Use Nexus 3 API to change admin password

Question

I would like to use the Nexus 3 api to change the admin default password as well as the email address using groovy. But I don't understand how to set the password using the groovy api. Can someone provide an example of how to do this?

Sam Gleske · Answer 1 · 2020-08-17T23:55:41.883

Summary

You can use the REST API to both update user information and change their password. This includes the admin user.

Nexus REST API: Update user information

The default admin user-data.json in my instance is the following:

{
  "userId": "admin",
  "firstName": "Administrator",
  "lastName": "User",
  "emailAddress": "admin@example.org",
  "source": "default",
  "status": "active",
  "readOnly": false,
  "roles": [
    "nx-admin"
  ],
  "externalRoles": []
}

Update the user-data.json to your desired values and use curl with the REST API.

NX_PASSWORD="admin user password"

curl -ifu admin:"${NX_PASSWORD}" \
  -XPUT -H 'Content-Type: application/json' \
  --data "$(< user-data.json)" \
  <nexus base  URL>/service/rest/v1/security/users/admin

Nexus REST API: Change password

You'll want to use the Security Management API.

See Nexus 3 backend source code.

OLD_PASSWORD="nexus admin password"
NEW_PASSWORD="your new password"

curl -ifu admin:"${OLD_PASSWORD}" \
  -XPUT -H 'Content-Type: text/plain' \
  --data "${NEW_PASSWORD}" \
  <nexus base URL>/service/rest/v1/security/users/admin/change-password

Screenshot of Nexus documentation

This documentation is only available on a running Nexus instance. You can view this API on your own running Nexus instance by visiting:

Menu: System configuration > System > API.

Old way: Change password during initial onboarding

This only works during initial onboarding. You should definitely not use this method. Just documenting for completeness.

This section is for changing the initial password during onboarding.

Referencing Nexus source

You can change the admin user password with a single curl command.

OLD_PASSWORD="initial nexus password"
NEW_PASSWORD="somepass"

curl -ifu admin:"${OLD_PASSWORD}" \
  -XPUT -H 'Content-Type: text/plain' \
  --data "${NEW_PASSWORD}" \
  <nexus base URL>/service/rest/internal/ui/onboarding/change-admin-password

Dennis Hoer · Accepted Answer · 2019-09-23T21:01:15.343

1

I originally thought changePassword was deprecated, but I was mistaken. Here is an example of updating admin email address and changing the password:

def user = security.securitySystem.getUser('admin')
user.setEmailAddress('admin@mycompany.com')
security.securitySystem.updateUser(user)
security.securitySystem.changePassword('admin','admin456')

edited Sep 23 '19 at 21:01

answered Aug 15 '16 at 17:38

Dennis Hoer

3,039
2
23
34

How and where did you run this script ? – Romaan Jul 25 '20 at 21:25
@Romaan this gets run by groovy script engine in NXRM https://help.sonatype.com/repomanager3/rest-and-integration-api/script-api – Sam Gleske Aug 18 '20 at 00:51
Thanks @SamGleske I have also provided my own answer elaborating DennisHoer answer – Romaan Aug 18 '20 at 05:44

score 0 · Answer 3 · answered Feb 25 '20 at 20:42

Sonatype Nexus has change-admin-password internal api to update the admin password, but its not straight forward to use, it's using the session id that's created with the /service/rapture/session endpoint.

curl -v 'https://<hostname>/service/rapture/session' --data 'username=<base64 username>&password=<base64 password>'

curl -v -X PUT 'https://<hostname>/service/rest/internal/ui/onboarding/change-admin-password' -H 'cookie: <NXSESSIONID form the above response>' --data '<plain text password>'

Reference: https://github.com/sonatype/nexus-public/blob/9b177ab50bd7f8470b08247b146da459170ecc8f/plugins/nexus-onboarding-plugin/src/main/resources/static/rapture/NX/onboarding/step/ChangeAdminPasswordStep.js#L50

score 0 · Answer 4 · answered Jul 25 '20 at 23:52

Install the nexus3 cli:

pip install nexus3-cli

Get the first initial password (Assuming Nexus is running in docker):

docker exec nexus cat /nexus-data/admin.password

Set environment variables:

export NEXUS3_PASSWORD=<PASSWORD FROM PREVIOUS STEP>
export NEXUS3_USERNAME=<USERNAME>
export NEXUS3_URL=<URL>

Allow remote script execution by updating /nexus-data/etc/nexus.properties and appending the below line:

nexus.scripts.allowCreation=true

Restart nexus service to reload the last change:

docker container restart <nexus>

Create a file reset-password.groovy with the following contents (Thanks to @Dennis Hoer) :

def user = security.securitySystem.getUser('admin')
user.setEmailAddress('admin@mycompany.com')
security.securitySystem.updateUser(user)
security.securitySystem.changePassword('admin','admin456')

From command line create the script and run the script to reset the password of admin:

nexus3 script create --script-type groovy passreset reset-password.groovy
nexus3 script run passreset

The password is now reset