coder
diff --git a/‎cli/cliui/agent.go
Lines changed: 19 additions & 0 deletions b/‎cli/cliui/agent.go
Lines changed: 19 additions & 0 deletions
diff --git a/‎cli/login.go
Lines changed: 13 additions & 0 deletions b/‎cli/login.go
Lines changed: 13 additions & 0 deletions
diff --git a/‎cli/login_test.go
Lines changed: 39 additions & 0 deletions b/‎cli/login_test.go
Lines changed: 39 additions & 0 deletions
diff --git a/‎coderd/coderd.go
Lines changed: 4 additions & 0 deletions b/‎coderd/coderd.go
Lines changed: 4 additions & 0 deletions
diff --git a/‎coderd/coderdtest/coderdtest.go
Lines changed: 10 additions & 9 deletions b/‎coderd/coderdtest/coderdtest.go
Lines changed: 10 additions & 9 deletions
diff --git a/‎coderd/database/databasefake/databasefake.go
Lines changed: 15 additions & 0 deletions b/‎coderd/database/databasefake/databasefake.go
Lines changed: 15 additions & 0 deletions
diff --git a/‎coderd/database/querier.go
Lines changed: 1 addition & 0 deletions b/‎coderd/database/querier.go
Lines changed: 1 addition & 0 deletions
diff --git a/‎coderd/database/queries.sql.go
Lines changed: 19 additions & 0 deletions b/‎coderd/database/queries.sql.go
Lines changed: 19 additions & 0 deletions
diff --git a/‎coderd/database/queries/users.sql
Lines changed: 9 additions & 1 deletion b/‎coderd/database/queries/users.sql
Lines changed: 9 additions & 1 deletion
diff --git a/‎coderd/httpmw/userparam.go
Lines changed: 0 additions & 8 deletions b/‎coderd/httpmw/userparam.go
Lines changed: 0 additions & 8 deletions
diff --git a/‎coderd/rbac/object.go
Lines changed: 4 additions & 0 deletions b/‎coderd/rbac/object.go
Lines changed: 4 additions & 0 deletions
diff --git a/‎coderd/users.go
Lines changed: 30 additions & 1 deletion b/‎coderd/users.go
Lines changed: 30 additions & 1 deletion
diff --git a/‎coderd/users_test.go
Lines changed: 38 additions & 0 deletions b/‎coderd/users_test.go
Lines changed: 38 additions & 0 deletions
diff --git a/‎codersdk/users.go
Lines changed: 18 additions & 0 deletions b/‎codersdk/users.go
Lines changed: 18 additions & 0 deletions
diff --git a/‎docs/README.md
Lines changed: 5 additions & 3 deletions b/‎docs/README.md
Lines changed: 5 additions & 3 deletions
diff --git a/‎docs/screenshot.png
520 KB b/‎docs/screenshot.png
520 KB
@@ -4,6 +4,8 @@ import (
 	"context"
 	"fmt"
 	"io"
+	"os"
+	"os/signal"
 	"sync"
 	"time"
 
@@ -46,6 +48,23 @@ func Agent(ctx context.Context, writer io.Writer, opts AgentOptions) error {
 	spin.Start()
 	defer spin.Stop()
 
+	ctx, cancelFunc := context.WithCancel(ctx)
+	defer cancelFunc()
+	stopSpin := make(chan os.Signal, 1)
+	signal.Notify(stopSpin, os.Interrupt)
+	defer signal.Stop(stopSpin)
+	go func() {
+		select {
+		case <-ctx.Done():
+			return
+		case <-stopSpin:
+		}
+		signal.Stop(stopSpin)
+		spin.Stop()
+		// nolint:revive
+		os.Exit(1)
+	}()
+
 	ticker := time.NewTicker(opts.FetchInterval)
 	defer ticker.Stop()
 	timer := time.NewTimer(opts.WarnInterval)
 
@@ -117,6 +117,19 @@ func login() *cobra.Command {
 				if err != nil {
 					return xerrors.Errorf("specify password prompt: %w", err)
 				}
+				_, err = cliui.Prompt(cmd, cliui.PromptOptions{
+					Text:   "Confirm " + cliui.Styles.Field.Render("password") + ":",
+					Secret: true,
+					Validate: func(s string) error {
+						if s != password {
+							return xerrors.Errorf("Passwords do not match")
+						}
+						return nil
+					},
+				})
+				if err != nil {
+					return xerrors.Errorf("confirm password prompt: %w", err)
+				}
 
