From eb7631fb9d370b46157304248ec269c5ad91a08f Mon Sep 17 00:00:00 2001
From: Remy Goldschmidt <taktoa@gmail.com>
Date: Sun, 8 Oct 2017 05:55:51 -0500
Subject: [PATCH] hydra-create-user now has `--password-hash` option (#504)

When creating a Hydra user with the `hydra-create-user` command, you can now
provide a SHA1 password hash with the `--password-hash` flag. This is useful for
the upcoming work on Fully Declarative Hydra, since the end user should not have
to specify plaintext passwords in their `configuration.nix` file.
---
 src/script/hydra-create-user | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/script/hydra-create-user b/src/script/hydra-create-user
index bbfa6558..3b564cb3 100755
--- a/src/script/hydra-create-user
+++ b/src/script/hydra-create-user
@@ -15,6 +15,7 @@ Usage: $0 NAME
   [--full-name FULLNAME]
   [--email-address EMAIL-ADDRESS]
   [--password PASSWORD]
+  [--password-hash SHA1-HASH]
   [--wipe-roles]
   [--role ROLE]...
 
@@ -30,7 +31,7 @@ EOF
     exit 0;
 }
 
-my ($renameFrom, $type, $fullName, $emailAddress, $password);
+my ($renameFrom, $type, $fullName, $emailAddress, $password, $passwordHash);
 my $wipeRoles = 0;
 my @roles;
 
@@ -39,6 +40,7 @@ GetOptions("rename-from=s" => \$renameFrom,
            "full-name=s" => \$fullName,
            "email-address=s" => \$emailAddress,
            "password=s" => \$password,
+           "password-hash=s" => \$passwordHash,
            "wipe-roles" => \$wipeRoles,
            "role=s" => \@roles,
            "help" => sub { showHelp() }
@@ -77,10 +79,15 @@ txn_do($db, sub {
             if defined $emailAddress;
         die "$0: Google accounts do not have a password.\n"
             if defined $password;
+        die "$0: Google accounts do not have a password.\n"
+            if defined $passwordHash;
         $user->update({ emailaddress => $userName, password => "!" });
     } else {
         $user->update({ emailaddress => $emailAddress }) if defined $emailAddress;
-        $user->update({ password => sha1_hex($password) }) if defined $password;
+        if (defined $password && !(defined $passwordHash)) {
+            $passwordHash = sha1_hex($password);
+        }
+        $user->update({ password => $passwordHash }) if defined $passwordHash;
     }
 
     $user->userroles->delete if $wipeRoles;