Added command line utility to reset user password and to disable 2FA

3 files changed, 119 insertions, 0 deletions

diff --git a/app/Console/BaseCommand.php b/app/Console/BaseCommand.php
index bf86ae0d..23cdcc9c 100644
--- a/app/Console/BaseCommand.php
+++ b/app/Console/BaseCommand.php
@@ -11,6 +11,7 @@ use Symfony\Component\Console\Command\Command;
  * @package  console
  * @author   Frederic Guillot
  *
+ * @property \Kanboard\Validator\PasswordResetValidator                 $passwordResetValidator
  * @property \Kanboard\Export\SubtaskExport                             $subtaskExport
  * @property \Kanboard\Export\TaskExport                                $taskExport
  * @property \Kanboard\Export\TransitionExport                          $transitionExport
@@ -21,6 +22,7 @@ use Symfony\Component\Console\Command\Command;
  * @property \Kanboard\Model\ProjectDailyStats                          $projectDailyStats
  * @property \Kanboard\Model\Task                                       $task
  * @property \Kanboard\Model\TaskFinder                                 $taskFinder
+ * @property \Kanboard\Model\User                                       $user
  * @property \Kanboard\Model\UserNotification                           $userNotification
  * @property \Kanboard\Model\UserNotificationFilter                     $userNotificationFilter
  * @property \Symfony\Component\EventDispatcher\EventDispatcher         $dispatcher
diff --git a/app/Console/ResetPasswordCommand.php b/app/Console/ResetPasswordCommand.php
new file mode 100644
index 00000000..93dc3761
--- /dev/null
+++ b/app/Console/ResetPasswordCommand.php
@@ -0,0 +1,79 @@
+<?php
+
+namespace Kanboard\Console;
+
+use Symfony\Component\Console\Input\InputArgument;
+use Symfony\Component\Console\Input\InputInterface;
+use Symfony\Component\Console\Output\OutputInterface;
+use Symfony\Component\Console\Question\Question;
+
+class ResetPasswordCommand extends BaseCommand
+{
+    protected function configure()
+    {
+        $this
+            ->setName('user:reset-password')
+            ->setDescription('Change user password')
+            ->addArgument('username', InputArgument::REQUIRED, 'Username')
+        ;
+    }
+
+    protected function execute(InputInterface $input, OutputInterface $output)
+    {
+        $helper = $this->getHelper('question');
+        $username = $input->getArgument('username');
+
+        $passwordQuestion = new Question('What is the new password for '.$username.'? (characters are not printed)'.PHP_EOL);
+        $passwordQuestion->setHidden(true);
+        $passwordQuestion->setHiddenFallback(false);
+
+        $password = $helper->ask($input, $output, $passwordQuestion);
+
+        $confirmationQuestion = new Question('Confirmation:'.PHP_EOL);
+        $confirmationQuestion->setHidden(true);
+        $confirmationQuestion->setHiddenFallback(false);
+
+        $confirmation = $helper->ask($input, $output, $confirmationQuestion);
+
+        if ($this->validatePassword($output, $password, $confirmation)) {
+            $this->resetPassword($output, $username, $password);
+        }
+    }
+
+    private function validatePassword(OutputInterface $output, $password, $confirmation)
+    {
+        list($valid, $errors) = $this->passwordResetValidator->validateModification(array(
+            'password' => $password,
+            'confirmation' => $confirmation,
+        ));
+
+        if (!$valid) {
+            foreach ($errors as $error_list) {
+                foreach ($error_list as $error) {
+                    $output->writeln('<error>'.$error.'</error>');
+                }
+            }
+        }
+
+        return $valid;
+    }
+
+    private function resetPassword(OutputInterface $output, $username, $password)
+    {
+        $userId = $this->user->getIdByUsername($username);
+
+        if (empty($userId)) {
+            $output->writeln('<error>User not found</error>');
+            return false;
+        }
+
+        if (!$this->user->update(array('id' => $userId, 'password' => $password))) {
+            $output->writeln('<error>Unable to update password</error>');
+            return false;
+        }
+
+        $output->writeln('<info>Password updated successfully</info>');
+
+        return true;
+    }
+}
diff --git a/app/Console/ResetTwoFactorCommand.php b/app/Console/ResetTwoFactorCommand.php
new file mode 100644
index 00000000..3bf01e81
--- /dev/null
+++ b/app/Console/ResetTwoFactorCommand.php
@@ -0,0 +1,38 @@
+<?php
+
+namespace Kanboard\Console;
+
+use Symfony\Component\Console\Input\InputArgument;
+use Symfony\Component\Console\Input\InputInterface;
+use Symfony\Component\Console\Output\OutputInterface;
+
+class ResetTwoFactorCommand extends BaseCommand
+{
+    protected function configure()
+    {
+        $this
+            ->setName('user:reset-2fa')
+            ->setDescription('Remove two-factor authentication for a user')
+            ->addArgument('username', InputArgument::REQUIRED, 'Username');
+    }
+
+    protected function execute(InputInterface $input, OutputInterface $output)
+    {
+        $username = $input->getArgument('username');
+        $userId = $this->user->getIdByUsername($username);
+
+        if (empty($userId)) {
+            $output->writeln('<error>User not found</error>');
+            return false;
+        }
+
+        if (!$this->user->update(array('id' => $userId, 'twofactor_activated' => 0, 'twofactor_secret' => ''))) {
+            $output->writeln('<error>Unable to update user profile</error>');
+            return false;
+        }
+
+        $output->writeln('<info>Two-factor authentication disabled</info>');
+
+        return true;
+    }
+}