funman300
75146847f6
Self-hosters can now run: ./solitaire_server --reset-password <username> to update a player's password and invalidate all their refresh tokens (forcing re-login on every device). Password is read from stdin so it can be piped from scripts or a password manager without appearing in shell history. Implementation: - reset_password() in auth.rs: validates length, bcrypt-hashes new password, updates users.password_hash, deletes all refresh_tokens rows for the user. - main.rs: --reset-password dispatch before HTTP server startup; JWT_SECRET not required for this path. - 4 integration tests covering: login works after reset, old password rejected, refresh tokens invalidated, unknown user → NotFound, short password → BadRequest. - README_SERVER.md: admin password-reset section with examples. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
13 lines
266 B
JSON
13 lines
266 B
JSON
{
|
|
"db_name": "SQLite",
|
|
"query": "DELETE FROM refresh_tokens WHERE user_id = ?",
|
|
"describe": {
|
|
"columns": [],
|
|
"parameters": {
|
|
"Right": 1
|
|
},
|
|
"nullable": []
|
|
},
|
|
"hash": "40db0910531d4418d4d58d31f0f8ea3894248406cc016020a6e211ed66da91c0"
|
|
}
|