cameleer/cameleer-saas
2
0
Fork 0
Code Issues 22 Pull Requests Actions Packages Projects Releases Wiki Activity

feat: server admin password reset via tenant portal
All checks were successful
CI / build (push) Successful in 2m23s
Details
CI / docker (push) Successful in 1m8s
Details

Browse Source 
- POST /api/tenant/server/admin-password — resets server's built-in
  admin password via M2M API call to the tenant's server
- Settings page: "Server Admin Password" card
- ServerApiClient.resetServerAdminPassword() calls server's password
  reset endpoint with M2M token

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
hsiegeln
2026-04-11 09:46:30 +02:00
parent 4121bd64b2
commit d5eead888d
5 changed files with 86 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/main/java/net/siegeln/cameleer/saas/identity/ServerApiClient.java
View File

@@ -156,6 +156,19 @@ public class ServerApiClient {
}
}
/** Reset the built-in admin password on a tenant's server. */
public void resetServerAdminPassword(String serverEndpoint, String newPassword) {
RestClient.create(serverEndpoint)
.post()
.uri("/api/v1/admin/users/user:admin/password")
.header("Authorization", "Bearer " + getAccessToken())
.header("X-Cameleer-Protocol-Version", "1")
.contentType(MediaType.APPLICATION_JSON)
.body(Map.of("password", newPassword))
.retrieve()
.toBodilessEntity();
}
public record ServerHealthResponse(boolean healthy, String status) {}
private synchronized String getAccessToken() {

12
src/main/java/net/siegeln/cameleer/saas/portal/TenantPortalController.java
View File

@@ -83,6 +83,18 @@ public class TenantPortalController {
return ResponseEntity.ok().build();
}
@PostMapping("/server/admin-password")
public ResponseEntity<Void> resetServerAdminPassword(@RequestBody PasswordChangeRequest body) {
try {
portalService.resetServerAdminPassword(body.password());
return ResponseEntity.noContent().build();
} catch (IllegalArgumentException e) {
return ResponseEntity.badRequest().build();
} catch (IllegalStateException e) {
return ResponseEntity.badRequest().build();
}
}
@PostMapping("/password")
public ResponseEntity<Void> changeOwnPassword(@AuthenticationPrincipal Jwt jwt,
@RequestBody PasswordChangeRequest body) {

12
src/main/java/net/siegeln/cameleer/saas/portal/TenantPortalService.java
View File

@@ -176,6 +176,18 @@ public class TenantPortalService {
logtoClient.assignOrganizationRole(orgId, userId, roleId);
}
public void resetServerAdminPassword(String newPassword) {
TenantEntity tenant = resolveTenant();
String endpoint = tenant.getServerEndpoint();
if (endpoint == null || endpoint.isBlank()) {
throw new IllegalStateException("Server not provisioned yet");
}
if (newPassword == null || newPassword.length() < 8) {
throw new IllegalArgumentException("Password must be at least 8 characters");
}
serverApiClient.resetServerAdminPassword(endpoint, newPassword);
}
public void changePassword(String userId, String newPassword) {
if (newPassword == null || newPassword.length() < 8) {
throw new IllegalArgumentException("Password must be at least 8 characters");

6
ui/src/api/tenant-hooks.ts
View File

@@ -94,6 +94,12 @@ export function useRemoveTeamMember() {
});
}
export function useResetServerAdminPassword() {
return useMutation<void, Error, string>({
mutationFn: (password) => api.post('/tenant/server/admin-password', { password }),
});
}
export function useChangeOwnPassword() {
return useMutation<void, Error, string>({
mutationFn: (password) => api.post('/tenant/password', { password }),

44
ui/src/pages/tenant/SettingsPage.tsx
View File

@@ -9,7 +9,7 @@ import {
Spinner,
useToast,
} from '@cameleer/design-system';
import { useTenantSettings, useChangeOwnPassword } from '../../api/tenant-hooks';
import { useTenantSettings, useChangeOwnPassword, useResetServerAdminPassword } from '../../api/tenant-hooks';
import { tierColor } from '../../utils/tier';
import styles from '../../styles/platform.module.css';
@@ -26,10 +26,12 @@ function statusColor(status: string): 'success' | 'error' | 'warning' | 'auto' {
export function SettingsPage() {
const { data, isLoading, isError } = useTenantSettings();
const changePassword = useChangeOwnPassword();
const resetServerAdmin = useResetServerAdminPassword();
const { toast } = useToast();
const [newPassword, setNewPassword] = useState('');
const [confirmPassword, setConfirmPassword] = useState('');
const [serverAdminPw, setServerAdminPw] = useState('');
async function handleChangePassword(e: React.FormEvent) {
e.preventDefault();
@@ -140,6 +142,46 @@ export function SettingsPage() {
</div>
</form>
</Card>
<Card title="Server Admin Password">
<p className={styles.description} style={{ marginTop: 0 }}>
Reset the built-in admin password for your server dashboard (local login at <code>/login?local</code>).
</p>
<form
onSubmit={async (e) => {
e.preventDefault();
if (serverAdminPw.length < 8) {
toast({ title: 'Password must be at least 8 characters', variant: 'error' });
return;
}
try {
await resetServerAdmin.mutateAsync(serverAdminPw);
toast({ title: 'Server admin password reset successfully', variant: 'success' });
setServerAdminPw('');
} catch (err) {
toast({ title: 'Failed to reset server admin password', description: String(err), variant: 'error' });
}
}}
style={{ display: 'flex', flexDirection: 'column', gap: 16, marginTop: 12 }}
>
<FormField label="New admin password" htmlFor="server-admin-pw">
<Input
id="server-admin-pw"
type="password"
value={serverAdminPw}
onChange={(e) => setServerAdminPw(e.target.value)}
placeholder="Enter new admin password"
required
minLength={8}
/>
</FormField>
<div>
<Button type="submit" variant="primary" loading={resetServerAdmin.isPending}>
Reset Admin Password
</Button>
</div>
</form>
</Card>
</div>
);
}