From d1245fac70d18faa81d933028ac361efe06f299e Mon Sep 17 00:00:00 2001
From: Raghav <1858838+quantumrag@users.noreply.github.com>
Date: Fri, 17 Apr 2026 09:06:32 +0530
Subject: [PATCH] Add admin password reset script and docs

Co-Authored-By: Oz <oz-agent@warp.dev>
---
 README.md                       | 15 +++++++++++
 scripts/reset-admin-password.sh | 47 +++++++++++++++++++++++++++++++++
 2 files changed, 62 insertions(+)
 create mode 100755 scripts/reset-admin-password.sh

diff --git a/README.md b/README.md
index da36d1b..7fa7a37 100644
--- a/README.md
+++ b/README.md
@@ -64,6 +64,21 @@ This script will:
 ```bash
 ./scripts/renew-production-tls.sh
 ```
+## Admin password reset
+List existing users:
+```bash
+docker exec --user www-data nextcloud-app php occ user:list
+```
+Reset password using helper script (interactive prompt):
+```bash
+./scripts/reset-admin-password.sh admin
+```
+Reset password non-interactively (for automation):
+```bash
+NEW_NEXTCLOUD_PASSWORD={{NEW_NEXTCLOUD_PASSWORD}} ./scripts/reset-admin-password.sh admin
+```
+You can target a different username by passing it as the first argument.
+
 ## Useful commands
 Start/update containers:
 ```bash
diff --git a/scripts/reset-admin-password.sh b/scripts/reset-admin-password.sh
new file mode 100755
index 0000000..7033d99
--- /dev/null
+++ b/scripts/reset-admin-password.sh
@@ -0,0 +1,47 @@
+#!/usr/bin/env bash
+# scripts/reset-admin-password.sh
+# Reset a Nextcloud user's password in the running nextcloud-app container.
+#
+# Usage:
+#   ./scripts/reset-admin-password.sh [username]
+#   NEW_NEXTCLOUD_PASSWORD='new-password' ./scripts/reset-admin-password.sh [username]
+#
+# Default username: admin
+
+set -euo pipefail
+
+TARGET_USER="${1:-admin}"
+CONTAINER_NAME="${NEXTCLOUD_APP_CONTAINER:-nextcloud-app}"
+
+if [ "${TARGET_USER}" = "-h" ] || [ "${TARGET_USER}" = "--help" ]; then
+  echo "Usage: ./scripts/reset-admin-password.sh [username]"
+  echo ""
+  echo "Examples:"
+  echo "  ./scripts/reset-admin-password.sh admin"
+  echo "  NEW_NEXTCLOUD_PASSWORD='<new-pass>' ./scripts/reset-admin-password.sh admin"
+  exit 0
+fi
+
+if ! command -v docker >/dev/null 2>&1; then
+  echo "ERROR: docker is required but not installed."
+  exit 1
+fi
+
+if ! docker ps --format '{{.Names}}' | grep -qx "${CONTAINER_NAME}"; then
+  echo "ERROR: Container '${CONTAINER_NAME}' is not running."
+  echo "Start the stack first (e.g. docker compose up -d)."
+  exit 1
+fi
+
+if [ -n "${NEW_NEXTCLOUD_PASSWORD:-}" ]; then
+  echo "==> Resetting password for user '${TARGET_USER}' using NEW_NEXTCLOUD_PASSWORD..."
+  OC_PASS="${NEW_NEXTCLOUD_PASSWORD}" docker exec --user www-data -e OC_PASS "${CONTAINER_NAME}" \
+    php occ user:resetpassword --password-from-env "${TARGET_USER}"
+  echo "==> Password reset completed."
+  exit 0
+fi
+
+echo "==> Interactive password reset for user '${TARGET_USER}'..."
+echo "You will be prompted securely for the new password."
+docker exec -it --user www-data "${CONTAINER_NAME}" php occ user:resetpassword "${TARGET_USER}"
+echo "==> Password reset completed."