 				_, err = client.CreateFirstUser(cmd.Context(), codersdk.CreateFirstUserRequest{
 					Email:            email,
 
@@ -43,6 +43,7 @@ func TestLogin(t *testing.T) {
 			"username", "testuser",
 			"email", "user@coder.com",
 			"password", "password",
+			"password", "password", // Confirm.
 		}
 		for i := 0; i < len(matches); i += 2 {
 			match := matches[i]
@@ -54,6 +55,44 @@ func TestLogin(t *testing.T) {
 		<-doneChan
 	})
 
+	t.Run("InitialUserTTYConfirmPasswordFailAndReprompt", func(t *testing.T) {
+		t.Parallel()
+		ctx, cancel := context.WithCancel(context.Background())
+		defer cancel()
+		client := coderdtest.New(t, nil)
+		// The --force-tty flag is required on Windows, because the `isatty` library does not
+		// accurately detect Windows ptys when they are not attached to a process:
+		// https://github.com/mattn/go-isatty/issues/59
+		doneChan := make(chan struct{})
+		root, _ := clitest.New(t, "login", "--force-tty", client.URL.String())
+		pty := ptytest.New(t)
+		root.SetIn(pty.Input())
+		root.SetOut(pty.Output())
+		go func() {
+			defer close(doneChan)
+			err := root.ExecuteContext(ctx)
+			require.ErrorIs(t, err, context.Canceled)
+		}()
+
+		matches := []string{
+			"first user?", "yes",
+			"username", "testuser",
+			"email", "user@coder.com",
+			"password", "mypass",
+			"password", "wrongpass", // Confirm.
+		}
+		for i := 0; i < len(matches); i += 2 {
+			match := matches[i]
+			value := matches[i+1]
+			pty.ExpectMatch(match)
+			pty.WriteLine(value)
+		}
+		pty.ExpectMatch("Passwords do not match")
+		pty.ExpectMatch("password") // Re-prompt password.
+		cancel()
+		<-doneChan
+	})
+
 	t.Run("ExistingUserValidTokenTTY", func(t *testing.T) {
 		t.Parallel()
 		client := coderdtest.New(t, nil)
 
@@ -240,6 +240,10 @@ func New(options *Options) (http.Handler, func()) {
 					r.Get("/", api.userByName)
 					r.Put("/profile", api.putUserProfile)
 					r.Put("/suspend", api.putUserSuspend)
+					r.Route("/password", func(r chi.Router) {
+						r.Use(httpmw.WithRBACObject(rbac.ResourceUserPasswordRole))
+						r.Put("/", authorize(api.putUserPassword, rbac.ActionUpdate))
+					})
 					r.Get("/organizations", api.organizationsByUser)
 					r.Post("/organizations", api.postOrganizationsByUser)
 					// These roles apply to the site wide permissions.
 
@@ -174,21 +174,22 @@ func NewProvisionerDaemon(t *testing.T, client *codersdk.Client) io.Closer {
 	return closer
 }
 
+var FirstUserParams = codersdk.CreateFirstUserRequest{
+	Email:            "testuser@coder.com",
+	Username:         "testuser",
+	Password:         "testpass",
+	OrganizationName: "testorg",
+}
+
 // CreateFirstUser creates a user with preset credentials and authenticates
 // with the passed in codersdk client.
 func CreateFirstUser(t *testing.T, client *codersdk.Client) codersdk.CreateFirstUserResponse {
-	req := codersdk.CreateFirstUserRequest{
-		Email:            "testuser@coder.com",
-		Username:         "testuser",
-		Password:         "testpass",
-		OrganizationName: "testorg",
-	}
-	resp, err := client.CreateFirstUser(context.Background(), req)
+	resp, err := client.CreateFirstUser(context.Background(), FirstUserParams)
 	require.NoError(t, err)
 
 	login, err := client.LoginWithPassword(context.Background(), codersdk.LoginWithPasswordRequest{
-		Email:    req.Email,
-		Password: req.Password,
+		Email:    FirstUserParams.Email,
+		Password: FirstUserParams.Password,
 	})
 	require.NoError(t, err)
 	client.SessionToken = login.SessionToken
 
@@ -1314,6 +1314,21 @@ func (q *fakeQuerier) UpdateUserStatus(_ context.Context, arg database.UpdateUse
 	return database.User{}, sql.ErrNoRows
 }
 
