feat(multi-tenancy): Add mutation for guardian of galaxy to reset password of users of any namespaces

edgraph/server.go

@@ -109,6 +109,61 @@ type existingGQLSchemaQryResp struct {
 	ExistingGQLSchema []graphQLSchemaNode `json:"ExistingGQLSchema"`
 }
 
+func (s *Server) ResetPassword(ctx context.Context, ns uint64, id, password string) error {
+	if err := AuthGuardianOfTheGalaxy(ctx); err != nil {
+		return errors.Wrapf(err, "Reset password got error:")
+	}
+
+	query := fmt.Sprintf(`{
+			x as updateUser(func: type(dgraph.type.User)) @filter(eq(dgraph.xid, "%s")) {
+				uid
+			}
+		}`, id)
+
+	userNQuads := []*api.NQuad{
+		{
+			Subject:     "uid(x)",
+			Predicate:   "dgraph.password",
+			ObjectValue: &api.Value{Val: &api.Value_StrVal{StrVal: password}},
+		},
+	}
+	req := &Request{
+		req: &api.Request{
+			CommitNow: true,
+			Query:     query,
+			Mutations: []*api.Mutation{
+				{
+					Set:  userNQuads,
+					Cond: "@if(gt(len(x), 0))",
+				},
+			},
+		},
+		doAuth: NoAuthorize,
+	}
+	ctx = x.AttachNamespace(ctx, ns)
+	resp, err := (&Server{}).doQuery(ctx, req)
+	if err != nil {
+		return errors.Wrapf(err, "while upserting user with id %s", x.GrootId)
+	}
+
+	type userNode struct {
+		Uid string `json:"uid"`
+	}
+
+	type userQryResp struct {
+		User []userNode `json:"updateUser"`
+	}
+	var userResp userQryResp
+	if err := json.Unmarshal(resp.GetJson(), &userResp); err != nil {
+		return errors.Wrap(err, "Reset password failed with error")
+	}
+
+	if len(userResp.User) == 0 {
+		return errors.New("Failed to reset password, user doesn't exist")
+	}
+	return nil
+}
+
 func (s *Server) CreateNamespace(ctx context.Context) (uint64, error) {
 	ctx = x.AttachJWTNamespace(ctx)
 	glog.V(2).Info("Got create namespace request from namespace: ", x.ExtractNamespace(ctx))

go.sum

@@ -117,8 +117,6 @@ github.com/dgraph-io/badger v1.6.0 h1:DshxFxZWXUcO0xX476VJC07Xsr6ZCBVRHKZ93Oh7Ev
 github.com/dgraph-io/badger v1.6.0/go.mod h1:zwt7syl517jmP8s94KqSxTlM6IMsdhYy6psNgSztDR4=
 github.com/dgraph-io/badger/v3 v3.0.0-20210208122220-162b5787192b h1:nD2CjktZ78EClTWWwFhMvVuBxYunKEFLClNkFHGr+aU=
 github.com/dgraph-io/badger/v3 v3.0.0-20210208122220-162b5787192b/go.mod h1:ag1DYFcc5xVWtMbbwnl9ESgk1dE2ukWO4hdvzENQnAw=
-github.com/dgraph-io/dgo/v200 v200.0.0-20210208072308-4dd991b9b20e h1:3K0Wg/IMUTp4vyCRyD5SlmCYbmVxAz5o6eJvSiS72Gs=
-github.com/dgraph-io/dgo/v200 v200.0.0-20210208072308-4dd991b9b20e/go.mod h1:ky1IOcEAlOxmk89KxXGECgRAEkdJrNHVymvCmixaVuM=
 github.com/dgraph-io/dgo/v200 v200.0.0-20210208110130-c589adec3d8f h1:XZRsTllGQWUu0SpAb8mGW9motF0KmD7f6UEKa7y2grE=
 github.com/dgraph-io/dgo/v200 v200.0.0-20210208110130-c589adec3d8f/go.mod h1:ky1IOcEAlOxmk89KxXGECgRAEkdJrNHVymvCmixaVuM=
 github.com/dgraph-io/gqlgen v0.13.2 h1:TNhndk+eHKj5qE7BenKKSYdSIdOGhLqxR1rCiMso9KM=

graphql/admin/admin.go

@@ -571,6 +571,7 @@ func newAdminResolverFactory() resolve.ResolverFactory {
 		"draining":        resolveDraining,
 		"export":          resolveExport,
 		"login":           resolveLogin,
+		"resetPassword":   resolveResetPassword,
 		"restore":         resolveRestore,
 		"shutdown":        resolveShutdown,
 	}

graphql/admin/endpoints_ee.go

@@ -422,6 +422,12 @@ const adminTypes = `
 		namespaceId: Int
 		message: String
 	}
+
+	type ResetPasswordPayload {
+		userId: String
+		message: String
+		namespace: Int
+	}
 	`
 
 const adminMutations = `
@@ -478,6 +484,12 @@ const adminMutations = `
 	Delete a namespace.
 	"""
 	deleteNamespace(input: NamespaceInput!): NamespacePayload
+
+	"""
+	Reset password can only be used by the Guardians of the galaxy to reset password of
+	any user in any namespace.
+	"""
+	resetPassword(userId: String, password: String, namespace: Int): ResetPasswordPayload
 	`
 
 const adminQueries = `

graphql/admin/reset_password.go

@@ -0,0 +1,74 @@
+/*
+ * Copyright 2020 Dgraph Labs, Inc. and Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package admin
+
+import (
+	"context"
+	"encoding/json"
+	"strconv"
+
+	"github.com/dgraph-io/dgraph/edgraph"
+	"github.com/dgraph-io/dgraph/graphql/resolve"
+	"github.com/dgraph-io/dgraph/graphql/schema"
+	"github.com/golang/glog"
+)
+
+type passwordInput struct {
+	UserID    string
+	Password  string
+	Namespace uint64
+}
+
+func resolveResetPassword(ctx context.Context, m schema.Mutation) (*resolve.Resolved, bool) {
+	glog.Info("Got reset password request")
+
+	in := getPasswordInput(m)
+	err := (&edgraph.Server{}).ResetPassword(ctx, in.Namespace, in.UserID, in.Password)
+	if err != nil {
+		return resolve.EmptyResult(m, err), false
+	}
+
+	return resolve.DataResult(
+		m,
+		map[string]interface{}{
+			m.Name(): map[string]interface{}{
+				"userId":    in.UserID,
+				"message":   "Reset password is successful",
+				"namespace": json.Number(strconv.Itoa(int(in.Namespace))),
+			},
+		},
+		nil,
+	), true
+
+}
+
+func getPasswordInput(m schema.Mutation) *passwordInput {
+	var input passwordInput
+
+	input.UserID, _ = m.ArgValue("userId").(string)
+	input.Password, _ = m.ArgValue("password").(string)
+
+	b, err := json.Marshal(m.ArgValue("namespace"))
+	if err != nil {
+		return nil
+	}
+
+	if err = json.Unmarshal(b, &input.Namespace); err != nil {
+		return nil
+	}
+	return &input
+}