Modify account command: Add option to clear HTTP password
Change-Id: I00033fa5987bbf58d12e4d9b357367b5d2f28770
diff --git a/Documentation/cmd-set-account.txt b/Documentation/cmd-set-account.txt
index a2944dd..9d6f8bc 100644
--- a/Documentation/cmd-set-account.txt
+++ b/Documentation/cmd-set-account.txt
@@ -9,7 +9,8 @@
[--add-email <EMAIL>] [--delete-email <EMAIL> | ALL] \
[--add-ssh-key - | <KEY>] \
[--delete-ssh-key - | <KEY> | ALL] \
- [--http-password <PASSWORD>] <USER>
+ [--http-password <PASSWORD>] \
+ [--clear-http-password] <USER>
--
== DESCRIPTION
@@ -25,9 +26,9 @@
or have been granted
link:access-control.html#capability_modifyAccount[the 'Modify Account' global capability].
-To set the HTTP password for the user account (option --http-password) the
-caller must be a member of the privileged 'Administrators' group,
-or have been granted
+To set the HTTP password for the user account (option --http-password) or
+to clear the HTTP password (option --clear-http-password) caller must be
+a member of the privileged 'Administrators' group, or have been granted
link:access-control.html#capability_generateHttpPassword[the 'Generate HTTP Password' global capability]
in addition to 'Modify Account' global capability.
@@ -85,6 +86,9 @@
--http-password::
Set the HTTP password for the user account.
+--clear-http-password::
+ Clear the HTTP password for the user account.
+
== EXAMPLES
Add an email and SSH key to `watcher`'s account:
diff --git a/gerrit-sshd/src/main/java/com/google/gerrit/sshd/commands/SetAccountCommand.java b/gerrit-sshd/src/main/java/com/google/gerrit/sshd/commands/SetAccountCommand.java
index 6af58f3..17ed89e 100644
--- a/gerrit-sshd/src/main/java/com/google/gerrit/sshd/commands/SetAccountCommand.java
+++ b/gerrit-sshd/src/main/java/com/google/gerrit/sshd/commands/SetAccountCommand.java
@@ -14,6 +14,7 @@
package com.google.gerrit.sshd.commands;
+import com.google.common.base.Strings;
import com.google.gerrit.common.data.GlobalCapability;
import com.google.gerrit.common.errors.EmailException;
import com.google.gerrit.extensions.annotations.RequiresCapability;
@@ -87,6 +88,9 @@
@Option(name = "--http-password", metaVar = "PASSWORD", usage = "password for HTTP authentication for the account")
private String httpPassword;
+ @Option(name = "--clear-http-password", usage = "clear HTTP password for the account")
+ private boolean clearHttpPassword;
+
@Inject
private IdentifiedUser.GenericFactory genericUserFactory;
@@ -140,6 +144,11 @@
throw new UnloggedFailure(1,
"--active and --inactive options are mutually exclusive.");
}
+ if (clearHttpPassword && !Strings.isNullOrEmpty(httpPassword)) {
+ throw new UnloggedFailure(1,
+ "--http-password and --clear-http-password options are mutually " +
+ "exclusive.");
+ }
if (addSshKeys.contains("-") && deleteSshKeys.contains("-")) {
throw new UnloggedFailure(1, "Only one option may use the stdin");
}
@@ -169,7 +178,7 @@
putName.apply(rsrc, in);
}
- if (httpPassword != null) {
+ if (httpPassword != null || clearHttpPassword) {
PutHttpPassword.Input in = new PutHttpPassword.Input();
in.httpPassword = httpPassword;
putHttpPassword.apply(rsrc, in);
