sosyz opened a new pull request, #1410: URL: https://github.com/apache/answer/pull/1410
Adds a secure, interactive CLI to reset a user’s password per [#1400](https://github.com/apache/answer/issues/1400). Also includes a minor fix to include the time parameter when updating user status. ## What’s changed - New CLI: `answer passwd` (aliases: `password`, `reset-password`) - Secure interactive password prompt (uses `golang.org/x/term`) - Flags: `-e/--email`, `-p/--password` (not recommended due to shell history) - Central wiring in `cmd/command.go` - Path/config helpers centralized under `internal/base/path` - Fix: include timestamp when updating user status ## Usage ```shell answer passwd -C ./answer-data -e [email protected] # will securely prompt for password ``` ## Open question Observed that `authSvc.RemoveUserAllTokens(ctx, userInfo.ID)` returns success but existing web sessions remain active. Same behavior when invoked from the user center password update flow. Is there an additional session/cache invalidation step required, or is this a bug in the session/token layer? Linked issue - #1400 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
