From d174f763b4093ba160c3226d7a7af7d8e4d125af Mon Sep 17 00:00:00 2001
From: Thomas Dvornik <t.dvornik@salesforce.com>
Date: Thu, 28 Jan 2021 13:30:18 -0800
Subject: [PATCH 1/5] fix: update password:generate help

---
 messages/password.generate.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/messages/password.generate.json b/messages/password.generate.json
index 262cf8c2..d265843a 100644
--- a/messages/password.generate.json
+++ b/messages/password.generate.json
@@ -1,5 +1,5 @@
 {
-  "description": "generate a password for scratch org users",
+  "description": "generate a password for scratch org users\nGenerates and sets a random password for one or more scratch org users. Targets the usernames listed with the --onbehalfof parameter or the --targetusername parameter. Defaults to the defaultusername.\n\nIf you haven’t set a default Dev Hub, or if your scratch org isn’t associated with your default Dev Hub, --targetdevhubusername is required.\n\nTo see a password that was previously generated, run \"sfdx force:user:display\".",
   "examples": [
     "sfdx force:user:password:generate",
     "sfdx force:user:password:generate -u me@my.org --json",

From f04b29e3dcf78bd7c7bdea0045e6ce41851f3795 Mon Sep 17 00:00:00 2001
From: Thomas Dvornik <t.dvornik@salesforce.com>
Date: Thu, 28 Jan 2021 14:12:25 -0800
Subject: [PATCH 2/5] fix: update help for create, display, list

---
 messages/create.json  | 2 +-
 messages/display.json | 2 +-
 messages/list.json    | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/messages/create.json b/messages/create.json
index 1dfaa746..65ce47c9 100644
--- a/messages/create.json
+++ b/messages/create.json
@@ -1,5 +1,5 @@
 {
-  "description": "create a user for a scratch org",
+  "description": "create a user for a scratch org\nCreate a user for a scratch org, optionally setting an alias for use by the CLI, assigning permission sets (e.g., permsets=ps1,ps2), generating a password (e.g., generatepassword=true), and setting User sObject fields.",
   "examples": [
     "sfdx force:user:create",
     "sfdx force:user:create -a testuser1 -f config/project-user-def.json profileName='Chatter Free User'",
diff --git a/messages/display.json b/messages/display.json
index 7de3c13f..f4f77ffc 100644
--- a/messages/display.json
+++ b/messages/display.json
@@ -1,5 +1,5 @@
 {
-  "description": "displays information about a user of a scratch org",
+  "description": "displays information about a user of a scratch org\nOutput includes the profile name, org ID, access token, instance URL, login URL, and alias if applicable.",
   "examples": ["sfdx force:user:display", "sfdx force:user:display -u me@my.org --json"],
   "accessTokenError": "This command doesn't accept an access token for a username.",
   "accessTokenAction": "Specify a username or an alias."
diff --git a/messages/list.json b/messages/list.json
index fbf6c506..517f7c18 100644
--- a/messages/list.json
+++ b/messages/list.json
@@ -1,5 +1,5 @@
 {
-  "description": "list all authenticated users of an org",
+  "description": "list all authenticated users of an org\nThe original scratch org admin is marked with \"(A)\"",
   "examples": [
     "sfdx force:user:list",
     "sfdx force:user:list -u me@my.org --json",

From 6f07bca5ed94f0a5c2ab4bdfca532571e9ddf60d Mon Sep 17 00:00:00 2001
From: SF-CLI-BOT <alm-cli@salesforce.com>
Date: Fri, 29 Jan 2021 15:55:16 +0000
Subject: [PATCH 3/5] chore(release): 1.0.12 [ci skip]

