search

zowe / zowe-cli

Zowe CLI
Eclipse Public License 2.0
116 stars 86 forks source link

Allow passwords to be changed from the Zowe CLI #2358

Open Joe-Winchester opened 2 weeks ago

Joe-Winchester commented 2 weeks ago

Is your feature or enhancement request related to a problem or limitation? Please describe

I was asked at a customer facing conference (when giving a presentation about Zowe CLI) whether there was a feature to allow users to change their passwords. The scenario is that when userIDs and passwords are first issued to folks on training courses they need to change it on first use. This is the only part of the course that needs the students to log into TSO and is their first experience of what is meant to be a full hands on Zowe CLI course that promotes itself on the idea of "look no green screen".

Describe your enhancement idea

z/OS 2.4 introduced the API `PUT /zosmf/authenticate' to allow passwords to be changed with the body

Content-Type: application/x-www-form-urlencoded
{"userID" : "ZOSMFT1", "oldPwd" : "QWER1234", "newPwd" : "ZOSMFT1"}

It looks as though this is supported from 2.4 through 3.1 so there are no issues with in-support z/OSMF releases not having the back end API.

A possible CLI syntax might be

zowe auth password change "<old>" -to "<new>"

Not sure if it makes sense to put under the auth category which is currently all about APIML auth but that'd be my preference rather than put it under z/OSMF (as FTP or RSE or another provider could implement this themselves), however it doesn't' pre-req APMLI so maybe the zowe auth category description needs updating to not be entirely about AIPML provided SSO.

Describe alternatives you've considered

Using a 3270 terminal to log in and change the password.

Provide any additional context

It'd be good to do this in concert with the Zowe Explorer teams to ensure the SDK API calls can be used upstream.

I know in TSO login it's possible to distinguish between an invalid password and a valid password that then needs to be changed. For the scenario where a user on a course has been given a password that is valid but needs changing it would be nice if the CLI can determine that, so they are given feedback that the password needs updating, e.g.

zowe jobs list jobs
   the password for USERABC. needs updating,  please provide a new password: 
     ...
   password successfully updated.
TSU01162 ABEND S222 WINCHJ  OUTPUT
JOB01166 CC 0000    WINCHJZ OUTPUT
TSU01160 ABEND S222 WINCHJ  OUTPUT
github-actions[bot] commented 2 weeks ago

Thank you for raising this enhancement request. The community has 90 days to vote on it. If the enhancement receives at least 5 upvotes, it is added to our development backlog. If it receives fewer votes, the issue is closed.

adam-wolfe commented 2 weeks ago

This would be the logical next step once https://github.com/zowe/zowe-cli/issues/1185 is implemented (using z/OSMF REST APIs).

Joe-Winchester commented 2 weeks ago

This would be the logical next step once #1185 is implemented (using z/OSMF REST APIs).

Sorry for opening a new github CLI issue - I did look to see if there was an existing one when I was with the customer last week but couldn't find it doing an issue search, even though I'd actually commented on it last year.

My bad and I'll try to improve my github issue searching skills.