From 0eeced7f08f4dca2413308e82640f7bf853f5ed3 Mon Sep 17 00:00:00 2001 From: Graham Christensen Date: Fri, 21 Jan 2022 12:56:15 -0500 Subject: [PATCH] hydra-create-user: Warn that creating users with a plaintext password is deprecated --- src/script/hydra-create-user | 2 ++ t/scripts/hydra-create-user.t | 1 + 2 files changed, 3 insertions(+) diff --git a/src/script/hydra-create-user b/src/script/hydra-create-user index b9e376c8..cf9e8316 100755 --- a/src/script/hydra-create-user +++ b/src/script/hydra-create-user @@ -138,6 +138,8 @@ $db->txn_do(sub { $user->update({ emailaddress => $emailAddress }) if defined $emailAddress; if (defined $password) { + # !!! TODO: Remove support for plaintext passwords in 2023. + print STDERR "Submitting plaintext passwords as arguments is deprecated and will be removed. See --help for alternatives.\n"; $user->setPassword($password); } diff --git a/t/scripts/hydra-create-user.t b/t/scripts/hydra-create-user.t index a182cf11..66d019ef 100644 --- a/t/scripts/hydra-create-user.t +++ b/t/scripts/hydra-create-user.t @@ -10,6 +10,7 @@ subtest "Handling password and password hash creation" => sub { subtest "Creating a user with a plain text password (insecure) stores the password securely" => sub { my ($res, $stdout, $stderr) = captureStdoutStderr(5, ("hydra-create-user", "plain-text-user", "--password", "foobar")); is($res, 0, "hydra-create-user should exit zero"); + like($stderr, qr/Submitting plaintext passwords as arguments is deprecated and will be removed/, "Submitting a plain text password is deprecated."); my $user = $db->resultset('Users')->find({ username => "plain-text-user" }); isnt($user, undef, "The user exists");