---
 CHANGELOG.md | 17 +++++++++++++++++
 package.json |  2 +-
 2 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 53dc9327..a17b824b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,23 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+### [1.0.12](https://github.com/salesforcecli/plugin-user/compare/v1.0.8...v1.0.12) (2021-01-29)
+
+
+### Bug Fixes
+
+* 1.0.11 ([450b6ee](https://github.com/salesforcecli/plugin-user/commit/450b6ee0837133d5629858cc3e4fe8c242b29add))
+* add safety net around passwordGenerate in var args ([021a3f4](https://github.com/salesforcecli/plugin-user/commit/021a3f47baea85bddfbd6c04b901bb3a232af953))
+* assign permset to new user ([2fde9ba](https://github.com/salesforcecli/plugin-user/commit/2fde9ba5d4f7a6336152d1879daeaccf2003ee89))
+* bump to 1.0.9 to release ([88ce843](https://github.com/salesforcecli/plugin-user/commit/88ce8434ddd5b1f30dcf5de0cc4c7d40b579d9fd))
+* code review 1 ([cb90a86](https://github.com/salesforcecli/plugin-user/commit/cb90a86eeac9c68d9052c9744f48a9642e8f9bdc))
+* error message for display + accessToken ([3464ab3](https://github.com/salesforcecli/plugin-user/commit/3464ab3d697eb30f2f58186aeeaa59fe043ce23c))
+* handled false generate(p|P)assword scenario ([1b9cc3c](https://github.com/salesforcecli/plugin-user/commit/1b9cc3c189cb9ab53ea9f4ec00f90b3dd396941d))
+* save profileName and password to the authfile for the new user ([4b0b78d](https://github.com/salesforcecli/plugin-user/commit/4b0b78d41574fa30a53b4a741fa46ae3273fbfb4))
+* update help for create, display, list ([f04b29e](https://github.com/salesforcecli/plugin-user/commit/f04b29e3dcf78bd7c7bdea0045e6ce41851f3795))
+* update password:generate help ([d174f76](https://github.com/salesforcecli/plugin-user/commit/d174f763b4093ba160c3226d7a7af7d8e4d125af))
+* use generatePassword in code, provide both in output ([8617114](https://github.com/salesforcecli/plugin-user/commit/861711430dc6cf31db10fe3f662f023dba9db410))
+
 ### [1.0.8](https://github.com/salesforcecli/plugin-user/compare/v1.0.7...v1.0.8) (2021-01-21)
 
 ### [1.0.7](https://github.com/salesforcecli/plugin-user/compare/v1.0.6...v1.0.7) (2021-01-14)
diff --git a/package.json b/package.json
index 3282461d..6c3ccb3e 100644
--- a/package.json
+++ b/package.json
@@ -1,7 +1,7 @@
 {
   "name": "@salesforce/plugin-user",
   "description": "Commands to interact with Users and Permission Sets",
-  "version": "1.0.11",
+  "version": "1.0.12",
   "author": "Salesforce",
   "bugs": "https://github.com/forcedotcom/cli/issues",
   "dependencies": {

From a81c46c75c357516fb79fbaaf04152dd10603b12 Mon Sep 17 00:00:00 2001
From: Willie Ruemmele <willieruemmele@gmail.com>
Date: Fri, 29 Jan 2021 14:14:05 -0700
Subject: [PATCH 4/5] fix: remove ProfileId query when we only need User Id

---
 src/commands/force/user/password/generate.ts | 14 +++++++++++---
 test/commands/user/password/generate.test.ts | 12 ++++++++++--
 2 files changed, 21 insertions(+), 5 deletions(-)

diff --git a/src/commands/force/user/password/generate.ts b/src/commands/force/user/password/generate.ts
index d2cb3a5c..f534767a 100644
--- a/src/commands/force/user/password/generate.ts
+++ b/src/commands/force/user/password/generate.ts
@@ -6,7 +6,8 @@
  */
 import * as os from 'os';
 import { flags, FlagsConfig, SfdxCommand } from '@salesforce/command';
-import { Aliases, AuthInfo, Connection, Messages, Org, SfdxError, User, UserFields } from '@salesforce/core';
+import { Aliases, AuthInfo, Connection, Messages, Org, SfdxError, User } from '@salesforce/core';
+import { QueryResult } from 'jsforce';
 
 Messages.importMessagesDirectory(__dirname);
 const messages = Messages.loadMessages('@salesforce/plugin-user', 'password.generate');
@@ -51,14 +52,21 @@ export class UserPasswordGenerateCommand extends SfdxCommand {
         const org = await Org.create({ connection });
         const user: User = await User.create({ org });
         const password = User.generatePasswordUtf8();
-        const fields: UserFields = await user.retrieve(username);
+        // we only need the Id, so instead of User.retrieve we'll just query
+        // this avoids permission issues if ProfileId is restricted for the user querying for it
+        const result: QueryResult<{ Id: string }> = await connection.query(
+          `SELECT Id FROM User WHERE Username='${username}'`
+        );
+
         // userId is used by `assignPassword` so we need to set it here
-        authInfo.getFields().userId = fields.id;
+        authInfo.getFields().userId = result.records[0].Id;
         await user.assignPassword(authInfo, password);
+
         password.value((pass) => {
           this.passwordData.push({ username: aliasOrUsername, password: pass.toString('utf-8') });
           authInfo.update({ password: pass.toString('utf-8') });
         });
+
         await authInfo.save();
       } catch (e) {
         if (e.message.includes('Cannot set password for self')) {
diff --git a/test/commands/user/password/generate.test.ts b/test/commands/user/password/generate.test.ts
index 99e3ae4e..77277ad5 100644
--- a/test/commands/user/password/generate.test.ts
+++ b/test/commands/user/password/generate.test.ts
@@ -18,6 +18,7 @@ describe('force:user:password:generate', () => {
   let authInfoStub: StubbedType<AuthInfo>;
   let authInfoConfigStub: StubbedType<AuthInfoConfig>;
   const testData = new MockTestOrgData();
+  let queryStub;
 
