Offer password generation and query

This commit is contained in:
Andreas Schneider 2020-10-17 20:19:42 +02:00
parent ec171ea5ec
commit f39d8c3e48
3 changed files with 85 additions and 32 deletions

66
cmd_tools.go Normal file
View File

@ -0,0 +1,66 @@
package main
import (
"bytes"
"fmt"
"math/rand"
pwgen "github.com/sethvargo/go-password/password"
"golang.org/x/crypto/bcrypt"
"golang.org/x/crypto/ssh/terminal"
)
type PasswordParam struct {
Password string `name:"password" help:"The password to be set. Empty to prompt."`
GeneratePassword bool `name:"generate-password" help:"If set, the password is auto generated."`
GeneratePasswordLength int `name:"password-length" help:"If generate-password is set, this specified the length of the generated password." default:"32"`
}
func (p *PasswordParam) acquirePassword() (string, error) {
if p.GeneratePassword {
// math.rand is not secure. For determining the number of digits in a password
// it should suffice, though. Beware that we expect here that we at least initialized
// the seed somewhere.
pw, err := pwgen.Generate(p.GeneratePasswordLength, rand.Intn(p.GeneratePasswordLength/2), 0, false, true)
if err != nil {
return "", fmt.Errorf("cannot generate password: %w", err)
}
p.Password = pw
fmt.Printf("Password generated: %s\n", p.Password)
}
if p.Password == "" {
fmt.Printf("Enter password: ")
bytePassword, err := terminal.ReadPassword(0)
if err != nil {
fmt.Println()
return "", fmt.Errorf("error reading password: %w", err)
}
fmt.Printf("\nRepeat password: ")
bytePasswordRepeat, err := terminal.ReadPassword(0)
if err != nil {
fmt.Println()
return "", fmt.Errorf("error reading password: %w", err)
}
fmt.Println()
if !bytes.Equal(bytePassword, bytePasswordRepeat) {
return "", fmt.Errorf("passwords do not match")
}
p.Password = string(bytePassword)
}
if p.Password == "" {
return "", fmt.Errorf("empty password supplied")
}
hash, err := bcrypt.GenerateFromPassword([]byte(p.Password), 0)
if err != nil {
return "", fmt.Errorf("cannot hash password: %w", err)
}
return string(hash), nil
}

View File

@ -54,7 +54,7 @@ func (cmd CmdUserList) Run(app *app) error {
type CmdUserAdd struct { type CmdUserAdd struct {
Username string `arg:"" name:"username" help:"The username to be added."` Username string `arg:"" name:"username" help:"The username to be added."`
Password string `name:"password" help:"The password of the new user."` PasswordParam
Role GlobalRole `name:"role" default:"user" help:"Role of the user. 'admin' or ' user'"` Role GlobalRole `name:"role" default:"user" help:"Role of the user. 'admin' or ' user'"`
} }
@ -66,14 +66,14 @@ func (cmd CmdUserAdd) Run(app *app) error {
return fmt.Errorf("invalid user role") return fmt.Errorf("invalid user role")
} }
hash, err := bcrypt.GenerateFromPassword([]byte(cmd.Password), 0) password, err := cmd.acquirePassword()
if err != nil { if err != nil {
return fmt.Errorf("cannot hash password: %w", err) return fmt.Errorf("cannot acquire password for user: %w", err)
} }
user := User{ user := User{
Username: cmd.Username, Username: cmd.Username,
Password: string(hash), Password: password,
Role: cmd.Role, Role: cmd.Role,
} }
return app.userStore.AddUser(user) return app.userStore.AddUser(user)

39
main.go
View File

@ -26,6 +26,11 @@
package main package main
import ( import (
crand "crypto/rand"
"math"
"math/big"
"math/rand"
"github.com/alecthomas/kong" "github.com/alecthomas/kong"
) )
@ -38,6 +43,14 @@ type app struct {
} }
func main() { func main() {
// When we need simple randomization (not cryptographically secure one), we should at least start
// with some non-default-seed.
seed, err := crand.Int(crand.Reader, big.NewInt(math.MaxInt64))
if err != nil {
panic("cannot initialize rand: " + err.Error())
}
rand.Seed(seed.Int64())
var app app var app app
ctx := kong.Parse(&app) ctx := kong.Parse(&app)
@ -50,32 +63,6 @@ func main() {
ctx.FatalIfErrorf(ctx.Run(&app)) ctx.FatalIfErrorf(ctx.Run(&app))
//if *genPassword {
// // math.rand is not secure. For determining the number of digits in a password
// // it should suffice, though.
// rand.Seed(time.Now().UnixNano())
// pwLen := 32
// pw, err := pwgen.Generate(pwLen, rand.Intn(pwLen/2), 0, false, true)
// if err != nil {
// panic(err)
// }
// hash, err := bcrypt.GenerateFromPassword([]byte(pw), 0)
// if err != nil {
// panic(err)
// }
//
// fmt.Printf("Password: %s\n", pw)
// fmt.Printf(" Hash: %s\n", hash)
// return
//} else if *hashPassword != "" {
// hash, err := bcrypt.GenerateFromPassword([]byte(*hashPassword), 0)
// if err != nil {
// panic(err)
// }
// fmt.Println(string(hash))
// return
//}
//c := LoadConfig(*configFile) //c := LoadConfig(*configFile)
// //
//h := &webdav.Handler{} //h := &webdav.Handler{}