Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Add CLI console commands to change an employee password & create a super admin#41526

Open
jf-viguier wants to merge 2 commits into
PrestaShop:developfrom
jf-viguier:feature/cli-employee-change-password
Open

Add CLI console commands to change an employee password & create a super admin#41526
jf-viguier wants to merge 2 commits into
PrestaShop:developfrom
jf-viguier:feature/cli-employee-change-password

Conversation

@jf-viguier
Copy link
Copy Markdown
Contributor

@jf-viguier jf-viguier commented May 21, 2026
edited
Loading

Questions Answers
Branch? develop
Description? Adds two new prestashop:employee:* console commands. create provisions a new back-office SuperAdmin employee (interactive prompts for email, first/last name and password; everything else is hardcoded). The CLI is intentionally narrow: it covers first-admin provisioning and recovery, not generic employee management (use the BO Team page for that). change-password resets an existing employee's password (interactive hidden prompts)
Type? improvement
Category? BO
BC breaks? no
Deprecations? no
How to test? See "Test plan" below.
UI Tests N/A — CLI-only feature, no UI surface, no Playwright coverage applicable.
Fixed issue or discussion? Fixes #XXXXX (discussion issue link)
Related PRs None.
Sponsor company Creabilis.com

Summary

  • New file: src/PrestaShopBundle/Command/EmployeeCreateCommand.php — dispatches AddEmployeeCommand via the CommandBus. The new account is always a SuperAdmin (full back-office access); the CLI prints an explicit warning. No flags for profile / language / shops / active / gravatar — those are hardcoded to sensible defaults.
  • New file: src/PrestaShopBundle/Command/EmployeeChangePasswordCommand.php — calls EmployeePasswordResetter::resetPassword().
  • New unit tests: tests/Unit/PrestaShopBundle/Command/EmployeeCreateCommandTest.php (5 scenarios) and tests/Unit/PrestaShopBundle/Command/EmployeeChangePasswordCommandTest.php (7 scenarios). All dependencies are mocked.
  • New adapter: src/Adapter/Employee/EmployeeContextInitializer.php — loads the first active SuperAdmin into the legacy context before dispatch, so the CQRS ProfileAccessChecker allows the CLI to create another SuperAdmin (the BO assumes a logged-in employee; the CLI has none).
  • Service wiring: declarations added to src/PrestaShopBundle/Resources/config/services/bundle/command.yml (the two commands) and src/PrestaShopBundle/Resources/config/services/adapter/employee.yml (the initializer).
  • Both commands are auto-registered via the #[AsCommand] attribute, like prestashop:api-client, prestashop:config, etc.

Usage

# Create SuperAdmin — fully interactive
php bin/console prestashop:employee:create

# Create SuperAdmin — non-interactive (CI / provisioning)
php bin/console prestashop:employee:create [email protected] \
    --first-name=John --last-name=Doe --password='Str0ng!Pass'

# Change password — fully interactive
php bin/console prestashop:employee:change-password

# Change password — non-interactive
php bin/console prestashop:employee:change-password [email protected] --password='S0meStr0ngP@ss!'

Test plan

  • php bin/console list prestashop lists prestashop:employee:create and prestashop:employee:change-password.
  • prestashop:employee:create interactive mode prompts for email, first name, last name and password (twice), creates the employee, and prints a success message stating the new account is a SuperAdmin plus an explicit "SuperAdmin privileges" warning.
  • prestashop:employee:create non-interactive mode (all values as options) succeeds and the resulting employee is SuperAdmin, active, on the default language, associated to every shop.
  • Creating an employee with an already-used email returns a clear error and a non-zero exit code.
  • Creating an employee with a password that violates the configured policy returns a clear error and a non-zero exit code.
  • Newly created SuperAdmin can log in to the BO with the provided password and has access to every section.
  • prestashop:employee:change-password interactive mode prompts for email then password twice; success path updates the password and exits 0.
  • Login to the BO with the new password works.
  • prestashop:employee:change-password non-interactive mode (--password=...) succeeds.
  • Unknown email on change-password returns a clear error and a non-zero exit code.
  • Mismatched password prompts (on either command) return a clear error and a non-zero exit code.
  • Employee receives the "Your new password" email on change-password (same template as the BO forgot-password flow).
  • php vendor/bin/phpunit -c tests/Unit/phpunit.xml --filter 'EmployeeCreateCommandTest|EmployeeChangePasswordCommandTest' is green (12 tests, 46 assertions).

@jf-viguier jf-viguier requested a review from a team as a code owner May 21, 2026 15:03
@github-project-automation github-project-automation Bot moved this to Ready for review in PR Dashboard May 21, 2026
@ps-jarvis ps-jarvis added Improvement Type: Improvement develop Branch labels May 21, 2026
@github-actions github-actions Bot added this to the 9.2.0 milestone May 21, 2026
Quetzacoalt91
Quetzacoalt91 reviewed May 21, 2026
View reviewed changes
Comment thread src/PrestaShopBundle/Command/EmployeeChangePasswordCommand.php Outdated
Quetzacoalt91
Quetzacoalt91 reviewed May 21, 2026
View reviewed changes
Comment thread src/PrestaShopBundle/Command/EmployeeCreateCommand.php Outdated
@jf-viguier
Add prestashop:employee:create and prestashop:employee:change-passwor…
28db5a3 
…d CLI commands

Two new Symfony console commands for back-office employee management
from the CLI:

* prestashop:employee:create — provisions a new SuperAdmin employee.
  The command is intentionally narrow (first-admin provisioning and
  emergency recovery, not BO replacement): it asks only for email,
  first/last name and password, and hardcodes the rest (SuperAdmin
  profile, default shop language, every shop, active, no Gravatar).
  Dispatches the existing AddEmployeeCommand through the CommandBus,
  so domain validation and the standard CQRS flow are reused unchanged.

* prestashop:employee:change-password — resets an existing employee's
  password. Calls EmployeePasswordResetter::resetPassword() directly,
  the same code path used by the BO "forgot password" flow (hashing,
  persistence and "Your new password" notification email).

Missing values are prompted interactively; the password prompt is
hidden and confirmed twice.

A small EmployeeContextInitializer adapter loads the first active
SuperAdmin into the legacy context before dispatching the create
command, so the ProfileAccessChecker allows it to create another
SuperAdmin (the BO flow assumes a logged-in employee; the CLI has
none). The adapter lives in src/Adapter/Employee/ where touching the
legacy Context and Employee classes is allowed.

Both commands are declared in command.yml with the explicit
console.command tag, in line with the rest of the file.

Covered by unit tests with mocked dependencies (12 tests, 46
assertions).
@jf-viguier jf-viguier force-pushed the feature/cli-employee-change-password branch from 3f2f3eb to 28db5a3 Compare May 21, 2026 16:13
@jf-viguier jf-viguier requested a review from Quetzacoalt91 May 21, 2026 16:15
@jf-viguier jf-viguier requested a review from jolelievre May 22, 2026 08:29
@ps-jarvis ps-jarvis moved this from Ready for review to Need 2nd approval in PR Dashboard May 22, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Quetzacoalt91 Quetzacoalt91 Quetzacoalt91 approved these changes

@jolelievre jolelievre Awaiting requested review from jolelievre

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

develop Branch Improvement Type: Improvement

Projects

PR Dashboard
Status: Need 2nd approval

Milestone

9.2.0

Development

Successfully merging this pull request may close these issues.

3 participants

@jf-viguier @Quetzacoalt91 @ps-jarvis