+func (q *fakeQuerier) UpdateUserHashedPassword(_ context.Context, arg database.UpdateUserHashedPasswordParams) error {
+	q.mutex.Lock()
+	defer q.mutex.Unlock()
+
+	for i, user := range q.users {
+		if user.ID != arg.ID {
+			continue
+		}
+		user.HashedPassword = arg.HashedPassword
+		q.users[i] = user
+		return nil
+	}
+	return sql.ErrNoRows
+}
+
 func (q *fakeQuerier) InsertWorkspace(_ context.Context, arg database.InsertWorkspaceParams) (database.Workspace, error) {
 	q.mutex.Lock()
 	defer q.mutex.Unlock()
 
@@ -59,6 +59,14 @@ WHERE
  	id = @id
 RETURNING *;
 
+-- name: UpdateUserHashedPassword :exec
+UPDATE
+	users
+SET
+	hashed_password = $2
+WHERE
+	id = $1;
+
 -- name: GetUsers :many
 SELECT
 	*
@@ -133,4 +141,4 @@ FROM
 LEFT JOIN organization_members
 	ON id = user_id
 WHERE
-    id = @user_id;
+    id = @user_id;
@@ -76,14 +76,6 @@ func ExtractUserParam(db database.Store) func(http.Handler) http.Handler {
 				}
 			}
 
-			apiKey := APIKey(r)
-			if apiKey.UserID != user.ID {
-				httpapi.Write(rw, http.StatusBadRequest, httpapi.Response{
-					Message: "getting non-personal users isn't supported yet",
-				})
-				return
-			}
-
 			ctx := context.WithValue(r.Context(), userParamContextKey{}, user)
 			next.ServeHTTP(rw, r.WithContext(ctx))
 		})
 
@@ -24,6 +24,10 @@ var (
 		Type: "user_role",
 	}
 
+	ResourceUserPasswordRole = Object{
+		Type: "user_password",
+	}
+
 	// ResourceWildcard represents all resource types
 	ResourceWildcard = Object{
 		Type: WildcardSymbol,
 
@@ -360,6 +360,36 @@ func (api *api) putUserSuspend(rw http.ResponseWriter, r *http.Request) {
 	httpapi.Write(rw, http.StatusOK, convertUser(suspendedUser, organizations))
 }
 
+func (api *api) putUserPassword(rw http.ResponseWriter, r *http.Request) {
+        var (
+                user  = httpmw.UserParam(r)
+                params codersdk.UpdateUserPasswordRequest
+        )
+	if !httpapi.Read(rw, r, &params) {
+		return
+	}
+
+	hashedPassword, err := userpassword.Hash(params.Password)
+	if err != nil {
+		httpapi.Write(rw, http.StatusInternalServerError, httpapi.Response{
+			Message: fmt.Sprintf("hash password: %s", err.Error()),
+		})
+		return
+	}
+	err = api.Database.UpdateUserHashedPassword(r.Context(), database.UpdateUserHashedPasswordParams{
+		ID:             user.ID,
+		HashedPassword: []byte(hashedPassword),
+	})
+	if err != nil {
+		httpapi.Write(rw, http.StatusInternalServerError, httpapi.Response{
+			Message: fmt.Sprintf("put user password: %s", err.Error()),
+		})
+		return
+	}
+
+	httpapi.Write(rw, http.StatusNoContent, nil)
+}
+
 func (api *api) userRoles(rw http.ResponseWriter, r *http.Request) {
 	user := httpmw.UserParam(r)
 
@@ -577,7 +607,6 @@ func (api *api) postLogin(rw http.ResponseWriter, r *http.Request) {
 	}
 
 	// If the user doesn't exist, it will be a default struct.
-
 	equal, err := userpassword.Compare(string(user.HashedPassword), loginWithPassword.Password)
 	if err != nil {
 		httpapi.Write(rw, http.StatusInternalServerError, httpapi.Response{
 
