From 00febaaaa8a5a8b4f9a8bfc7246b9366ca781058 Mon Sep 17 00:00:00 2001 From: Vitor Mattos <1079143+vitormattos@users.noreply.github.com> Date: Thu, 14 May 2026 12:46:21 -0300 Subject: [PATCH 1/2] feat(wordpress): auto-reset local users password on startup Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com> --- .docker/wordpress/entrypoint.sh | 50 +++++++++++++++++++++++++++++++++ README.md | 14 ++++++++- common-services.yml | 3 ++ 3 files changed, 66 insertions(+), 1 deletion(-) diff --git a/.docker/wordpress/entrypoint.sh b/.docker/wordpress/entrypoint.sh index bab22fc..42727b1 100644 --- a/.docker/wordpress/entrypoint.sh +++ b/.docker/wordpress/entrypoint.sh @@ -37,6 +37,17 @@ trim_value() { echo "$1" | sed -E 's/^[[:space:]]+//; s/[[:space:]]+$//' } +is_truthy() { + case "$(echo "${1:-}" | tr '[:upper:]' '[:lower:]')" in + 1|true|yes|on) + return 0 + ;; + *) + return 1 + ;; + esac +} + plugins_config_exists() { [ -n "$(trim_value "${WORDPRESS_SETUP_CONFIG_YAML:-}")" ] } @@ -127,6 +138,44 @@ sync_site_urls() { replace_url_occurrences "${prod_host}" "${local_host}" } +reset_local_user_passwords() { + local reset_all_users="${WORDPRESS_LOCAL_RESET_ALL_USERS_PASSWORDS:-0}" + local target_user="$(trim_value "${WORDPRESS_LOCAL_RESET_PASSWORD_FOR_USER:-}")" + local shared_password="${WORDPRESS_LOCAL_USERS_PASSWORD:-}" + local user_id + + if [ -z "$shared_password" ]; then + echo "WORDPRESS_LOCAL_USERS_PASSWORD not set; skipping local user password reset." + return + fi + + if is_truthy "$reset_all_users"; then + echo "Resetting password for all local WordPress users..." + while IFS= read -r user_id; do + user_id="$(trim_value "$user_id")" + if [ -z "$user_id" ]; then + continue + fi + runuser -u www-data -- wp user update "$user_id" --user_pass="$shared_password" >/dev/null + done < <(runuser -u www-data -- wp user list --field=ID) + echo " ✓ Password reset completed for all users" + return + fi + + if [ -n "$target_user" ]; then + echo "Resetting password for local WordPress user '$target_user'..." + if runuser -u www-data -- wp user get "$target_user" --field=ID >/dev/null 2>&1; then + runuser -u www-data -- wp user update "$target_user" --user_pass="$shared_password" >/dev/null + echo " ✓ Password reset completed for user '$target_user'" + else + echo " ⚠ User '$target_user' not found; skipping password reset" + fi + return + fi + + echo "No local password reset target configured; set WORDPRESS_LOCAL_RESET_ALL_USERS_PASSWORDS=1 or WORDPRESS_LOCAL_RESET_PASSWORD_FOR_USER." +} + install_plugin() { local plugin_slug="$1" @@ -312,6 +361,7 @@ echo "Installing plugins and themes..." if wordpress_is_installed; then sync_site_urls + reset_local_user_passwords if plugins_config_exists; then install_org_plugins_from_config diff --git a/README.md b/README.md index 6a2c80f..8eaea23 100644 --- a/README.md +++ b/README.md @@ -38,6 +38,13 @@ services: # Local URL that replaces PROD_SITE_URL during startup synchronization. # Keep as localhost for local development, or change if you use another host. LOCAL_SITE_URL: ${LOCAL_SITE_URL:-http://localhost} + # Local-only password override for imported users (do not use in production). + # Set one shared password and choose one strategy: + # - reset