mirror of
https://github.com/hoernschen/dendrite.git
synced 2024-12-26 15:08:28 +00:00
Fixes for create-account
(#2285)
* Check user existence Fallback to asking for the password if non is defined * Add missing tests * Update to not use pointers, verify username length * Re-add possibilty to create passwordless account * Fix config issue * Fix test again Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com>
This commit is contained in:
parent
5b5e6a59b6
commit
873c4d7e2c
2 changed files with 72 additions and 50 deletions
|
@ -24,12 +24,11 @@ import (
|
||||||
"regexp"
|
"regexp"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
|
"github.com/matrix-org/dendrite/setup"
|
||||||
"github.com/matrix-org/dendrite/setup/base"
|
"github.com/matrix-org/dendrite/setup/base"
|
||||||
|
"github.com/matrix-org/dendrite/userapi/api"
|
||||||
"github.com/sirupsen/logrus"
|
"github.com/sirupsen/logrus"
|
||||||
"golang.org/x/term"
|
"golang.org/x/term"
|
||||||
|
|
||||||
"github.com/matrix-org/dendrite/setup"
|
|
||||||
"github.com/matrix-org/dendrite/userapi/api"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
const usage = `Usage: %s
|
const usage = `Usage: %s
|
||||||
|
@ -43,7 +42,7 @@ Example:
|
||||||
# use password from file
|
# use password from file
|
||||||
%s --config dendrite.yaml -username alice -passwordfile my.pass
|
%s --config dendrite.yaml -username alice -passwordfile my.pass
|
||||||
# ask user to provide password
|
# ask user to provide password
|
||||||
%s --config dendrite.yaml -username alice -ask-pass
|
%s --config dendrite.yaml -username alice
|
||||||
# read password from stdin
|
# read password from stdin
|
||||||
%s --config dendrite.yaml -username alice -passwordstdin < my.pass
|
%s --config dendrite.yaml -username alice -passwordstdin < my.pass
|
||||||
cat my.pass | %s --config dendrite.yaml -username alice -passwordstdin
|
cat my.pass | %s --config dendrite.yaml -username alice -passwordstdin
|
||||||
|
@ -56,10 +55,10 @@ Arguments:
|
||||||
|
|
||||||
var (
|
var (
|
||||||
username = flag.String("username", "", "The username of the account to register (specify the localpart only, e.g. 'alice' for '@alice:domain.com')")
|
username = flag.String("username", "", "The username of the account to register (specify the localpart only, e.g. 'alice' for '@alice:domain.com')")
|
||||||
password = flag.String("password", "", "The password to associate with the account (optional, account will be password-less if not specified)")
|
password = flag.String("password", "", "The password to associate with the account")
|
||||||
pwdFile = flag.String("passwordfile", "", "The file to use for the password (e.g. for automated account creation)")
|
pwdFile = flag.String("passwordfile", "", "The file to use for the password (e.g. for automated account creation)")
|
||||||
pwdStdin = flag.Bool("passwordstdin", false, "Reads the password from stdin")
|
pwdStdin = flag.Bool("passwordstdin", false, "Reads the password from stdin")
|
||||||
askPass = flag.Bool("ask-pass", false, "Ask for the password to use")
|
pwdLess = flag.Bool("passwordless", false, "Create a passwordless account, e.g. if only an accesstoken is required")
|
||||||
isAdmin = flag.Bool("admin", false, "Create an admin account")
|
isAdmin = flag.Bool("admin", false, "Create an admin account")
|
||||||
resetPassword = flag.Bool("reset-password", false, "Resets the password for the given username")
|
resetPassword = flag.Bool("reset-password", false, "Resets the password for the given username")
|
||||||
validUsernameRegex = regexp.MustCompile(`^[0-9a-z_\-=./]+$`)
|
validUsernameRegex = regexp.MustCompile(`^[0-9a-z_\-=./]+$`)
|
||||||
|
@ -78,22 +77,44 @@ func main() {
|
||||||
os.Exit(1)
|
os.Exit(1)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if *pwdLess && *resetPassword {
|
||||||
|
logrus.Fatalf("Can not reset to an empty password, unable to login afterwards.")