@@ -287,6 +287,44 @@ func TestUpdateUserProfile(t *testing.T) {
 	})
 }
 
+func TestUpdateUserPassword(t *testing.T) {
+	t.Parallel()
+
+	t.Run("MemberCantUpdateAdminPassword", func(t *testing.T) {
+		t.Parallel()
+		client := coderdtest.New(t, nil)
+		admin := coderdtest.CreateFirstUser(t, client)
+		member := coderdtest.CreateAnotherUser(t, client, admin.OrganizationID)
+		err := member.UpdateUserPassword(context.Background(), admin.UserID, codersdk.UpdateUserPasswordRequest{
+			Password: "newpassword",
+		})
+		require.Error(t, err, "member should not be able to update admin password")
+	})
+
+	t.Run("AdminCanUpdateMemberPassword", func(t *testing.T) {
+		t.Parallel()
+		client := coderdtest.New(t, nil)
+		admin := coderdtest.CreateFirstUser(t, client)
+		member, err := client.CreateUser(context.Background(), codersdk.CreateUserRequest{
+			Email:          "coder@coder.com",
+			Username:       "coder",
+			Password:       "password",
+			OrganizationID: admin.OrganizationID,
+		})
+		require.NoError(t, err, "create member")
+		err = client.UpdateUserPassword(context.Background(), member.ID, codersdk.UpdateUserPasswordRequest{
+			Password: "newpassword",
+		})
+		require.NoError(t, err, "admin should be able to update member password")
+		// Check if the member can login using the new password
+		_, err = client.LoginWithPassword(context.Background(), codersdk.LoginWithPasswordRequest{
+			Email:    "coder@coder.com",
+			Password: "newpassword",
+		})
+		require.NoError(t, err, "member should login successfully with the new password")
+	})
+}
+
 func TestGrantRoles(t *testing.T) {
 	t.Parallel()
 	t.Run("UpdateIncorrectRoles", func(t *testing.T) {
 
@@ -72,6 +72,10 @@ type UpdateUserProfileRequest struct {
 	Username string `json:"username" validate:"required,username"`
 }
 
+type UpdateUserPasswordRequest struct {
+	Password string `json:"password" validate:"required"`
+}
+
 type UpdateRoles struct {
 	Roles []string `json:"roles" validate:"required"`
 }
@@ -181,6 +185,20 @@ func (c *Client) SuspendUser(ctx context.Context, userID uuid.UUID) (User, error
 	return user, json.NewDecoder(res.Body).Decode(&user)
 }
 
+// UpdateUserPassword updates a user password.
+// It calls PUT /users/{user}/password
+func (c *Client) UpdateUserPassword(ctx context.Context, userID uuid.UUID, req UpdateUserPasswordRequest) error {
+	res, err := c.request(ctx, http.MethodPut, fmt.Sprintf("/api/v2/users/%s/password", uuidOrMe(userID)), req)
+	if err != nil {
+		return err
+	}
+	defer res.Body.Close()
+	if res.StatusCode != http.StatusNoContent {
+		return readBodyAsError(res)
+	}
+	return nil
+}
+
 // UpdateUserRoles grants the userID the specified roles.
 // Include ALL roles the user has.
 func (c *Client) UpdateUserRoles(ctx context.Context, userID uuid.UUID, req UpdateRoles) (User, error) {
 
@@ -10,6 +10,8 @@ Follow](https://img.shields.io/twitter/follow/CoderHQ?label=%40CoderHQ&style=soc
 
 Provision remote development environments with Terraform.
 
+![Kubernetes workspace in Coder v2](./screenshot.png)
+
 ## Highlights
 
 - Automate development environments for Linux, Windows, and macOS
@@ -100,6 +102,6 @@ Read the [contributing docs](./CONTRIBUTING.md).
 
 <!--- Add your row by date (mm/dd/yyyy), most recent date at end of list --->
 
-| Name          | Start Date | First PR Date |Organization|                GitHub User Link |
-| ------------- | :--------: | :-----------: |:----------:| ------------------------------: |
-| Mathias Fredriksson | 04/25/2022 | 04/25/2022 | [Coder](https://github.com/coder) | [mafredri](https://github.com/mafredri) |
+| Name                | Start Date | First PR Date |           Organization            |                        GitHub User Link |
+| ------------------- | :--------: | :-----------: | :-------------------------------: | --------------------------------------: |
+| Mathias Fredriksson | 04/25/2022 |  04/25/2022   | [Coder](https://github.com/coder) | [mafredri](https://github.com/mafredri) |
Original file line number	Diff line number	Diff line change
`@@ -76,14 +76,6 @@ func ExtractUserParam(db database.Store) func(http.Handler) http.Handler {`
`76`	`76`	`}`
`77`	`77`	`}`
`78`	`78`
`79`		`- apiKey := APIKey(r)`
`80`		`- if apiKey.UserID != user.ID {`
`81`		`- httpapi.Write(rw, http.StatusBadRequest, httpapi.Response{`
`82`		`- Message: "getting non-personal users isn't supported yet",`
`83`		`- })`
`84`		`- return`
`85`		`- }`
`86`		`-`
`87`	`79`	`ctx := context.WithValue(r.Context(), userParamContextKey{}, user)`
`88`	`80`	`next.ServeHTTP(rw, r.WithContext(ctx))`
`89`	`81`	`})`