all local users, or + # - reset only one specific user login/email/ID. + WORDPRESS_LOCAL_USERS_PASSWORD: ${WORDPRESS_LOCAL_USERS_PASSWORD:-localdev123} + WORDPRESS_LOCAL_RESET_ALL_USERS_PASSWORDS: ${WORDPRESS_LOCAL_RESET_ALL_USERS_PASSWORDS:-1} + WORDPRESS_LOCAL_RESET_PASSWORD_FOR_USER: ${WORDPRESS_LOCAL_RESET_PASSWORD_FOR_USER:-} # Inline YAML config for automatic plugin/theme installation. # Use wordpress_org_plugins, wordpress_archive_plugins, wordpress_custom_plugins, and wordpress_custom_themes. WORDPRESS_SETUP_CONFIG_YAML: | @@ -89,9 +96,14 @@ After that, start the stack with the standard Compose command: ```bash docker compose up -d --build -docker compose exec --user www-data wordpress wp user reset-password --show-password --skip-email ``` +On each startup (when WordPress is already installed), the entrypoint can automatically reset local user passwords: +- `WORDPRESS_LOCAL_RESET_ALL_USERS_PASSWORDS=1`: reset all users to `WORDPRESS_LOCAL_USERS_PASSWORD`. +- `WORDPRESS_LOCAL_RESET_PASSWORD_FOR_USER=`: reset only one user. + +Use only one strategy at a time. For local environments importing production data, resetting all users is usually the simplest approach. + ### Database dump If you need to bootstrap the environment with existing data, place your SQL dump in the folder below: diff --git a/common-services.yml b/common-services.yml index f732587..1823a6a 100644 --- a/common-services.yml +++ b/common-services.yml @@ -16,6 +16,9 @@ services: - WORDPRESS_DB_PASSWORD=${WORDPRESS_DB_PASSWORD:-root} - WORDPRESS_TABLE_PREFIX=${WORDPRESS_TABLE_PREFIX:-wp_} - WORDPRESS_SETUP_CONFIG_YAML=${WORDPRESS_SETUP_CONFIG_YAML:-} + - WORDPRESS_LOCAL_USERS_PASSWORD=${WORDPRESS_LOCAL_USERS_PASSWORD:-} + - WORDPRESS_LOCAL_RESET_ALL_USERS_PASSWORDS=${WORDPRESS_LOCAL_RESET_ALL_USERS_PASSWORDS:-0} + - WORDPRESS_LOCAL_RESET_PASSWORD_FOR_USER=${WORDPRESS_LOCAL_RESET_PASSWORD_FOR_USER:-} - XDEBUG_CONFIG=${XDEBUG_CONFIG:-client_host=host.docker.internal start_with_request=yes} - XDEBUG_MODE=${XDEBUG_MODE:-off} - HOST_UID=${HOST_UID:-1000} From 5720542e99fbc8e775aee2b8c316e837ba9efbda Mon Sep 17 00:00:00 2001 From: Vitor Mattos <1079143+vitormattos@users.noreply.github.com> Date: Thu, 14 May 2026 12:54:20 -0300 Subject: [PATCH 2/2] fix: shellcheck issue .docker/wordpress/entrypoint.sh:143:8: warning: Declare and assign separately to avoid masking return values. [SC2155] Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com> --- .docker/wordpress/entrypoint.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.docker/wordpress/entrypoint.sh b/.docker/wordpress/entrypoint.sh index 42727b1..b596548 100644 --- a/.docker/wordpress/entrypoint.sh +++ b/.docker/wordpress/entrypoint.sh @@ -140,10 +140,12 @@ sync_site_urls() { reset_local_user_passwords() { local reset_all_users="${WORDPRESS_LOCAL_RESET_ALL_USERS_PASSWORDS:-0}" - local target_user="$(trim_value "${WORDPRESS_LOCAL_RESET_PASSWORD_FOR_USER:-}")" + local target_user local shared_password="${WORDPRESS_LOCAL_USERS_PASSWORD:-}" local user_id + target_user="$(trim_value "${WORDPRESS_LOCAL_RESET_PASSWORD_FOR_USER:-}")" + if [ -z "$shared_password" ]; then echo "WORDPRESS_LOCAL_USERS_PASSWORD not set; skipping local user password reset." return