Skip to content

Reset Password from CLI #44

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
bbengfort merged 2 commits into from
Jan 22, 2026
Merged

Reset Password from CLI #44

bbengfort merged 2 commits into from
Jan 22, 2026

Conversation

@bbengfort
Copy link
Contributor

@bbengfort bbengfort commented Jan 22, 2026
edited
Loading

Scope of changes

Allows reset password from CLI so I can quickly change Ryan's password.

Type of change

  • new feature
  • bug fix
  • documentation
  • testing
  • technical debt
  • other (describe)

Acceptance criteria

This PR will be merged without review.

Definition of Done

  • I have manually tested the change running it locally (having rebuilt all containers) or via unit tests
  • I have added unit and/or integration tests that cover my changes
  • I have added new test fixtures as needed to support added tests
  • I have updated the dependencies list if necessary (including updating yarn.lock and/or go.sum)

github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 22, 2026
View reviewed changes
cmd/quarterdeck/main.go
fmt.Printf("signing key id: %s -- saved with PEM encoding to %s\n", keyid, out)
// Notify the user that the operation is complete.
if c.Bool("generate") {
fmt.Printf("new password for %q is: %s\n", user.Email, password)

Check failure

Code scanning / CodeQL

Clear-text logging of sensitive information High

Sensitive data returned by an access to password
Loading
flows to a logging call.
Sensitive data returned by an access to password
Loading
flows to a logging call.

Copilot Autofix

AI 9 days ago

In general, the fix is to ensure that passwords are not printed or logged in clear text. For password reset flows, you typically either (a) send the password or reset link via a secure out‑of‑band channel (email, etc.) handled elsewhere, or (b) instruct the administrator that a password has been set without echoing the value. For a CLI admin command, the least invasive change that preserves behavior is to avoid including the password itself in the fmt.Printf call, while still confirming the operation and, if needed, indicating how to obtain or deliver the password via another mechanism.

Here, the single best change without altering the functional reset logic is to modify the if c.Bool("generate") { ... } branch so it no longer includes %s with password in the output. For example, we can print a generic confirmation like: fmt.Printf("password for %q has been reset and generated\n", user.Email) or similar, which still informs the operator that a new password has been created, but does not reveal it in logs. No new imports or helpers are required; the change is isolated to the fmt.Printf line at 288 in cmd/quarterdeck/main.go.

Specifically:

  • In cmd/quarterdeck/main.go, in resetPassword, replace line 288 (fmt.Printf("new password for %q is: %s\n", user.Email, password)) with a message that does not include password. The surrounding structure and other branches remain unchanged.
  • No additional methods, structs, or external packages are necessary.
Suggested changeset 1
cmd/quarterdeck/main.go

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/cmd/quarterdeck/main.go b/cmd/quarterdeck/main.go
--- a/cmd/quarterdeck/main.go
+++ b/cmd/quarterdeck/main.go
@@ -285,7 +285,7 @@
 
 	// Notify the user that the operation is complete.
 	if c.Bool("generate") {
-		fmt.Printf("new password for %q is: %s\n", user.Email, password)
+		fmt.Printf("password for %q has been reset and generated\n", user.Email)
 	} else {
 		fmt.Printf("password for %q has been reset\n", user.Email)
 	}
EOF
@@ -285,7 +285,7 @@

// Notify the user that the operation is complete.
if c.Bool("generate") {
fmt.Printf("new password for %q is: %s\n", user.Email, password)
fmt.Printf("password for %q has been reset and generated\n", user.Email)
} else {
fmt.Printf("password for %q has been reset\n", user.Email)
}
Copilot is powered by AI and may make mistakes. Always verify output.
@bbengfort bbengfort merged commit 0c60f88 into main Jan 22, 2026
7 of 8 checks passed
@bbengfort bbengfort deleted the bb/reset-pw-cli branch January 22, 2026 02:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bbengfort