|
||||||
|
}
|
||||||
|
|
||||||
if !validUsernameRegex.MatchString(*username) {
|
if !validUsernameRegex.MatchString(*username) {
|
||||||
logrus.Warn("Username can only contain characters a-z, 0-9, or '_-./='")
|
logrus.Warn("Username can only contain characters a-z, 0-9, or '_-./='")
|
||||||
os.Exit(1)
|
os.Exit(1)
|
||||||
}
|
}
|
||||||
|
|
||||||
pass := getPassword(password, pwdFile, pwdStdin, askPass, os.Stdin)
|
if len(fmt.Sprintf("@%s:%s", *username, cfg.Global.ServerName)) > 255 {
|
||||||
|
logrus.Fatalf("Username can not be longer than 255 characters: %s", fmt.Sprintf("@%s:%s", *username, cfg.Global.ServerName))
|
||||||
|
}
|
||||||
|
|
||||||
b := base.NewBaseDendrite(cfg, "create-account")
|
var pass string
|
||||||
|
var err error
|
||||||
|
if !*pwdLess {
|
||||||
|
pass, err = getPassword(*password, *pwdFile, *pwdStdin, os.Stdin)
|
||||||
|
if err != nil {
|
||||||
|
logrus.Fatalln(err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
b := base.NewBaseDendrite(cfg, "Monolith")
|
||||||
accountDB := b.CreateAccountsDB()
|
accountDB := b.CreateAccountsDB()
|
||||||
|
|
||||||
accType := api.AccountTypeUser
|
accType := api.AccountTypeUser
|
||||||
if *isAdmin {
|
if *isAdmin {
|
||||||
accType = api.AccountTypeAdmin
|
accType = api.AccountTypeAdmin
|
||||||
}
|
}
|
||||||
var err error
|
|
||||||
|
available, err := accountDB.CheckAccountAvailability(context.Background(), *username)
|
||||||
|
if err != nil {
|
||||||
|
logrus.Fatalln("Unable check username existence.")
|
||||||
|
}
|
||||||
if *resetPassword {
|
if *resetPassword {
|
||||||
|
if available {
|
||||||
|
logrus.Fatalln("Username could not be found.")
|
||||||
|
}
|
||||||
err = accountDB.SetPassword(context.Background(), *username, pass)
|
err = accountDB.SetPassword(context.Background(), *username, pass)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logrus.Fatalf("Failed to update password for user %s: %s", *username, err.Error())
|
logrus.Fatalf("Failed to update password for user %s: %s", *username, err.Error())
|
||||||
|
@ -104,6 +125,9 @@ func main() {
|
||||||
logrus.Infof("Updated password for user %s and invalidated all logins\n", *username)
|
logrus.Infof("Updated password for user %s and invalidated all logins\n", *username)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
if !available {
|
||||||
|
logrus.Fatalln("Username is already in use.")
|
||||||
|
}
|
||||||
|
|
||||||
_, err = accountDB.CreateAccount(context.Background(), *username, pass, "", accType)
|
_, err = accountDB.CreateAccount(context.Background(), *username, pass, "", accType)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -113,53 +137,44 @@ func main() {
|
||||||
logrus.Infoln("Created account", *username)
|
logrus.Infoln("Created account", *username)
|
||||||
}
|
}
|
||||||
|
|
||||||
func getPassword(password, pwdFile *string, pwdStdin, askPass *bool, r io.Reader) string {
|
func getPassword(password, pwdFile string, pwdStdin bool, r io.Reader) (string, error) {
|
||||||
// no password option set, use empty password
|
|
||||||
if password == nil && pwdFile == nil && pwdStdin == nil && askPass == nil {
|
|
||||||
return ""
|
|
||||||
}
|
|
||||||
// password defined as parameter
|
|
||||||
if password != nil && *password != "" {
|
|
||||||
return *password
|
|
||||||
}
|
|
||||||
|
|
||||||
// read password from file
|
// read password from file
|
||||||
if pwdFile != nil && *pwdFile != "" {
|
if pwdFile != "" {
|
||||||
pw, err := ioutil.ReadFile(*pwdFile)
|
pw, err := ioutil.ReadFile(pwdFile)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logrus.Fatalln("Unable to read password from file:", err)
|
return "", fmt.Errorf("Unable to read password from file: %v", err)
|
||||||
}
|
}
|
||||||
return strings.TrimSpace(string(pw))
|
return strings.TrimSpace(string(pw)), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// read password from stdin
|
// read password from stdin
|
||||||
if pwdStdin != nil && *pwdStdin {
|
if pwdStdin {
|
||||||
data, err := ioutil.ReadAll(r)
|
data, err := ioutil.ReadAll(r)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logrus.Fatalln("Unable to read password from stdin:", err)
|
return "", fmt.Errorf("Unable to read password from stdin: %v", err)
|
||||||
}
|
}
|
||||||
return strings.TrimSpace(string(data))
|
return strings.TrimSpace(string(data)), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// ask the user to provide the password
