Main Content

Magnolia Community Forums: Get help with Magnolia: How to change superuser password during deployment?


  • milkyman
    milkyman
    Full name: Horst Krause
    Posts: 18
    Last post: Jul 23, 2012 8:21:48 PM
    Registered on: Jun 17, 2012
    How to change superuser password during deployment?
    #1 by milkyman on Jul 19, 2012 4:00:05 PM

    Hi.

    I started to create a magnolia deployment without any manual tasks with the great blog from Gregory:
    http://dev.magnolia-cms.com/~gjoseph/dont-deploy-magnolia-deploy-your-project


    To get it into production, I added some more details like logging config and setting some defaults (e.g. baseURl and smtp config).

    It works quite well, but I still did not manage to change the superuser password during deployment/install oder to set it in the config.

    I tried found a users.system.superuser.xml export file in the magnolia core source, which contains the well known superuser password base64 encoded.

    So I tried with the VersionHandler of our module to change it:

    // set other superuser password
    tasks.add(new CheckAndModifyPropertyValueTask("Superuser pwd",
    "Change superuser password to something secret.", "users", "/system/superuser", "pswd",
    "c3VwZXJ1c2Vy", "dGVzdA=="));


    But although there is no error message, when trying to log in, the password is still unchanged.

    Does anybody know to solution to change the password?

    Thanks in advance,

    Horst

  • milkyman
    milkyman
    Full name: Horst Krause
    Posts: 18
    Last post: Jul 23, 2012 8:21:48 PM
    Registered on: Jun 17, 2012
    Re: How to change superuser password during deployment?
    #2 by milkyman on Jul 19, 2012 5:43:13 PM

    After some more restart, at least a get an error message from the Versionhandler:

    Property "pswd" was expected to exist at /system/superuser with value "superuser" but has the value "$2a$12$/pJ9bg5r.g.SRgjJejTknO/PGiXvlUYOu3ve.qx4ZEjJic7LMOXmC" instead.

    But what is this "$2a$12$/pJ9bg5r.g.SRgjJejTknO/PGiXvlUYOu3ve.qx4ZEjJic7LMOXmC"?
    I can see the same string, if I export the users workspace. What kind of encoding is it? And is it constant on all systems - so I can just change the string in my version handler or is there any more magic?

    Some help would be really nice.

    Bye,
    Horst

  • milkyman
    milkyman
    Full name: Horst Krause
    Posts: 18
    Last post: Jul 23, 2012 8:21:48 PM
    Registered on: Jun 17, 2012
    Re: How to change superuser password during deployment?
    #3 by milkyman on Jul 19, 2012 6:12:18 PM

    As the original superuser with passwort come from a bootstrap file of the magnolia core, I tried to bootstrap a different passwort in my webapp:

    users.system.superuser.xml

    <?xml version="1.0" encoding="UTF-8"?>
    <sv:node sv:name="superuser" xmlns:jcr="http://www.jcp.org/jcr/1.0" xmlns:mgnl="http://www.magnolia.info/jcr/mgnl"
    xmlns:rep="internal" xmlns:mix="http://www.jcp.org/jcr/mix/1.0" xmlns:nt="http://www.jcp.org/jcr/nt/1.0"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:fn="http://www.w3.org/2005/xpath-functions"
    xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:sv="http://www.jcp.org/jcr/sv/1.0"
    xmlns:fn_old="http://www.w3.org/2004/10/xpath-functions" xmlns:jcrfn="http://www.jcp.org/jcr/xpath-functions/1.0">
    <sv:property sv:name="pswd" sv:type="String">
    <sv:value>dGVzdA==</sv:value>
    </sv:property>
    </sv:node>


    But unfortunately I get an error:
    ERROR info.magnolia.module.InstallContextImpl :
    > Error while installing or updating webapp module. Task 'Webapp bootstrap' failed. (ConstraintViolationException: no matching child node definition found for {}superuser)
    java.lang.RuntimeException: Error importing ...webapps\ROOT\WEB-INF\bootstrap\common\users.system.superuser.xml: No child node definition for superuser found in node /system


    Anybody out there who understands what is wrong?

    Bye
    Horst

  • milkyman
    milkyman
    Full name: Horst Krause
    Posts: 18
    Last post: Jul 23, 2012 8:21:48 PM
    Registered on: Jun 17, 2012
    Re: How to change superuser password during deployment?
    #4 by milkyman on Jul 19, 2012 6:13:44 PM

    Error message was cut, here again:

    info.magnolia.module.InstallContextImpl : >
    Error while installing or updating webapp module. Task 'Webapp bootstrap' failed.
    (ConstraintViolationException: no matching child node definition found
    for {}superuser)
    java.lang.RuntimeException: Error importing ...\webapps\ROOT\WEB-INF\bootstrap\
    common\users.system.superuser.xml:
    No child node definition for superuser found in node /system

  • anonymous
    Danilo Ghirardelli (Not registered)
    Re: How to change superuser password during deployment?
    #5 by Danilo Ghirardelli (Not registered) on Jul 20, 2012 12:37:05 AM

    > Does anybody know to solution to change the password?

    You might want to try this useful class:
    http://openutils.sourceforge.net/openutils-mgnltasks/apidocs/it/openutils/mgnltasks/ChangeDefaultPasswordTask.html

    Just add a task in your module versionHandler.
    Superuser (and also anonymous) is really tricky to import, it's always
    better to change it without importing the xml.

    Regards, Danilo.

  • milkyman
    milkyman
    Full name: Horst Krause
    Posts: 18
    Last post: Jul 23, 2012 8:21:48 PM
    Registered on: Jun 17, 2012
    Re: How to change superuser password during deployment?
    #6 by milkyman on Jul 20, 2012 1:24:56 PM

    Hej Danilo, that's great. Thanks a lot.

  • gjoseph
    gjoseph
    Full name: Grégory Joseph
    Posts: 1,031
    Last post: Sep 15, 2015 9:56:30 AM
    Re: How to change superuser password during deployment?
    #7 by gjoseph on Jul 20, 2012 9:16:00 PM

    Horst, Danilo,

    I get the feeling that ChangeDefaultPasswordTask won't solve Horst's problem; it essentially does the same as the original code snippet you posted.

    The missing piece, I think, is that since 4.5, passwords are encrypted using BCrypt. Here's the update tasks used to encrypt existing records - http://svn.magnolia-cms.com/view/community/magnolia/trunk/magnolia-core/src/main/java/info/magnolia/setup/HashUsersPasswords.java?revision=52870&pathrev=52870 - it would probably be a good idea to actually have such a task (i.e one that changes a given user's password, and takes care of encryption)

    HTH,

  • milkyman
    milkyman
    Full name: Horst Krause
    Posts: 18
    Last post: Jul 23, 2012 8:21:48 PM
    Registered on: Jun 17, 2012
    Re: How to change superuser password during deployment?
    #8 by milkyman on Jul 23, 2012 8:21:48 PM

    Hi.

    I tried Danilos ChangeDefaultPasswordTask, but unfortunatly it did not work. Don't know if it fails because of the changed password encryption or because I did make a mistake. But finally there is no error message, but the password is not changed too.

    So I ended up with bootstrapping a modified users.system.superuser.xml. I changed the password, removed most other setting and now it does what it should. Probably not the best solution, but it works.

    Thanks for all your help.

    Bye,
    Horst

  • dbevacqua
    dbevacqua
    Full name: Dominic Bevacqua
    Posts: 1
    Last post: Sep 14, 2012 1:10:57 PM
    Registered on: Apr 10, 2012
    Re: How to change superuser password during deployment?
    #9 by dbevacqua on Sep 14, 2012 1:10:57 PM

    I created this task for the job.


    package com.researchresearch.news.webapp;

    import info.magnolia.cms.security.Digester;
    import info.magnolia.module.InstallContext;
    import info.magnolia.module.delta.AbstractTask;
    import info.magnolia.module.delta.TaskExecutionException;
    import info.magnolia.repository.RepositoryConstants;

    import javax.jcr.Node;
    import javax.jcr.Property;
    import javax.jcr.RepositoryException;
    import javax.jcr.Session;

    public class ChangePasswordTask extends AbstractTask {

    private String newPassword, expectedPassword, username;

    public ChangePasswordTask(String userPath, String newPassword, String expectedPassword) {
    super("Change password", "Change password a user's password if their current value is the expected one");
    this.username=userPath;
    this.newPassword=newPassword;
    this.expectedPassword=expectedPassword;
    }

    public ChangePasswordTask(String userPath, String newPassword) {
    super("Change password", "Change password a user's password, regardless of the current value.");
    this.username=userPath;
    this.newPassword=newPassword;
    }

    @Override
    public void execute(InstallContext installContext)
    throws TaskExecutionException {
    try {
    Session session = installContext.getJCRSession(RepositoryConstants.USERS);
    Node node = session.getNode(username);
    Property prop = node.getProperty("pswd");
    final String current = prop.getString();
    if(expectedPassword==null||Digester.matchBCrypted(expectedPassword, current)) {
    prop.setValue(Digester.getBCrypt(newPassword));
    session.save();
    }
    } catch (RepositoryException e) {
    throw new TaskExecutionException("Exception setting password", e);
    }
    }


    }


    I use it in a VersionHandler to change the superuser password if it is "superuser" thus:


    startupTasks.add(new ChangePasswordTask("/system/superuser", "<new password>", "superuser"));


    but the other constructor allows you to change the password regardless.

    HTH

    Regards,

    Dominic

  • dcizfn215096
    dcizfn215096
    Full name: yck pstuyt
    Posts: 1
    Last post: Aug 26, 2017 10:49:34 AM
    Registered on: Aug 26, 2017
    Re: How to change superuser password during deployment?
    #10 by dcizfn215096 on Aug 26, 2017 10:49:34 AM

    I followed the tips above but still can't reset the password.

  • tomwespi
    tomwespi
    Full name: Tom Wespi
    Posts: 38
    Last post: Sep 18, 2017 1:33:28 PM
    Re: How to change superuser password during deployment?
    #11 by tomwespi on Aug 26, 2017 1:24:58 PM

    Hello

    put

    info.magnolia.cms.security.SecuritySupport=info.magnolia.cms.security.RescueSecuritySupport

    into your magnolia.proprties file, this will enable to log in with "superuser" and the password "superuser"

    HTH

You don't have the permission to post on this thread

Sign in

To login on this forum, you can use your Magnolia Forge, Support or Partner account, or, below, your Google, Yahoo! or OpenID account. If you have trouble logging in, or any other sort of issue, please let us know in the Meta forum, on the user-list, or simply by email at forum-admin at magnolia-cms dot com.

* Required

... or sign in with:

  • icon http://{your-openid-url}
  • icon
  • icon https://me.yahoo.com/