diff --git a/Documentation/cmd-set-account.txt b/Documentation/cmd-set-account.txt index a2944dda5d..9d6f8bc6a2 100644 --- a/Documentation/cmd-set-account.txt +++ b/Documentation/cmd-set-account.txt @@ -9,7 +9,8 @@ set-account [--full-name ] [--active|--inactive] \ [--add-email ] [--delete-email | ALL] \ [--add-ssh-key - | ] \ [--delete-ssh-key - | | ALL] \ - [--http-password ] + [--http-password ] \ + [--clear-http-password] -- == DESCRIPTION @@ -25,9 +26,9 @@ Caller must be a member of the privileged 'Administrators' group, or have been granted link:access-control.html#capability_modifyAccount[the 'Modify Account' global capability]. -To set the HTTP password for the user account (option --http-password) the -caller must be a member of the privileged 'Administrators' group, -or have been granted +To set the HTTP password for the user account (option --http-password) or +to clear the HTTP password (option --clear-http-password) caller must be +a member of the privileged 'Administrators' group, or have been granted link:access-control.html#capability_generateHttpPassword[the 'Generate HTTP Password' global capability] in addition to 'Modify Account' global capability. @@ -85,6 +86,9 @@ This most likely requires double quoting the value, for example --http-password:: Set the HTTP password for the user account. +--clear-http-password:: + Clear the HTTP password for the user account. + == EXAMPLES Add an email and SSH key to `watcher`'s account: diff --git a/gerrit-sshd/src/main/java/com/google/gerrit/sshd/commands/SetAccountCommand.java b/gerrit-sshd/src/main/java/com/google/gerrit/sshd/commands/SetAccountCommand.java index 6af58f3e7e..17ed89e51c 100644 --- a/gerrit-sshd/src/main/java/com/google/gerrit/sshd/commands/SetAccountCommand.java +++ b/gerrit-sshd/src/main/java/com/google/gerrit/sshd/commands/SetAccountCommand.java @@ -14,6 +14,7 @@ package com.google.gerrit.sshd.commands; +import com.google.common.base.Strings; import com.google.gerrit.common.data.GlobalCapability; import com.google.gerrit.common.errors.EmailException; import com.google.gerrit.extensions.annotations.RequiresCapability; @@ -87,6 +88,9 @@ final class SetAccountCommand extends BaseCommand { @Option(name = "--http-password", metaVar = "PASSWORD", usage = "password for HTTP authentication for the account") private String httpPassword; + @Option(name = "--clear-http-password", usage = "clear HTTP password for the account") + private boolean clearHttpPassword; + @Inject private IdentifiedUser.GenericFactory genericUserFactory; @@ -140,6 +144,11 @@ final class SetAccountCommand extends BaseCommand { throw new UnloggedFailure(1, "--active and --inactive options are mutually exclusive."); } + if (clearHttpPassword && !Strings.isNullOrEmpty(httpPassword)) { + throw new UnloggedFailure(1, + "--http-password and --clear-http-password options are mutually " + + "exclusive."); + } if (addSshKeys.contains("-") && deleteSshKeys.contains("-")) { throw new UnloggedFailure(1, "Only one option may use the stdin"); } @@ -169,7 +178,7 @@ final class SetAccountCommand extends BaseCommand { putName.apply(rsrc, in); } - if (httpPassword != null) { + if (httpPassword != null || clearHttpPassword) { PutHttpPassword.Input in = new PutHttpPassword.Input(); in.httpPassword = httpPassword; putHttpPassword.apply(rsrc, in);