forked from lix-project/hydra
hydra-create-user now has --password-hash
option (#504)
When creating a Hydra user with the `hydra-create-user` command, you can now provide a SHA1 password hash with the `--password-hash` flag. This is useful for the upcoming work on Fully Declarative Hydra, since the end user should not have to specify plaintext passwords in their `configuration.nix` file.
This commit is contained in:
parent
4b1af1fc1b
commit
eb7631fb9d
1 changed files with 9 additions and 2 deletions
|
@ -15,6 +15,7 @@ Usage: $0 NAME
|
||||||
[--full-name FULLNAME]
|
[--full-name FULLNAME]
|
||||||
[--email-address EMAIL-ADDRESS]
|
[--email-address EMAIL-ADDRESS]
|
||||||
[--password PASSWORD]
|
[--password PASSWORD]
|
||||||
|
[--password-hash SHA1-HASH]
|
||||||
[--wipe-roles]
|
[--wipe-roles]
|
||||||
[--role ROLE]...
|
[--role ROLE]...
|
||||||
|
|
||||||
|
@ -30,7 +31,7 @@ EOF
|
||||||
exit 0;
|
exit 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
my ($renameFrom, $type, $fullName, $emailAddress, $password);
|
my ($renameFrom, $type, $fullName, $emailAddress, $password, $passwordHash);
|
||||||
my $wipeRoles = 0;
|
my $wipeRoles = 0;
|
||||||
my @roles;
|
my @roles;
|
||||||
|
|
||||||
|
@ -39,6 +40,7 @@ GetOptions("rename-from=s" => \$renameFrom,
|
||||||
"full-name=s" => \$fullName,
|
"full-name=s" => \$fullName,
|
||||||
"email-address=s" => \$emailAddress,
|
"email-address=s" => \$emailAddress,
|
||||||
"password=s" => \$password,
|
"password=s" => \$password,
|
||||||
|
"password-hash=s" => \$passwordHash,
|
||||||
"wipe-roles" => \$wipeRoles,
|
"wipe-roles" => \$wipeRoles,
|
||||||
"role=s" => \@roles,
|
"role=s" => \@roles,
|
||||||
"help" => sub { showHelp() }
|
"help" => sub { showHelp() }
|
||||||
|
@ -77,10 +79,15 @@ txn_do($db, sub {
|
||||||
if defined $emailAddress;
|
if defined $emailAddress;
|
||||||
die "$0: Google accounts do not have a password.\n"
|
die "$0: Google accounts do not have a password.\n"
|
||||||
if defined $password;
|
if defined $password;
|
||||||
|
die "$0: Google accounts do not have a password.\n"
|
||||||
|
if defined $passwordHash;
|
||||||
$user->update({ emailaddress => $userName, password => "!" });
|
$user->update({ emailaddress => $userName, password => "!" });
|
||||||
} else {
|
} else {
|
||||||
$user->update({ emailaddress => $emailAddress }) if defined $emailAddress;
|
$user->update({ emailaddress => $emailAddress }) if defined $emailAddress;
|
||||||
$user->update({ password => sha1_hex($password) }) if defined $password;
|
if (defined $password && !(defined $passwordHash)) {
|
||||||
|
$passwordHash = sha1_hex($password);
|
||||||
|
}
|
||||||
|
$user->update({ password => $passwordHash }) if defined $passwordHash;
|
||||||
}
|
}
|
||||||
|
|
||||||
$user->userroles->delete if $wipeRoles;
|
$user->userroles->delete if $wipeRoles;
|
||||||
|
|
Loading…
Reference in a new issue