GitLab使用root用户可以通过API修改其他用户的密码,但是GitLab当时有一个issue的关系,提出了一个特性就是这种场景下用户下次登录时要修改密码,基于安全的考虑倒也中规中矩。但是在于如果把GitLab封装一层,不希望用户直接使用到GitLab的时候,这个看似贴心的特性反而变得非常麻烦。这篇文章来确认一下用户使用API来修改自己的密码,是否还需要登录的时候重置密码。
目录
环境准备
- 环境准备
- 创建Token
- 创建用户
- 登录确认
- 创建新建用户的token
- 修改密码
- 文档确认
- 总结
- 参考文档
- docker-compose.yml
liumiaocn:gitlab liumiao$ cat docker-compose.yml version: '2' services: # Version Control service: Gitlab gitlab: image: gitlab/gitlab-ce:12.10.5-ce.0 ports: - "32001:80" - "30022:22" - "443:443" volumes: - ./log/:/var/log/gitlab - ./data/:/var/opt/gitlab - ./conf/:/etc/gitlab restart: "no" liumiaocn:gitlab liumiao$
- 启动服务
liumiaocn:gitlab liumiao$ docker-compose up -d Creating network "gitlab_default" with the default driver Creating gitlab_gitlab_1 ... done liumiaocn:gitlab liumiao$
- 结果确认
liumiaocn:gitlab liumiao$ docker-compose ps
Name Command State Ports
---------------------------------------------------------------------------------------------------------------------
gitlab_gitlab_1 /assets/wrapper Up (healthy) 0.0.0.0:30022->22/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:32001->80/tcp
liumiaocn:gitlab liumiao$
-
登录并修改root密码
初次登录时提示修改root密码,此处修改为liumiaocn
以root用户登录,创建root用户的token,详细信息如下:
注:此处产生的token为:Nq7GbNq3rfMhke3tgovz
liumiaocn:gitlab liumiao$ access_token="Nq7GbNq3rfMhke3tgovz"
liumiaocn:gitlab liumiao$ gitlab_url="localhost:32001"
liumiaocn:gitlab liumiao$ curl -X POST -H "PRIVATE-TOKEN: ${access_token}" http://${gitlab_url}/api/v4/users \
> -H 'cache-control: no-cache' \
> -H 'content-type: application/json' \
> -d '{ "email": "liumiaocn@outlook.com",
> "username": "liumiao",
> "password": "12341234",
> "name": "liumiao",
> "skip_confirmation": "true"
> }'
{"id":2,"name":"liumiao","username":"liumiao","state":"active","avatar_url":"https://www.gravatar.com/avatar/95c1f7ff72d71b448592a335ba80fb64?s=80\u0026d=identicon","web_url":"http://ad3812337759/liumiao","created_at":"2020-08-31T12:12:55.031Z","bio":null,"location":null,"public_email":"","skype":"","linkedin":"","twitter":"","website_url":"","organization":null,"job_title":"","work_information":null,"last_sign_in_at":null,"confirmed_at":"2020-08-31T12:12:54.839Z","last_activity_on":null,"email":"liumiaocn@outlook.com","theme_id":1,"color_scheme_id":1,"projects_limit":100000,"current_sign_in_at":null,"identities":[],"can_create_group":true,"can_create_project":true,"two_factor_enabled":false,"external":false,"private_profile":false,"is_admin":false}liumiaocn:gitlab liumiao$
liumiaocn:gitlab liumiao$
登录确认
使用上述创建的liumiao/12341234进行登录
创建新建用户liumiao的token
注:token信息为8H1SRGb-UeC_su66ckdR
使用新用户的token修改自己的密码,详细如下所示:
liumiaocn:gitlab liumiao$ access_token="8H1SRGb-UeC_su66ckdR"
liumiaocn:gitlab liumiao$ gitlab_url="localhost:32001"
liumiaocn:gitlab liumiao$ userid=2
liumiaocn:gitlab liumiao$ curl -X PUT -H "PRIVATE-TOKEN: ${access_token}" http://${gitlab_url}/api/v4/users/${userid} \
> -H 'cache-control: no-cache' \
> -H 'content-type: application/json' \
> -d '{ "password": "56785678"}'
{"message":"403 Forbidden"}liumiaocn:gitlab liumiao$
liumiaocn:gitlab liumiao$
看到官方的API使用上有个admin的选项,设定成true/false均不可,比如:
liumiaocn:gitlab liumiao$ curl -X PUT -H "PRIVATE-TOKEN: ${access_token}" http://${gitlab_url}/api/v4/users/${userid} \
> -H 'cache-control: no-cache' \
> -H 'content-type: application/json' \
> -d '{ "admin": "false",
> "password": "56785678"}'
{"message":"403 Forbidden"}liumiaocn:gitlab liumiao$
liumiaocn:gitlab liumiao$
liumiaocn:gitlab liumiao$
liumiaocn:gitlab liumiao$ curl -X PUT -H "PRIVATE-TOKEN: ${access_token}" http://${gitlab_url}/api/v4/users/${userid} \
> -H 'cache-control: no-cache' \
> -H 'content-type: application/json' \
> -d '{ "admin": "true",
> "password": "56785678"}'
{"message":"403 Forbidden"}liumiaocn:gitlab liumiao$
liumiaocn:gitlab liumiao$
文档确认
其实文档已经写的很清楚了,比如修改的头部清楚的写着:Only administrator
尾部写上,修改之后,下次login的时候需要修改密码
这篇文章验证了一下GitLab 12.10.5下,普通用户使用自己的token,用API是否能够修改自己的密码,目前验证的结果是:不可以。
参考文档https://docs.gitlab.com/ce/api/users.html
