0

How to reset password of a Google App user using Google App script/Python/Java script.

I know it can be done using GAM, I want to know if its possible through above languages.

https://developers.google.com/admin-sdk/directory/v1/reference/users/update#request

Kanchan
  • 65
  • 2
  • 11

2 Answers2

0

You can do it when you update your user account.

Here is some code when you create user account.

{
"primaryEmail": "liz@example.com",
"name": {
"givenName": "Elizabeth",
"familyName": "Smith"
},
"suspended": false,
"password": "new user password",
"hashFunction": "SHA-1",
"changePasswordAtNextLogin": false,
"ipWhitelisted": false,
"ims": [
{

To change the password just update your user account.

{
"primaryEmail": "liz@example.com",
"name": {
"givenName": "Liz",
"familyName": "Smith"
},
"suspended": false,
"password": "updated password",
"hashFunction": "SHA-1",
"changePasswordAtNextLogin": true,
"ipWhitelisted": false,
"ims": [
{

You need to set the "changePasswordAtNextLogin": true, in order to change the password.

NOTE: A password is required for new user accounts. If a hashFunction is specified, the password must be a valid hash key.

KENdi
  • 7,576
  • 2
  • 16
  • 31
  • Thanks for the reply.. I believe this is JSON code..I need to reset the password using Google Appscript..I want to do it similar to below code- AdminDirectory.Users.update(resource, userKey).password Is this possible..Can you please tell me what does userKey and resource indicates. – Kanchan Mar 29 '16 at 04:34
  • userKey - Identifies the user in the API request. The value can be the user's primary email address, alias email address, or unique user ID. For the resource you can check this [page.](https://developers.google.com/admin-sdk/directory/v1/reference/users#resource-representations) – KENdi Mar 29 '16 at 09:33
  • Thanks for the help..Now i got to know to reset the password of a Google App account..Thanks a lot – Kanchan Apr 06 '16 at 13:07
  • I've edited the answer to clarify some things. For instance, when you update a password using `.patch()` API call, you only specify fields you change - not the whole user object. Also SHA1 for passwords, while still mostly collision-resistant as opposed to already broken MD5, isn't really recommended in 2022, especially when not salted. – Lukasz032 Nov 23 '22 at 03:50
0

The previous answer, while actually partially true, contains some wrong assumptions and uses plain old SHA1, which is actually discouraged now in 2022, and since my edits were rejected as too substantial and the question doesn't have a proper answer yet, I'll write my own answer.

You can use patch semantics for exactly what you're trying to do - you don't need to provide a fully-populated User object for that, just the fields you actually change - in your case, only the new password details, omitting any user fields you aren't changing in the process.

For instance, this would be the correct payload if you want to change a password to Testpassw0rd1 (assuming your app will use a salt string of Usesomesalthere1 and SHA-256 based password hashing, which is considered a safe algorithm):

{
    "password": "$5$Usesomesalthere1$F8UxCaJUKHYgoZUY01YRiogSXXRquSmFuTHcpFOVrD7",
    "hashFunction": "crypt"
}

(Yes, that's the entire payload you'd want to send to the patch method endpoint for your desired user.)

A proper password value for any string you want you can obtain from libc crypt() function, using $5$your_salt_value$ as the second parameter (replace your_salt_value with whatever you use in your app - you just need to have it consistent with the value used in password JSON parameter, can't have it different in both places or the resulting password won't work at all).

Lukasz032
  • 354
  • 4
  • 14