feat: server admin password reset via tenant portal

- POST /api/tenant/server/admin-password — resets server's built-in admin password via M2M API call to the tenant's server - Settings page: "Server Admin Password" card - ServerApiClient.resetServerAdminPassword() calls server's password reset endpoint with M2M token Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-11 09:46:30 +02:00
parent 4121bd64b2
commit d5eead888d
5 changed files with 86 additions and 1 deletions
--- a/src/main/java/net/siegeln/cameleer/saas/identity/ServerApiClient.java
+++ b/src/main/java/net/siegeln/cameleer/saas/identity/ServerApiClient.java
@@ -156,6 +156,19 @@ public class ServerApiClient {
        }
    }

+    /** Reset the built-in admin password on a tenant's server. */
+    public void resetServerAdminPassword(String serverEndpoint, String newPassword) {
+        RestClient.create(serverEndpoint)
+            .post()
+            .uri("/api/v1/admin/users/user:admin/password")
+            .header("Authorization", "Bearer " + getAccessToken())
+            .header("X-Cameleer-Protocol-Version", "1")
+            .contentType(MediaType.APPLICATION_JSON)
+            .body(Map.of("password", newPassword))
+            .retrieve()
+            .toBodilessEntity();
+    }
+
    public record ServerHealthResponse(boolean healthy, String status) {}

    private synchronized String getAccessToken() {
--- a/src/main/java/net/siegeln/cameleer/saas/portal/TenantPortalController.java
+++ b/src/main/java/net/siegeln/cameleer/saas/portal/TenantPortalController.java
@@ -83,6 +83,18 @@ public class TenantPortalController {
        return ResponseEntity.ok().build();
    }

+    @PostMapping("/server/admin-password")
+    public ResponseEntity<Void> resetServerAdminPassword(@RequestBody PasswordChangeRequest body) {
+        try {
+            portalService.resetServerAdminPassword(body.password());
+            return ResponseEntity.noContent().build();
+        } catch (IllegalArgumentException e) {
+            return ResponseEntity.badRequest().build();
+        } catch (IllegalStateException e) {
+            return ResponseEntity.badRequest().build();
+        }
+    }
+
    @PostMapping("/password")
    public ResponseEntity<Void> changeOwnPassword(@AuthenticationPrincipal Jwt jwt,
                                                    @RequestBody PasswordChangeRequest body) {
--- a/src/main/java/net/siegeln/cameleer/saas/portal/TenantPortalService.java
+++ b/src/main/java/net/siegeln/cameleer/saas/portal/TenantPortalService.java
@@ -176,6 +176,18 @@ public class TenantPortalService {
        logtoClient.assignOrganizationRole(orgId, userId, roleId);
    }

+    public void resetServerAdminPassword(String newPassword) {
+        TenantEntity tenant = resolveTenant();
+        String endpoint = tenant.getServerEndpoint();
+        if (endpoint == null || endpoint.isBlank()) {
+            throw new IllegalStateException("Server not provisioned yet");
+        }
+        if (newPassword == null || newPassword.length() < 8) {
+            throw new IllegalArgumentException("Password must be at least 8 characters");
+        }
+        serverApiClient.resetServerAdminPassword(endpoint, newPassword);
+    }
+
    public void changePassword(String userId, String newPassword) {
        if (newPassword == null || newPassword.length() < 8) {
            throw new IllegalArgumentException("Password must be at least 8 characters");