Take my this script guacamole_resetTOTP.sh:
Try also the hidden Option "-s" 😊
#!/bin/bash
# wla, 06.06.2020: created
if [[ "$#" = "0" || "$#" -gt 2 || "$1" = "-h" ]] ; then
echo "$0 [GUAC_USER]"
exit 0
fi
SQL=/usr/bin/mysql
DB=guacamole
USER="$1"
# check if user exists
echo -e "Check user \"${USER}\" ... \c"
ENTITY_ID=$(${SQL} ${DB} -Bse "select entity_id from guacamole_entity where
name='${USER}';")
test -n "${ENTITY_ID}" && USER_ID=$(${SQL} ${DB} -Bse "select user_id from
guacamole_user where entity_id='${ENTITY_ID}';")
if [[ -z "${ENTITY_ID}" || -z "${USER_ID}" ]] ; then
echo -e "Not exist ... exit\n"
exit
else
echo -e "Found\n user ${USER}, entity_id=${ENTITY_ID}, user_id=${USER_ID}\n"
fi
# before reset
IS_TOTP=$(${SQL} ${DB} -Bse "select attribute_value from
guacamole_user_attribute where attribute_name='guac-totp-key-confirmed' and
user_id='${USER_ID}';")
if [ -z "${IS_TOTP}" ] ; then
echo "No TOTP initialization found for user \"${USER}\" ... nothing to do ...
exit"
exit
else
if [ "$2" = "-s" ] ; then
# dump the secret to stdout
${SQL} ${DB} -Bse "select attribute_value from guacamole_user_attribute
where attribute_name='guac-totp-key-secret' and user_id='${USER_ID}';"
exit
fi
echo -e "TOTP configured before reset: ${IS_TOTP}"
fi
# ask
read -p "Reset TOTP for user ${USER}? [ (y)es/(n)o ]: " KEY
if [ "${KEY}" != "y" -a "${KEY}" != "Y" ] ; then
echo -e "Cancel ...\n"
exit 0
fi
# new secret will be generated
${SQL} ${DB} -Bse "delete from guacamole_user_attribute where
user_id='${USER_ID}';"
# after reset
IS_TOTP=$(${SQL} ${DB} -Bse "select attribute_value from
guacamole_user_attribute where attribute_name='guac-totp-key-confirmed' and
user_id='${USER_ID}';")
if [ -n "${IS_TOTP}" ] ; then
echo "!!! Error, please check ... !!!"
exit 1
else
echo "TOTP reset for user \"${USER}\" was successful!"
fi
echo ""
