mirror of
https://github.com/matrix-org/dendrite
synced 2024-12-14 17:03:49 +01:00
ac77732185
* Add possibility to reset password * Invalidate logins * Fix test
169 lines
5.2 KiB
Go
169 lines
5.2 KiB
Go
// Copyright 2017 Vector Creations Ltd
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
package main
|
|
|
|
import (
|
|
"context"
|
|
"flag"
|
|
"fmt"
|
|
"io"
|
|
"io/ioutil"
|
|
"os"
|
|
"strings"
|
|
|
|
"github.com/sirupsen/logrus"
|
|
"golang.org/x/crypto/bcrypt"
|
|
"golang.org/x/term"
|
|
|
|
"github.com/matrix-org/dendrite/setup"
|
|
"github.com/matrix-org/dendrite/setup/config"
|
|
"github.com/matrix-org/dendrite/userapi/api"
|
|
userdb "github.com/matrix-org/dendrite/userapi/storage"
|
|
)
|
|
|
|
const usage = `Usage: %s
|
|
|
|
Creates a new user account on the homeserver.
|
|
|
|
Example:
|
|
|
|
# provide password by parameter
|
|
%s --config dendrite.yaml -username alice -password foobarbaz
|
|
# use password from file
|
|
%s --config dendrite.yaml -username alice -passwordfile my.pass
|
|
# ask user to provide password
|
|
%s --config dendrite.yaml -username alice -ask-pass
|
|
# read password from stdin
|
|
%s --config dendrite.yaml -username alice -passwordstdin < my.pass
|
|
cat my.pass | %s --config dendrite.yaml -username alice -passwordstdin
|
|
# reset password for a user, can be used with a combination above to read the password
|
|
%s --config dendrite.yaml -reset-password -username alice -password foobarbaz
|
|
|
|
Arguments:
|
|
|
|
`
|
|
|
|
var (
|
|
username = flag.String("username", "", "The username of the account to register (specify the localpart only, e.g. 'alice' for '@alice:domain.com')")
|
|
password = flag.String("password", "", "The password to associate with the account (optional, account will be password-less if not specified)")
|
|
pwdFile = flag.String("passwordfile", "", "The file to use for the password (e.g. for automated account creation)")
|
|
pwdStdin = flag.Bool("passwordstdin", false, "Reads the password from stdin")
|
|
askPass = flag.Bool("ask-pass", false, "Ask for the password to use")
|
|
isAdmin = flag.Bool("admin", false, "Create an admin account")
|
|
resetPassword = flag.Bool("reset-password", false, "Resets the password for the given username")
|
|
)
|
|
|
|
func main() {
|
|
name := os.Args[0]
|
|
flag.Usage = func() {
|
|
_, _ = fmt.Fprintf(os.Stderr, usage, name, name, name, name, name, name, name)
|
|
flag.PrintDefaults()
|
|
}
|
|
cfg := setup.ParseFlags(true)
|
|
|
|
if *username == "" {
|
|
flag.Usage()
|
|
os.Exit(1)
|
|
}
|
|
|
|
pass := getPassword(password, pwdFile, pwdStdin, askPass, os.Stdin)
|
|
|
|
accountDB, err := userdb.NewDatabase(
|
|
&config.DatabaseOptions{
|
|
ConnectionString: cfg.UserAPI.AccountDatabase.ConnectionString,
|
|
},
|
|
cfg.Global.ServerName, bcrypt.DefaultCost,
|
|
cfg.UserAPI.OpenIDTokenLifetimeMS,
|
|
api.DefaultLoginTokenLifetime,
|
|
)
|
|
if err != nil {
|
|
logrus.Fatalln("Failed to connect to the database:", err.Error())
|
|
}
|
|
|
|
accType := api.AccountTypeUser
|
|
if *isAdmin {
|
|
accType = api.AccountTypeAdmin
|
|
}
|
|
|
|
if *resetPassword {
|
|
err = accountDB.SetPassword(context.Background(), *username, pass)
|
|
if err != nil {
|
|
logrus.Fatalf("Failed to update password for user %s: %s", *username, err.Error())
|
|
}
|
|
if _, err = accountDB.RemoveAllDevices(context.Background(), *username, ""); err != nil {
|
|
logrus.Fatalf("Failed to remove all devices: %s", err.Error())
|
|
}
|
|
logrus.Infof("Updated password for user %s and invalidated all logins\n", *username)
|
|
return
|
|
}
|
|
|
|
_, err = accountDB.CreateAccount(context.Background(), *username, pass, "", accType)
|
|
if err != nil {
|
|
logrus.Fatalln("Failed to create the account:", err.Error())
|
|
}
|
|
|
|
logrus.Infoln("Created account", *username)
|
|
}
|
|
|
|
func getPassword(password, pwdFile *string, pwdStdin, askPass *bool, r io.Reader) string {
|
|
// no password option set, use empty password
|
|
if password == nil && pwdFile == nil && pwdStdin == nil && askPass == nil {
|
|
return ""
|
|
}
|
|
// password defined as parameter
|
|
if password != nil && *password != "" {
|
|
return *password
|
|
}
|
|
|
|
// read password from file
|
|
if pwdFile != nil && *pwdFile != "" {
|
|
pw, err := ioutil.ReadFile(*pwdFile)
|
|
if err != nil {
|
|
logrus.Fatalln("Unable to read password from file:", err)
|
|
}
|
|
return strings.TrimSpace(string(pw))
|
|
}
|
|
|
|
// read password from stdin
|
|
if pwdStdin != nil && *pwdStdin {
|
|
data, err := ioutil.ReadAll(r)
|
|
if err != nil {
|
|
logrus.Fatalln("Unable to read password from stdin:", err)
|
|
}
|
|
return strings.TrimSpace(string(data))
|
|
}
|
|
|
|
// ask the user to provide the password
|
|
if *askPass {
|
|
fmt.Print("Enter Password: ")
|
|
bytePassword, err := term.ReadPassword(int(os.Stdin.Fd()))
|
|
if err != nil {
|
|
logrus.Fatalln("Unable to read password:", err)
|
|
}
|
|
fmt.Println()
|
|
fmt.Print("Confirm Password: ")
|
|
bytePassword2, err := term.ReadPassword(int(os.Stdin.Fd()))
|
|
if err != nil {
|
|
logrus.Fatalln("Unable to read password:", err)
|
|
}
|
|
fmt.Println()
|
|
if strings.TrimSpace(string(bytePassword)) != strings.TrimSpace(string(bytePassword2)) {
|
|
logrus.Fatalln("Entered passwords don't match")
|
|
}
|
|
return strings.TrimSpace(string(bytePassword))
|
|
}
|
|
|
|
return ""
|
|
}
|