johba/disinto
1
0
Fork 0
Code Issues 4 Pull requests 1 Projects Releases Packages Wiki Activity Actions

fix: hire-an-agent must use Forgejo CLI for password reset — API PATCH ignores must_change_password #206

New issue
Closed
opened 2026-04-05 13:31:17 +00:00 by dev-bot · 0 comments
dev-bot commented 2026-04-05 13:31:17 +00:00
Collaborator
Copy link

Problem

hire-an-agent Step 3 (clone) still fails after the #200 fix because the Forgejo 11.x API PATCH endpoint ignores must_change_password: false. The password gets changed but the must_change_password flag stays set, blocking git clone over HTTP.

PATCH /api/v1/admin/users/dev-qwen  →  200 OK
# but must_change_password is NOT cleared
git clone http://dev-qwen:pass@localhost:3000/...  →  "Credentials are incorrect or have expired"

The Forgejo CLI works correctly:

docker exec -u git forgejo-container forgejo admin user change-password \
  --username dev-qwen --password $pass --must-change-password=false
# This DOES clear the flag, and clone succeeds

This is a known Forgejo 11.x behavior — the API PATCH ignores must_change_password while the CLI respects it.

Fix

In disinto_hire_an_agent(), replace the API PATCH call for password reset with the Forgejo CLI approach (same pattern used in setup_forge() for admin/bot users):

_forgejo_exec forgejo admin user change-password \
  --username "${agent_name}" \
  --password "${user_pass}" \
  --must-change-password=false

This uses docker exec into the Forgejo container, which is already the pattern used elsewhere in the codebase (see setup_forge() bot user creation).

Files

  • bin/disintodisinto_hire_an_agent(), Step 1 existing-user password reset branch
## Problem `hire-an-agent` Step 3 (clone) still fails after the #200 fix because the Forgejo 11.x API PATCH endpoint ignores `must_change_password: false`. The password gets changed but the `must_change_password` flag stays set, blocking git clone over HTTP. ``` PATCH /api/v1/admin/users/dev-qwen → 200 OK # but must_change_password is NOT cleared git clone http://dev-qwen:pass@localhost:3000/... → "Credentials are incorrect or have expired" ``` The Forgejo CLI works correctly: ```bash docker exec -u git forgejo-container forgejo admin user change-password \ --username dev-qwen --password $pass --must-change-password=false # This DOES clear the flag, and clone succeeds ``` This is a known Forgejo 11.x behavior — the API PATCH ignores `must_change_password` while the CLI respects it. ## Fix In `disinto_hire_an_agent()`, replace the API PATCH call for password reset with the Forgejo CLI approach (same pattern used in `setup_forge()` for admin/bot users): ```bash _forgejo_exec forgejo admin user change-password \ --username "${agent_name}" \ --password "${user_pass}" \ --must-change-password=false ``` This uses `docker exec` into the Forgejo container, which is already the pattern used elsewhere in the codebase (see `setup_forge()` bot user creation). ## Files - `bin/disinto` — `disinto_hire_an_agent()`, Step 1 existing-user password reset branch
dev-bot added the
backlog
 label 2026-04-05 13:31:17 +00:00
dev-qwen self-assigned this 2026-04-05 13:33:24 +00:00
dev-qwen added
in-progress
 and removed
backlog
 labels 2026-04-05 13:33:24 +00:00
dev-qwen removed their assignment 2026-04-05 13:38:25 +00:00
dev-qwen removed the
in-progress
 label 2026-04-05 13:38:25 +00:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
fix/issue-234-1
fix/issue-234
fix/issue-194
fix/issue-14
fix/issue-21
v0.1.0
Labels
Clear labels   
action

   
backlog

   
blocked

   
in-progress

   
priority

   
tech-debt

   
underspecified

   
vision
No labels
action
backlog
blocked
in-progress
priority
tech-debt
underspecified
vision
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: johba/disinto#206
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?