hydra-create-user now has --password-hash option (#504)

When creating a Hydra user with the `hydra-create-user` command, you can now
provide a SHA1 password hash with the `--password-hash` flag. This is useful for
the upcoming work on Fully Declarative Hydra, since the end user should not have
to specify plaintext passwords in their `configuration.nix` file.
This commit is contained in:
Remy Goldschmidt 2017-10-08 05:55:51 -05:00 committed by Domen Kožar
parent 4b1af1fc1b
commit eb7631fb9d

View file

@ -15,6 +15,7 @@ Usage: $0 NAME
[--full-name FULLNAME] [--full-name FULLNAME]
[--email-address EMAIL-ADDRESS] [--email-address EMAIL-ADDRESS]
[--password PASSWORD] [--password PASSWORD]
[--password-hash SHA1-HASH]
[--wipe-roles] [--wipe-roles]
[--role ROLE]... [--role ROLE]...
@ -30,7 +31,7 @@ EOF
exit 0; exit 0;
} }
my ($renameFrom, $type, $fullName, $emailAddress, $password); my ($renameFrom, $type, $fullName, $emailAddress, $password, $passwordHash);
my $wipeRoles = 0; my $wipeRoles = 0;
my @roles; my @roles;
@ -39,6 +40,7 @@ GetOptions("rename-from=s" => \$renameFrom,
"full-name=s" => \$fullName, "full-name=s" => \$fullName,
"email-address=s" => \$emailAddress, "email-address=s" => \$emailAddress,
"password=s" => \$password, "password=s" => \$password,
"password-hash=s" => \$passwordHash,
"wipe-roles" => \$wipeRoles, "wipe-roles" => \$wipeRoles,
"role=s" => \@roles, "role=s" => \@roles,
"help" => sub { showHelp() } "help" => sub { showHelp() }
@ -77,10 +79,15 @@ txn_do($db, sub {
if defined $emailAddress; if defined $emailAddress;
die "$0: Google accounts do not have a password.\n" die "$0: Google accounts do not have a password.\n"
if defined $password; if defined $password;
die "$0: Google accounts do not have a password.\n"
if defined $passwordHash;
$user->update({ emailaddress => $userName, password => "!" }); $user->update({ emailaddress => $userName, password => "!" });
} else { } else {
$user->update({ emailaddress => $emailAddress }) if defined $emailAddress; $user->update({ emailaddress => $emailAddress }) if defined $emailAddress;
$user->update({ password => sha1_hex($password) }) if defined $password; if (defined $password && !(defined $passwordHash)) {
$passwordHash = sha1_hex($password);
}
$user->update({ password => $passwordHash }) if defined $passwordHash;
} }
$user->userroles->delete if $wipeRoles; $user->userroles->delete if $wipeRoles;