CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 17:52:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

Revert "Support CLI changing of a user's password without disabling existing auth settings for that user"

Browse Source 
This reverts commit b25b6f7bf2.
This commit is contained in:
Jason Ertel
2025-02-18 12:41:41 -05:00
parent b25b6f7bf2
commit 23ab8983f7
1 changed files with 1 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
salt/manager/tools/sbin/so-user
View File

@@ -46,11 +46,10 @@ function usage() {
Optional parameters: Optional parameters:
--skip-sync (defers the Elastic sync until the next scheduled time) --skip-sync (defers the Elastic sync until the next scheduled time)
password: Updates a user's password and disables MFA, SSO, etc password: Updates a user's password and disables MFA
Required parameters: Required parameters:
--email <email> --email <email>
Optional parameters: Optional parameters:
--password-only (only updates the password, does not disable MFA or SSO)
--skip-sync (defers the Elastic sync until the next scheduled time) --skip-sync (defers the Elastic sync until the next scheduled time)
profile: Updates a user's profile information profile: Updates a user's profile information
@@ -120,8 +119,6 @@ while [[ $# -gt 0 ]]; do
note=$(echo $1 | sed 's/"/\\"/g') note=$(echo $1 | sed 's/"/\\"/g')
shift shift
;; ;;
--password-only)
passwordOnly=1
--skip-sync) --skip-sync)
SKIP_SYNC=1 SKIP_SYNC=1
;; ;;
@@ -239,11 +236,6 @@ function updatePassword() {
# Update DB with new hash # Update DB with new hash
echo "update identity_credentials set config=CAST('{\"hashed_password\":\"$passwordHash\"}' as BLOB), created_at=datetime('now'), updated_at=datetime('now') where identity_id='${identityId}' and identity_credential_type_id=(select id from identity_credential_types where name='password');" | sqlite3 -cmd ".timeout ${databaseTimeout}" "$databasePath" echo "update identity_credentials set config=CAST('{\"hashed_password\":\"$passwordHash\"}' as BLOB), created_at=datetime('now'), updated_at=datetime('now') where identity_id='${identityId}' and identity_credential_type_id=(select id from identity_credential_types where name='password');" | sqlite3 -cmd ".timeout ${databaseTimeout}" "$databasePath"
[[ $? != 0 ]] && fail "Unable to update password" [[ $? != 0 ]] && fail "Unable to update password"
if [[ $passwordOnly -eq 1 ]]; then
return
fi
# Deactivate MFA # Deactivate MFA
echo "delete from identity_credential_identifiers where identity_credential_id in (select id from identity_credentials where identity_id='${identityId}' and identity_credential_type_id in (select id from identity_credential_types where name in ('totp', 'webauthn', 'oidc')));" | sqlite3 -cmd ".timeout ${databaseTimeout}" "$databasePath" echo "delete from identity_credential_identifiers where identity_credential_id in (select id from identity_credentials where identity_id='${identityId}' and identity_credential_type_id in (select id from identity_credential_types where name in ('totp', 'webauthn', 'oidc')));" | sqlite3 -cmd ".timeout ${databaseTimeout}" "$databasePath"
[[ $? != 0 ]] && fail "Unable to clear aal2 identity IDs" [[ $? != 0 ]] && fail "Unable to clear aal2 identity IDs"