|
// If no parameter was set, ask the user to provide the password
|
||||||
if *askPass {
|
if password == "" {
|
||||||
fmt.Print("Enter Password: ")
|
fmt.Print("Enter Password: ")
|
||||||
bytePassword, err := term.ReadPassword(int(os.Stdin.Fd()))
|
bytePassword, err := term.ReadPassword(int(os.Stdin.Fd()))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logrus.Fatalln("Unable to read password:", err)
|
return "", fmt.Errorf("Unable to read password: %v", err)
|
||||||
}
|
}
|
||||||
fmt.Println()
|
fmt.Println()
|
||||||
fmt.Print("Confirm Password: ")
|
fmt.Print("Confirm Password: ")
|
||||||
bytePassword2, err := term.ReadPassword(int(os.Stdin.Fd()))
|
bytePassword2, err := term.ReadPassword(int(os.Stdin.Fd()))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logrus.Fatalln("Unable to read password:", err)
|
return "", fmt.Errorf("Unable to read password: %v", err)
|
||||||
}
|
}
|
||||||
fmt.Println()
|
fmt.Println()
|
||||||
if strings.TrimSpace(string(bytePassword)) != strings.TrimSpace(string(bytePassword2)) {
|
if strings.TrimSpace(string(bytePassword)) != strings.TrimSpace(string(bytePassword2)) {
|
||||||
logrus.Fatalln("Entered passwords don't match")
|
return "", fmt.Errorf("Entered passwords don't match")
|
||||||
}
|
}
|
||||||
return strings.TrimSpace(string(bytePassword))
|
return strings.TrimSpace(string(bytePassword)), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
return ""
|
return password, nil
|
||||||
}
|
}
|
||||||
|
|
|
@ -8,45 +8,48 @@ import (
|
||||||
|
|
||||||
func Test_getPassword(t *testing.T) {
|
func Test_getPassword(t *testing.T) {
|
||||||
type args struct {
|
type args struct {
|
||||||
password *string
|
password string
|
||||||
pwdFile *string
|
pwdFile string
|
||||||
pwdStdin *bool
|
pwdStdin bool
|
||||||
askPass *bool
|
|
||||||
reader io.Reader
|
reader io.Reader
|
||||||
}
|
}
|
||||||
|
|
||||||
pass := "mySecretPass"
|
pass := "mySecretPass"
|
||||||
passwordFile := "testdata/my.pass"
|
passwordFile := "testdata/my.pass"
|
||||||
passwordStdin := true
|
|
||||||
reader := &bytes.Buffer{}
|
reader := &bytes.Buffer{}
|
||||||
_, err := reader.WriteString(pass)
|
_, err := reader.WriteString(pass)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Errorf("unable to write to buffer: %+v", err)
|
t.Errorf("unable to write to buffer: %+v", err)
|
||||||
}
|
}
|
||||||
tests := []struct {
|
tests := []struct {
|
||||||
name string
|
name string
|
||||||
args args
|
args args
|
||||||
want string
|
want string
|
||||||
|
wantErr bool
|
||||||
}{
|
}{
|
||||||
{
|
|
||||||
name: "no password defined",
|
|
||||||
args: args{},
|
|
||||||
want: "",
|
|
||||||
},
|
|
||||||
{
|
{
|
||||||
name: "password defined",
|
name: "password defined",
|
||||||
args: args{password: &pass},
|
args: args{
|
||||||
|
password: pass,
|
||||||
|
},
|
||||||
want: pass,
|
want: pass,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "pwdFile defined",
|
name: "pwdFile defined",
|
||||||
args: args{pwdFile: &passwordFile},
|
args: args{
|
||||||
|
pwdFile: passwordFile,
|
||||||
|
},
|
||||||
want: pass,
|
want: pass,
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
name: "pwdFile does not exist",
|
||||||
|
args: args{pwdFile: "iDontExist"},
|
||||||
|
wantErr: true,
|
||||||
|
},
|
||||||
{
|
{
|
||||||
name: "read pass from stdin defined",
|
name: "read pass from stdin defined",
|
||||||
args: args{
|
args: args{
|
||||||
pwdStdin: &passwordStdin,
|
pwdStdin: true,
|
||||||
reader: reader,
|
reader: reader,
|
||||||
},
|
},
|
||||||
want: pass,
|
want: pass,
|
||||||
|
@ -54,7 +57,11 @@ func Test_getPassword(t *testing.T) {
|
||||||
}
|
}
|
||||||
for _, tt := range tests {
|
for _, tt := range tests {
|
||||||
t.Run(tt.name, func(t *testing.T) {
|
t.Run(tt.name, func(t *testing.T) {
|
||||||
if got := getPassword(tt.args.password, tt.args.pwdFile, tt.args.pwdStdin, tt.args.askPass, tt.args.reader); got != tt.want {
|
got, err := getPassword(tt.args.password, tt.args.pwdFile, tt.args.pwdStdin, tt.args.reader)
|
||||||
|
if !tt.wantErr && err != nil {
|
||||||
|
t.Errorf("expected no error, but got %v", err)
|
||||||
|
}
|
||||||
|
if got != tt.want {
|
||||||
t.Errorf("getPassword() = '%v', want '%v'", got, tt.want)
|
t.Errorf("getPassword() = '%v', want '%v'", got, tt.want)
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
|
|
Loading…
Reference in a new issue