service: add -disable-password
This can be used to disable password authentication for a user. This is useful to prevent a disabled user account from being auto-enabled when enable-user-on-auth is on.
This commit is contained in:
Simon Ser
parent
db49bc120f
commit
979fb319fe
|
|
@ -438,6 +438,9 @@ character.
|
|||
*-password* <password>
|
||||
The bouncer password.
|
||||
|
||||
*-disable-password*
|
||||
Disable password authentication. The user will be unable to login.
|
||||
|
||||
*-admin* true|false
|
||||
Make the new user an administrator.
|
||||
|
||||
|
|
|
|||
25
service.go
25
service.go
|
|
@ -925,6 +925,7 @@ func handleUserCreate(ctx *serviceContext, params []string) error {
|
|||
fs := newFlagSet()
|
||||
username := fs.String("username", "", "")
|
||||
password := fs.String("password", "", "")
|
||||
disablePassword := fs.Bool("disable-password", false, "")
|
||||
nick := fs.String("nick", "", "")
|
||||
realname := fs.String("realname", "", "")
|
||||
admin := fs.Bool("admin", false, "")
|
||||
|
|
@ -939,7 +940,10 @@ func handleUserCreate(ctx *serviceContext, params []string) error {
|
|||
if *username == "" {
|
||||
return fmt.Errorf("flag -username is required")
|
||||
}
|
||||
if *password == "" {
|
||||
if *password != "" && *disablePassword {
|
||||
return fmt.Errorf("flags -password and -disable-password are mutually exclusive")
|
||||
}
|
||||
if *password == "" && !*disablePassword {
|
||||
return fmt.Errorf("flag -password is required")
|
||||
}
|
||||
|
||||
|
|
@ -950,8 +954,10 @@ func handleUserCreate(ctx *serviceContext, params []string) error {
|
|||
Admin: *admin,
|
||||
Enabled: *enabled,
|
||||
}
|
||||
if err := user.SetPassword(*password); err != nil {
|
||||
return err
|
||||
if !*disablePassword {
|
||||
if err := user.SetPassword(*password); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
if _, err := ctx.user.srv.createUser(ctx, user); err != nil {
|
||||
return fmt.Errorf("could not create user: %v", err)
|
||||
|
|
@ -971,8 +977,10 @@ func popArg(params []string) (string, []string) {
|
|||
func handleUserUpdate(ctx *serviceContext, params []string) error {
|
||||
var password, nick, realname *string
|
||||
var admin, enabled *bool
|
||||
var disablePassword bool
|
||||
fs := newFlagSet()
|
||||
fs.Var(stringPtrFlag{&password}, "password", "")
|
||||
fs.BoolVar(&disablePassword, "disable-password", false, "")
|
||||
fs.Var(stringPtrFlag{&nick}, "nick", "")
|
||||
fs.Var(stringPtrFlag{&realname}, "realname", "")
|
||||
fs.Var(boolPtrFlag{&admin}, "admin", "")
|
||||
|
|
@ -986,6 +994,10 @@ func handleUserUpdate(ctx *serviceContext, params []string) error {
|
|||
return fmt.Errorf("unexpected argument: %v", fs.Arg(0))
|
||||
}
|
||||
|
||||
if password != nil && disablePassword {
|
||||
return fmt.Errorf("flags -password and -disable-password are mutually exclusive")
|
||||
}
|
||||
|
||||
if username != "" && username != ctx.user.Username {
|
||||
if !ctx.user.Admin {
|
||||
return fmt.Errorf("you must be an admin to update other users")
|
||||
|
|
@ -1006,6 +1018,10 @@ func handleUserUpdate(ctx *serviceContext, params []string) error {
|
|||
hashedStr := string(hashedBytes)
|
||||
hashed = &hashedStr
|
||||
}
|
||||
if disablePassword {
|
||||
hashedStr := ""
|
||||
hashed = &hashedStr
|
||||
}
|
||||
|
||||
u := ctx.user.srv.getUser(username)
|
||||
if u == nil {
|
||||
|
|
@ -1039,6 +1055,9 @@ func handleUserUpdate(ctx *serviceContext, params []string) error {
|
|||
return err
|
||||
}
|
||||
}
|
||||
if disablePassword {
|
||||
record.Password = ""
|
||||
}
|
||||
if nick != nil {
|
||||
record.Nick = *nick
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue