Closed CERT-VDE closed 4 days ago
Jochen, note that the order of the -u
argument matters here. If you specify it before the update, it is used by the user
subcommand where it serves as a modifier of which user you want to display information for (not specifying it defaults to your current user, for which you specified credentials).
The subcommands of the user
command (create
, update
, reset-key
) have their own -u
command to specify which user to perform those actions on. So your command to mark someone as inactive should have been:
cve user update --mark-inactive -u username@example.org
Your command default the user to your user and marked you as inactive instead.
Also worth noting that perhaps using interactive mode would have prevented this:
> cve -i user update -u test@redhat.com --mark-inactive
You are about to update the test@redhat.com user with the following changes:
- active: false
Do you want to continue? [y/N]: n
Exiting...
> cve -i user -u test@redhat.com update --mark-inactive
You are about to update the mprpic@redhat.com user with the following changes:
- active: false
Do you want to continue? [y/N]: n
If you have ideas of how to improve the user experience, do share :wink:
Thank you for clarification @mprpic !
My idea would be to force the -u
after update
when using --mark-inactive
or --mark-active
. That should prevent users that are not able to read the help carefully (like me 😉) to accidentally lockout themselves.
Another option would be to use something like --target-user instead of -u after update...
However, with your help a colleague was able to mark my account as active again, thank you.
/Jochen
See linked MR where I made the -u
option required so that it's more explicit about which user is being updated.
Hey there,
I tried to mark a user inactive (user -u username@domain.tld update --mark-inactive), got the response that the update went through but can't use the API afterwards. So one of my colleagues checked within their account and could confirm, that my account has been set inactive instead of the one that was planned to be set inactive. However my colleagues are not able to reactivate my account, all tags with --mark-(in)active seem to affect the active user only, not the one selected with -u username. Affected versions seem to be 1.2.x up to 1.4.0
Thank you, CERT@VDE /jochen