✨ Offer password generation and query
This commit is contained in:
parent
ec171ea5ec
commit
f39d8c3e48
|
@ -0,0 +1,66 @@
|
||||||
|
package main
|
||||||
|
|
||||||
|
import (
|
||||||
|
"bytes"
|
||||||
|
"fmt"
|
||||||
|
"math/rand"
|
||||||
|
|
||||||
|
pwgen "github.com/sethvargo/go-password/password"
|
||||||
|
"golang.org/x/crypto/bcrypt"
|
||||||
|
"golang.org/x/crypto/ssh/terminal"
|
||||||
|
)
|
||||||
|
|
||||||
|
type PasswordParam struct {
|
||||||
|
Password string `name:"password" help:"The password to be set. Empty to prompt."`
|
||||||
|
GeneratePassword bool `name:"generate-password" help:"If set, the password is auto generated."`
|
||||||
|
GeneratePasswordLength int `name:"password-length" help:"If generate-password is set, this specified the length of the generated password." default:"32"`
|
||||||
|
}
|
||||||
|
|
||||||
|
func (p *PasswordParam) acquirePassword() (string, error) {
|
||||||
|
if p.GeneratePassword {
|
||||||
|
// math.rand is not secure. For determining the number of digits in a password
|
||||||
|
// it should suffice, though. Beware that we expect here that we at least initialized
|
||||||
|
// the seed somewhere.
|
||||||
|
pw, err := pwgen.Generate(p.GeneratePasswordLength, rand.Intn(p.GeneratePasswordLength/2), 0, false, true)
|
||||||
|
if err != nil {
|
||||||
|
return "", fmt.Errorf("cannot generate password: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
p.Password = pw
|
||||||
|
|
||||||
|
fmt.Printf("Password generated: %s\n", p.Password)
|
||||||
|
}
|
||||||
|
|
||||||
|
if p.Password == "" {
|
||||||
|
fmt.Printf("Enter password: ")
|
||||||
|
bytePassword, err := terminal.ReadPassword(0)
|
||||||
|
if err != nil {
|
||||||
|
fmt.Println()
|
||||||
|
return "", fmt.Errorf("error reading password: %w", err)
|
||||||
|
}
|
||||||
|
fmt.Printf("\nRepeat password: ")
|
||||||
|
bytePasswordRepeat, err := terminal.ReadPassword(0)
|
||||||
|
if err != nil {
|
||||||
|
fmt.Println()
|
||||||
|
return "", fmt.Errorf("error reading password: %w", err)
|
||||||
|
}
|
||||||
|
fmt.Println()
|
||||||
|
|
||||||
|
if !bytes.Equal(bytePassword, bytePasswordRepeat) {
|
||||||
|
return "", fmt.Errorf("passwords do not match")
|
||||||
|
}
|
||||||
|
|
||||||
|
p.Password = string(bytePassword)
|
||||||
|
}
|
||||||
|
|
||||||
|
if p.Password == "" {
|
||||||
|
return "", fmt.Errorf("empty password supplied")
|
||||||
|
}
|
||||||
|
|
||||||
|
hash, err := bcrypt.GenerateFromPassword([]byte(p.Password), 0)
|
||||||
|
if err != nil {
|
||||||
|
return "", fmt.Errorf("cannot hash password: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
return string(hash), nil
|
||||||
|
}
|
|
@ -54,7 +54,7 @@ func (cmd CmdUserList) Run(app *app) error {
|
||||||
|
|
||||||
type CmdUserAdd struct {
|
type CmdUserAdd struct {
|
||||||
Username string `arg:"" name:"username" help:"The username to be added."`
|
Username string `arg:"" name:"username" help:"The username to be added."`
|
||||||
Password string `name:"password" help:"The password of the new user."`
|
PasswordParam
|
||||||
Role GlobalRole `name:"role" default:"user" help:"Role of the user. 'admin' or ' user'"`