   async function prepareStubs(throws = false) {
     const authFields = await testData.getConfig();
@@ -31,8 +32,12 @@ describe('force:user:password:generate', () => {
     stubMethod($$.SANDBOX, Org, 'create').callsFake(async () => Org.prototype);
     stubMethod($$.SANDBOX, Org.prototype, 'getUsername').returns('defaultusername@test.com');
     stubMethod($$.SANDBOX, User, 'create').callsFake(async () => User.prototype);
-    stubMethod($$.SANDBOX, User.prototype, 'retrieve').resolves({
-      id: '0052D0000043PawWWR',
+    queryStub = stubMethod($$.SANDBOX, Connection.prototype, 'query').resolves({
+      records: [
+        {
+          Id: '0052D0000043PawWWR',
+        },
+      ],
     });
 
     const secureBuffer: SecureBuffer<void> = new SecureBuffer<void>();
@@ -68,6 +73,7 @@ describe('force:user:password:generate', () => {
       const result = JSON.parse(ctx.stdout).result;
       expect(result).to.deep.equal(expected);
       expect(authInfoStub.update.callCount).to.equal(2);
+      expect(queryStub.callCount).to.equal(2);
     });
 
   test
@@ -79,6 +85,7 @@ describe('force:user:password:generate', () => {
       const result = JSON.parse(ctx.stdout).result;
       expect(result).to.deep.equal(expected);
       expect(authInfoStub.update.callCount).to.equal(1);
+      expect(queryStub.callCount).to.equal(1);
     });
 
   test
@@ -92,5 +99,6 @@ describe('force:user:password:generate', () => {
       expect(result.status).to.equal(1);
       expect(result.name).to.equal('noSelfSetError');
       expect(authInfoStub.update.callCount).to.equal(0);
+      expect(queryStub.callCount).to.equal(1);
     });
 });

From 85af8dc8c7d24d1a55fcf5d939c7f171d3d2680b Mon Sep 17 00:00:00 2001
From: Willie Ruemmele <willieruemmele@gmail.com>
Date: Fri, 29 Jan 2021 14:29:08 -0700
Subject: [PATCH 5/5] fix: use singleRecordQuery

---
 src/commands/force/user/password/generate.ts | 5 ++---
 test/commands/user/password/generate.test.ts | 8 ++------
 2 files changed, 4 insertions(+), 9 deletions(-)

diff --git a/src/commands/force/user/password/generate.ts b/src/commands/force/user/password/generate.ts
index f534767a..a4f87938 100644
--- a/src/commands/force/user/password/generate.ts
+++ b/src/commands/force/user/password/generate.ts
@@ -7,7 +7,6 @@
 import * as os from 'os';
 import { flags, FlagsConfig, SfdxCommand } from '@salesforce/command';
 import { Aliases, AuthInfo, Connection, Messages, Org, SfdxError, User } from '@salesforce/core';
-import { QueryResult } from 'jsforce';
 
 Messages.importMessagesDirectory(__dirname);
 const messages = Messages.loadMessages('@salesforce/plugin-user', 'password.generate');
@@ -54,12 +53,12 @@ export class UserPasswordGenerateCommand extends SfdxCommand {
         const password = User.generatePasswordUtf8();
         // we only need the Id, so instead of User.retrieve we'll just query
         // this avoids permission issues if ProfileId is restricted for the user querying for it
-        const result: QueryResult<{ Id: string }> = await connection.query(
+        const result: { Id: string } = await connection.singleRecordQuery(
           `SELECT Id FROM User WHERE Username='${username}'`
         );
 
         // userId is used by `assignPassword` so we need to set it here
-        authInfo.getFields().userId = result.records[0].Id;
+        authInfo.getFields().userId = result.Id;
         await user.assignPassword(authInfo, password);
 
         password.value((pass) => {
diff --git a/test/commands/user/password/generate.test.ts b/test/commands/user/password/generate.test.ts
index 77277ad5..1cf946ee 100644
--- a/test/commands/user/password/generate.test.ts
+++ b/test/commands/user/password/generate.test.ts
@@ -32,12 +32,8 @@ describe('force:user:password:generate', () => {
     stubMethod($$.SANDBOX, Org, 'create').callsFake(async () => Org.prototype);
     stubMethod($$.SANDBOX, Org.prototype, 'getUsername').returns('defaultusername@test.com');
     stubMethod($$.SANDBOX, User, 'create').callsFake(async () => User.prototype);
-    queryStub = stubMethod($$.SANDBOX, Connection.prototype, 'query').resolves({
-      records: [
-        {
-          Id: '0052D0000043PawWWR',
-        },
-      ],
+    queryStub = stubMethod($$.SANDBOX, Connection.prototype, 'singleRecordQuery').resolves({
+      Id: '0052D0000043PawWWR',
     });
 
     const secureBuffer: SecureBuffer<void> = new SecureBuffer<void>();