GitLab: 普通用户是否可以使用API方式修改自己的密码

迷南。 2022-12-02 15:16 355阅读 0赞

![在这里插入图片描述][watermark_type_ZmFuZ3poZW5naGVpdGk_shadow_10_text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L2xpdW1pYW9jbg_size_16_color_FFFFFF_t_70_pic_center_pic_center]

GitLab使用root用户可以通过API修改其他用户的密码，但是GitLab当时有一个issue的关系，提出了一个特性就是这种场景下用户下次登录时要修改密码，基于安全的考虑倒也中规中矩。但是在于如果把GitLab封装一层，不希望用户直接使用到GitLab的时候，这个看似贴心的特性反而变得非常麻烦。这篇文章来确认一下用户使用API来修改自己的密码，是否还需要登录的时候重置密码。

### 目录 ###

*  环境准备
 *  创建Token
 *  创建用户
 *  登录确认
 *  创建新建用户的token
 *  修改密码
 *  文档确认
 *  总结
 *  参考文档

--------------------

# 环境准备 #

*  docker-compose.yml

liumiaocn:gitlab liumiao$ cat docker-compose.yml 
    version: '2'    
    services:
      # Version Control service: Gitlab
      gitlab:
        image: gitlab/gitlab-ce:12.10.5-ce.0
        ports:
          - "32001:80"
          - "30022:22"
          - "443:443"
        volumes:
          - ./log/:/var/log/gitlab
          - ./data/:/var/opt/gitlab
          - ./conf/:/etc/gitlab
        restart: "no"
    liumiaocn:gitlab liumiao$

*  启动服务

liumiaocn:gitlab liumiao$ docker-compose up -d
    Creating network "gitlab_default" with the default driver
    Creating gitlab_gitlab_1 ... done
    liumiaocn:gitlab liumiao$

*  结果确认

liumiaocn:gitlab liumiao$ docker-compose ps
         Name             Command          State                                     Ports                               
    ---------------------------------------------------------------------------------------------------------------------
    gitlab_gitlab_1   /assets/wrapper   Up (healthy)   0.0.0.0:30022->22/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:32001->80/tcp
    liumiaocn:gitlab liumiao$

*  登录并修改root密码  
    初次登录时提示修改root密码，此处修改为liumiaocn  
    ![在这里插入图片描述][watermark_type_ZmFuZ3poZW5naGVpdGk_shadow_10_text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L2xpdW1pYW9jbg_size_16_color_FFFFFF_t_70_pic_center]

--------------------

# 创建Token #

以root用户登录，创建root用户的token，详细信息如下：  
![在这里插入图片描述][watermark_type_ZmFuZ3poZW5naGVpdGk_shadow_10_text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L2xpdW1pYW9jbg_size_16_color_FFFFFF_t_70_pic_center 1]  
注：此处产生的token为：Nq7GbNq3rfMhke3tgovz

--------------------

# 创建用户 #

liumiaocn:gitlab liumiao$ access_token="Nq7GbNq3rfMhke3tgovz"
    liumiaocn:gitlab liumiao$ gitlab_url="localhost:32001"
    liumiaocn:gitlab liumiao$ curl -X POST -H "PRIVATE-TOKEN: ${access_token}" http://${gitlab_url}/api/v4/users \
    >   -H 'cache-control: no-cache' \
    >   -H 'content-type: application/json' \
    >   -d '{ "email": "liumiaocn@outlook.com",
    >   "username": "liumiao",
    >   "password": "12341234",
    >   "name": "liumiao",
    >   "skip_confirmation": "true"
    > }'
    {"id":2,"name":"liumiao","username":"liumiao","state":"active","avatar_url":"https://www.gravatar.com/avatar/95c1f7ff72d71b448592a335ba80fb64?s=80\u0026d=identicon","web_url":"http://ad3812337759/liumiao","created_at":"2020-08-31T12:12:55.031Z","bio":null,"location":null,"public_email":"","skype":"","linkedin":"","twitter":"","website_url":"","organization":null,"job_title":"","work_information":null,"last_sign_in_at":null,"confirmed_at":"2020-08-31T12:12:54.839Z","last_activity_on":null,"email":"liumiaocn@outlook.com","theme_id":1,"color_scheme_id":1,"projects_limit":100000,"current_sign_in_at":null,"identities":[],"can_create_group":true,"can_create_project":true,"two_factor_enabled":false,"external":false,"private_profile":false,"is_admin":false}liumiaocn:gitlab liumiao$ 
    liumiaocn:gitlab liumiao$

# 登录确认 #

使用上述创建的liumiao/12341234进行登录  
![在这里插入图片描述][watermark_type_ZmFuZ3poZW5naGVpdGk_shadow_10_text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L2xpdW1pYW9jbg_size_16_color_FFFFFF_t_70_pic_center 2]

