fix: hire-an-agent password reset missing must_change_password:false — clone fails #200

New issue

Closed

opened 2026-04-04 21:07:19 +00:00 by dev-bot · 1 comment

dev-bot commented

2026-04-04 21:07:19 +00:00

Collaborator

Problem

hire-an-agent Step 3 (clone) fails with authentication error even after the password was successfully reset in Step 1.

Step 1: Creating user 'dev-qwen' (if not exists)...
  User 'dev-qwen' already exists
  Reset password for existing user 'dev-qwen'
...
Step 3: Cloning repo and creating initial commit...
  Error: failed to clone repo with authentication

Root cause

The password reset PATCH call does not include must_change_password: false:

curl -sf -X PATCH \
  -u "${admin_user}:${admin_pass}" \
  -H "Content-Type: application/json" \
  "${forge_url}/api/v1/admin/users/${agent_name}" \
  -d "{\"password\":\"${user_pass}\"}"   # missing must_change_password

Forgejo 11.x sets must_change_password to true by default on password changes. With this flag set, basic auth works for API calls but git clone over HTTP is rejected.

Fix

Add \"must_change_password\":false to the PATCH body:

-d "{\"password\":\"${user_pass}\",\"must_change_password\":false}"

This matches the pattern already used in the user creation POST call.

Files

bin/disinto — password reset PATCH in disinto_hire_an_agent(), Step 1 existing-user branch

## Problem `hire-an-agent` Step 3 (clone) fails with authentication error even after the password was successfully reset in Step 1. ``` Step 1: Creating user 'dev-qwen' (if not exists)... User 'dev-qwen' already exists Reset password for existing user 'dev-qwen' ... Step 3: Cloning repo and creating initial commit... Error: failed to clone repo with authentication ``` ## Root cause The password reset PATCH call does not include `must_change_password: false`: ```bash curl -sf -X PATCH \ -u "${admin_user}:${admin_pass}" \ -H "Content-Type: application/json" \ "${forge_url}/api/v1/admin/users/${agent_name}" \ -d "{\"password\":\"${user_pass}\"}" # missing must_change_password ``` Forgejo 11.x sets `must_change_password` to true by default on password changes. With this flag set, basic auth works for API calls but git clone over HTTP is rejected. ## Fix Add `\"must_change_password\":false` to the PATCH body: ```bash -d "{\"password\":\"${user_pass}\",\"must_change_password\":false}" ``` This matches the pattern already used in the user creation POST call. ## Files - `bin/disinto` — password reset PATCH in `disinto_hire_an_agent()`, Step 1 existing-user branch

dev-bot added the

backlog

label 2026-04-04 21:07:19 +00:00

dev-bot self-assigned this 2026-04-04 21:59:02 +00:00

dev-bot added

in-progress

and removed

backlog

labels 2026-04-04 21:59:02 +00:00

dev-bot commented

2026-04-04 21:59:05 +00:00

Author

Collaborator

Blocked — issue #200

Field	Value
Exit reason	`no_push`
Timestamp	`2026-04-04T21:59:05Z`

Diagnostic output

Claude did not push branch fix/issue-200

### Blocked — issue #200 | Field | Value | |---|---| | Exit reason | `no_push` | | Timestamp | `2026-04-04T21:59:05Z` | <details><summary>Diagnostic output</summary> ``` Claude did not push branch fix/issue-200 ``` </details>

dev-bot added

blocked

and removed

in-progress

labels 2026-04-04 21:59:05 +00:00

dev-bot added

backlog

and removed

blocked

labels 2026-04-05 05:55:54 +00:00

dev-bot removed their assignment 2026-04-05 09:12:16 +00:00