|
Role GlobalRole `name:"role" default:"user" help:"Role of the user. 'admin' or ' user'"`
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -66,14 +66,14 @@ func (cmd CmdUserAdd) Run(app *app) error {
|
||||||
return fmt.Errorf("invalid user role")
|
return fmt.Errorf("invalid user role")
|
||||||
}
|
}
|
||||||
|
|
||||||
hash, err := bcrypt.GenerateFromPassword([]byte(cmd.Password), 0)
|
password, err := cmd.acquirePassword()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("cannot hash password: %w", err)
|
return fmt.Errorf("cannot acquire password for user: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
user := User{
|
user := User{
|
||||||
Username: cmd.Username,
|
Username: cmd.Username,
|
||||||
Password: string(hash),
|
Password: password,
|
||||||
Role: cmd.Role,
|
Role: cmd.Role,
|
||||||
}
|
}
|
||||||
return app.userStore.AddUser(user)
|
return app.userStore.AddUser(user)
|
||||||
|
|
39
main.go
39
main.go
|
@ -26,6 +26,11 @@
|
||||||
package main
|
package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
crand "crypto/rand"
|
||||||
|
"math"
|
||||||
|
"math/big"
|
||||||
|
"math/rand"
|
||||||
|
|
||||||
"github.com/alecthomas/kong"
|
"github.com/alecthomas/kong"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -38,6 +43,14 @@ type app struct {
|
||||||
}
|
}
|
||||||
|
|
||||||
func main() {
|
func main() {
|
||||||
|
// When we need simple randomization (not cryptographically secure one), we should at least start
|
||||||
|
// with some non-default-seed.
|
||||||
|
seed, err := crand.Int(crand.Reader, big.NewInt(math.MaxInt64))
|
||||||
|
if err != nil {
|
||||||
|
panic("cannot initialize rand: " + err.Error())
|
||||||
|
}
|
||||||
|
rand.Seed(seed.Int64())
|
||||||
|
|
||||||
var app app
|
var app app
|
||||||
ctx := kong.Parse(&app)
|
ctx := kong.Parse(&app)
|
||||||
|
|
||||||
|
@ -50,32 +63,6 @@ func main() {
|
||||||
|
|
||||||
ctx.FatalIfErrorf(ctx.Run(&app))
|
ctx.FatalIfErrorf(ctx.Run(&app))
|
||||||
|
|
||||||
//if *genPassword {
|
|
||||||
// // math.rand is not secure. For determining the number of digits in a password
|
|
||||||
// // it should suffice, though.
|
|
||||||
// rand.Seed(time.Now().UnixNano())
|
|
||||||
// pwLen := 32
|
|
||||||
// pw, err := pwgen.Generate(pwLen, rand.Intn(pwLen/2), 0, false, true)
|
|
||||||
// if err != nil {
|
|
||||||
// panic(err)
|
|
||||||
// }
|
|
||||||
// hash, err := bcrypt.GenerateFromPassword([]byte(pw), 0)
|
|
||||||
// if err != nil {
|
|
||||||
// panic(err)
|
|
||||||
// }
|
|
||||||
//
|
|
||||||
// fmt.Printf("Password: %s\n", pw)
|
|
||||||
// fmt.Printf(" Hash: %s\n", hash)
|
|
||||||
// return
|
|
||||||
//} else if *hashPassword != "" {
|
|
||||||
// hash, err := bcrypt.GenerateFromPassword([]byte(*hashPassword), 0)
|
|
||||||
// if err != nil {
|
|
||||||
// panic(err)
|
|
||||||
// }
|
|
||||||
// fmt.Println(string(hash))
|
|
||||||
// return
|
|
||||||
//}
|
|
||||||
|
|
||||||
//c := LoadConfig(*configFile)
|
//c := LoadConfig(*configFile)
|
||||||
//
|
//
|
||||||
//h := &webdav.Handler{}
|
//h := &webdav.Handler{}
|
||||||
|
|
Loading…
Reference in New Issue