fix: remove ProfileId query when we only need User Id

src/commands/force/user/password/generate.ts

@@ -6,7 +6,8 @@
  */
 import * as os from 'os';
 import { flags, FlagsConfig, SfdxCommand } from '@salesforce/command';
-import { Aliases, AuthInfo, Connection, Messages, Org, SfdxError, User, UserFields } from '@salesforce/core';
+import { Aliases, AuthInfo, Connection, Messages, Org, SfdxError, User } from '@salesforce/core';
+import { QueryResult } from 'jsforce';
 
 Messages.importMessagesDirectory(__dirname);
 const messages = Messages.loadMessages('@salesforce/plugin-user', 'password.generate');
@@ -51,14 +52,21 @@ export class UserPasswordGenerateCommand extends SfdxCommand {
         const org = await Org.create({ connection });
         const user: User = await User.create({ org });
         const password = User.generatePasswordUtf8();
-        const fields: UserFields = await user.retrieve(username);
+        // we only need the Id, so instead of User.retrieve we'll just query
+        // this avoids permission issues if ProfileId is restricted for the user querying for it
+        const result: QueryResult<{ Id: string }> = await connection.query(
+          `SELECT Id FROM User WHERE Username='${username}'`
+        );
+
         // userId is used by `assignPassword` so we need to set it here
-        authInfo.getFields().userId = fields.id;
+        authInfo.getFields().userId = result.records[0].Id;
         await user.assignPassword(authInfo, password);
+
         password.value((pass) => {
           this.passwordData.push({ username: aliasOrUsername, password: pass.toString('utf-8') });
           authInfo.update({ password: pass.toString('utf-8') });
         });
+
         await authInfo.save();
       } catch (e) {
         if (e.message.includes('Cannot set password for self')) {

test/commands/user/password/generate.test.ts

@@ -18,6 +18,7 @@ describe('force:user:password:generate', () => {
   let authInfoStub: StubbedType<AuthInfo>;
   let authInfoConfigStub: StubbedType<AuthInfoConfig>;
   const testData = new MockTestOrgData();
+  let queryStub;
 
   async function prepareStubs(throws = false) {
     const authFields = await testData.getConfig();
@@ -31,8 +32,12 @@ describe('force:user:password:generate', () => {
     stubMethod($$.SANDBOX, Org, 'create').callsFake(async () => Org.prototype);
     stubMethod($$.SANDBOX, Org.prototype, 'getUsername').returns('[email protected]');
     stubMethod($$.SANDBOX, User, 'create').callsFake(async () => User.prototype);
-    stubMethod($$.SANDBOX, User.prototype, 'retrieve').resolves({
-      id: '0052D0000043PawWWR',
+    queryStub = stubMethod($$.SANDBOX, Connection.prototype, 'query').resolves({
+      records: [
+        {
+          Id: '0052D0000043PawWWR',
+        },
+      ],
     });
 
     const secureBuffer: SecureBuffer<void> = new SecureBuffer<void>();
@@ -68,6 +73,7 @@ describe('force:user:password:generate', () => {
       const result = JSON.parse(ctx.stdout).result;
       expect(result).to.deep.equal(expected);
       expect(authInfoStub.update.callCount).to.equal(2);
+      expect(queryStub.callCount).to.equal(2);
     });
 
   test
@@ -79,6 +85,7 @@ describe('force:user:password:generate', () => {
       const result = JSON.parse(ctx.stdout).result;
       expect(result).to.deep.equal(expected);
       expect(authInfoStub.update.callCount).to.equal(1);
+      expect(queryStub.callCount).to.equal(1);
     });
 
   test
@@ -92,5 +99,6 @@ describe('force:user:password:generate', () => {
       expect(result.status).to.equal(1);
       expect(result.name).to.equal('noSelfSetError');
       expect(authInfoStub.update.callCount).to.equal(0);
+      expect(queryStub.callCount).to.equal(1);
     });
 });