service: add -disable-password

This can be used to disable password authentication for a user.
This is useful to prevent a disabled user account from being
auto-enabled when enable-user-on-auth is on.
This commit is contained in:
Simon Ser 2023-01-26 20:03:37 +01:00
parent db49bc120f
commit 979fb319fe
2 changed files with 25 additions and 3 deletions

View File

@ -438,6 +438,9 @@ character.
*-password* <password> *-password* <password>
The bouncer password. The bouncer password.
*-disable-password*
Disable password authentication. The user will be unable to login.
*-admin* true|false *-admin* true|false
Make the new user an administrator. Make the new user an administrator.

View File

@ -925,6 +925,7 @@ func handleUserCreate(ctx *serviceContext, params []string) error {
fs := newFlagSet() fs := newFlagSet()
username := fs.String("username", "", "") username := fs.String("username", "", "")
password := fs.String("password", "", "") password := fs.String("password", "", "")
disablePassword := fs.Bool("disable-password", false, "")
nick := fs.String("nick", "", "") nick := fs.String("nick", "", "")
realname := fs.String("realname", "", "") realname := fs.String("realname", "", "")
admin := fs.Bool("admin", false, "") admin := fs.Bool("admin", false, "")
@ -939,7 +940,10 @@ func handleUserCreate(ctx *serviceContext, params []string) error {
if *username == "" { if *username == "" {
return fmt.Errorf("flag -username is required") return fmt.Errorf("flag -username is required")
} }
if *password == "" { if *password != "" && *disablePassword {
return fmt.Errorf("flags -password and -disable-password are mutually exclusive")
}
if *password == "" && !*disablePassword {
return fmt.Errorf("flag -password is required") return fmt.Errorf("flag -password is required")
} }
@ -950,8 +954,10 @@ func handleUserCreate(ctx *serviceContext, params []string) error {
Admin: *admin, Admin: *admin,
Enabled: *enabled, Enabled: *enabled,
} }
if err := user.SetPassword(*password); err != nil { if !*disablePassword {
return err if err := user.SetPassword(*password); err != nil {
return err
}
} }
if _, err := ctx.user.srv.createUser(ctx, user); err != nil { if _, err := ctx.user.srv.createUser(ctx, user); err != nil {
return fmt.Errorf("could not create user: %v", err) return fmt.Errorf("could not create user: %v", err)
@ -971,8 +977,10 @@ func popArg(params []string) (string, []string) {
func handleUserUpdate(ctx *serviceContext, params []string) error { func handleUserUpdate(ctx *serviceContext, params []string) error {
var password, nick, realname *string var password, nick, realname *string
var admin, enabled *bool var admin, enabled *bool
var disablePassword bool
fs := newFlagSet() fs := newFlagSet()
fs.Var(stringPtrFlag{&password}, "password", "") fs.Var(stringPtrFlag{&password}, "password", "")
fs.BoolVar(&disablePassword, "disable-password", false, "")
fs.Var(stringPtrFlag{&nick}, "nick", "") fs.Var(stringPtrFlag{&nick}, "nick", "")
fs.Var(stringPtrFlag{&realname}, "realname", "") fs.Var(stringPtrFlag{&realname}, "realname", "")
fs.Var(boolPtrFlag{&admin}, "admin", "") fs.Var(boolPtrFlag{&admin}, "admin", "")
@ -986,6 +994,10 @@ func handleUserUpdate(ctx *serviceContext, params []string) error {
return fmt.Errorf("unexpected argument: %v", fs.Arg(0)) return fmt.Errorf("unexpected argument: %v", fs.Arg(0))
} }
if password != nil && disablePassword {
return fmt.Errorf("flags -password and -disable-password are mutually exclusive")
}
if username != "" && username != ctx.user.Username { if username != "" && username != ctx.user.Username {
if !ctx.user.Admin { if !ctx.user.Admin {
return fmt.Errorf("you must be an admin to update other users") return fmt.Errorf("you must be an admin to update other users")
@ -1006,6 +1018,10 @@ func handleUserUpdate(ctx *serviceContext, params []string) error {
hashedStr := string(hashedBytes) hashedStr := string(hashedBytes)
hashed = &hashedStr hashed = &hashedStr
} }
if disablePassword {
hashedStr := ""
hashed = &hashedStr
}
u := ctx.user.srv.getUser(username) u := ctx.user.srv.getUser(username)
if u == nil { if u == nil {
@ -1039,6 +1055,9 @@ func handleUserUpdate(ctx *serviceContext, params []string) error {
return err return err
} }
} }
if disablePassword {
record.Password = ""
}
if nick != nil { if nick != nil {
record.Nick = *nick record.Nick = *nick
} }