.markdown
index 9334d84b..d38d8b53 100644
--- a/doc/cli.markdown
+++ b/doc/cli.markdown
@@ -45,6 +45,9 @@ Available commands:
   projects:daily-stats               Calculate daily statistics for all projects
  trigger
   trigger:tasks                      Trigger scheduler event for all tasks
+ user
+  user:reset-2fa                     Remove two-factor authentication for a user
+  user:reset-password                Change user password
 ```
 
 Available commands
@@ -147,3 +150,17 @@ This command send a "daily cronjob event" to all open tasks of each project.
 ./kanboard trigger:tasks
 Trigger task event: project_id=2, nb_tasks=1
 ```
+
+### Reset user password
+
+```bash
+./kanboard user:reset-password my_user
+```
+
+You will be prompted for a password and confirmation. Characters are not printed to the screen.
+
+### Remove two-factor authentication for a user
+
+```bash
+./kanboard user:reset-2fa my_user
+```
diff --git a/kanboard b/kanboard
index 8ac49d79..6a51c937 100755
--- a/kanboard
+++ b/kanboard
@@ -3,6 +3,8 @@
 
 require __DIR__.'/app/common.php';
 
+use Kanboard\Console\ResetPasswordCommand;
+use Kanboard\Console\ResetTwoFactorCommand;
 use Symfony\Component\Console\Application;
 use Symfony\Component\EventDispatcher\Event;
 use Kanboard\Console\TaskOverdueNotificationCommand;
@@ -29,4 +31,6 @@ $application->add(new LocaleSyncCommand($container));
 $application->add(new LocaleComparatorCommand($container));
 $application->add(new TaskTriggerCommand($container));
 $application->add(new CronjobCommand($container));
+$application->add(new ResetPasswordCommand($container));
+$application->add(new ResetTwoFactorCommand($container));
 $application->run();