# 创建新建用户的token #

创建新建用户liumiao的token  
![在这里插入图片描述][watermark_type_ZmFuZ3poZW5naGVpdGk_shadow_10_text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L2xpdW1pYW9jbg_size_16_color_FFFFFF_t_70_pic_center 3]  
注：token信息为8H1SRGb-UeC\_su66ckdR

--------------------

# 修改密码 #

使用新用户的token修改自己的密码，详细如下所示：

liumiaocn:gitlab liumiao$ access_token="8H1SRGb-UeC_su66ckdR"
    liumiaocn:gitlab liumiao$ gitlab_url="localhost:32001"
    liumiaocn:gitlab liumiao$ userid=2
    liumiaocn:gitlab liumiao$ curl -X PUT -H "PRIVATE-TOKEN: ${access_token}" http://${gitlab_url}/api/v4/users/${userid} \
    >   -H 'cache-control: no-cache' \
    >   -H 'content-type: application/json' \
    >   -d '{ "password": "56785678"}'
    {"message":"403 Forbidden"}liumiaocn:gitlab liumiao$ 
    liumiaocn:gitlab liumiao$

看到官方的API使用上有个admin的选项，设定成true/false均不可，比如：

liumiaocn:gitlab liumiao$ curl -X PUT -H "PRIVATE-TOKEN: ${access_token}" http://${gitlab_url}/api/v4/users/${userid} \
    >   -H 'cache-control: no-cache' \
    >   -H 'content-type: application/json' \
    >   -d '{ "admin": "false",
    >   "password": "56785678"}'
    {"message":"403 Forbidden"}liumiaocn:gitlab liumiao$ 
    liumiaocn:gitlab liumiao$ 
    liumiaocn:gitlab liumiao$ 
    liumiaocn:gitlab liumiao$ curl -X PUT -H "PRIVATE-TOKEN: ${access_token}" http://${gitlab_url}/api/v4/users/${userid} \
    >   -H 'cache-control: no-cache' \
    >   -H 'content-type: application/json' \
    >   -d '{ "admin": "true",
    >   "password": "56785678"}'
    {"message":"403 Forbidden"}liumiaocn:gitlab liumiao$ 
    liumiaocn:gitlab liumiao$

--------------------

# 文档确认 #

其实文档已经写的很清楚了，比如修改的头部清楚的写着：Only administrator  
![在这里插入图片描述][watermark_type_ZmFuZ3poZW5naGVpdGk_shadow_10_text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L2xpdW1pYW9jbg_size_16_color_FFFFFF_t_70_pic_center 4]  
尾部写上，修改之后，下次login的时候需要修改密码  
![在这里插入图片描述][watermark_type_ZmFuZ3poZW5naGVpdGk_shadow_10_text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L2xpdW1pYW9jbg_size_16_color_FFFFFF_t_70_pic_center 5]

# 总结 #

这篇文章验证了一下GitLab 12.10.5下，普通用户使用自己的token，用API是否能够修改自己的密码，目前验证的结果是：不可以。

--------------------

# 参考文档 #

https://docs.gitlab.com/ce/api/users.html

[watermark_type_ZmFuZ3poZW5naGVpdGk_shadow_10_text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L2xpdW1pYW9jbg_size_16_color_FFFFFF_t_70_pic_center_pic_center]: /images/20221123/5d2a3f875ad240b9b44ba06855b0392c.png
[watermark_type_ZmFuZ3poZW5naGVpdGk_shadow_10_text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L2xpdW1pYW9jbg_size_16_color_FFFFFF_t_70_pic_center]: /images/20221123/0ccd53a34bfc4d4ba689f151cca97eb1.png
[watermark_type_ZmFuZ3poZW5naGVpdGk_shadow_10_text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L2xpdW1pYW9jbg_size_16_color_FFFFFF_t_70_pic_center 1]: /images/20221123/4277898d4ce84d1593d20e3a493a0436.png
[watermark_type_ZmFuZ3poZW5naGVpdGk_shadow_10_text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L2xpdW1pYW9jbg_size_16_color_FFFFFF_t_70_pic_center 2]: /images/20221123/d4ea6a0ee89f4bb7899621f83a3f9dc8.png
[watermark_type_ZmFuZ3poZW5naGVpdGk_shadow_10_text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L2xpdW1pYW9jbg_size_16_color_FFFFFF_t_70_pic_center 3]: /images/20221123/af8fe6e3c5d24666bae5b8a1b1404cc0.png
[watermark_type_ZmFuZ3poZW5naGVpdGk_shadow_10_text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L2xpdW1pYW9jbg_size_16_color_FFFFFF_t_70_pic_center 4]: /images/20221123/a4d987177c434e31b5ca9fcd756f2447.png
[watermark_type_ZmFuZ3poZW5naGVpdGk_shadow_10_text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L2xpdW1pYW9jbg_size_16_color_FFFFFF_t_70_pic_center 5]: /images/20221123/95b89e3dcc8c4ddb8394a351fe5253ed.png