Hash etherpad passwords

ef0b5366 · Bob Mottram · dffea8f5 · ef0b5366
Commit ef0b5366 authored 8 years ago by Bob Mottram
--- a/src/freedombone-app-etherpad
+++ b/src/freedombone-app-etherpad
@@ -53,20 +53,24 @@ etherpad_variables=(ETHERPAD_COMMIT
                    DDNS_PROVIDER
                    MY_USERNAME)

+function etherpad_password_hash {
+    echo $(python -c "from passlib.hash import bcrypt;print(bcrypt.encrypt(\"$1\", rounds=10))")
+}
+
 function change_password_etherpad {
    change_username="$1"
-    new_user_password="$2"
+    new_user_password=$(etherpad_password_hash "$2")

    read_config_param ETHERPAD_DOMAIN_NAME

    if grep "\"$change_username\": {" /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json; then
        user_line=$(cat /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json | grep "\"$change_username\": {")
        if [[ "$user_line" == *"\"is_admin\": true"* ]]; then
-            sed -i "s|\"$change_username\": {.*|\"$change_username\": { \"password\": \"$new_user_password\", \"is_admin\": true }|g" /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
+            sed -i "s|\"$change_username\": {.*|\"$change_username\": { \"hash\": \"$new_user_password\", \"is_admin\": true }|g" /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
        else
-            sed -i "s|\"$change_username\": {.*|\"$change_username\": { \"password\": \"$new_user_password\", \"is_admin\": false },|g" /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
+            sed -i "s|\"$change_username\": {.*|\"$change_username\": { \"hash\": \"$new_user_password\", \"is_admin\": false },|g" /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
        fi
-        ${PROJECT_NAME}-pass -u $change_username -a etherpad -p "$new_user_password"
+        ${PROJECT_NAME}-pass -u $change_username -a etherpad -p "$2"
        systemctl restart etherpad
    fi
 }
@@ -146,7 +150,7 @@ function create_etherpad_settings {
    echo '  "disableIPlogging" : true,' >> $settings_file

    echo '  "users": {' >> $settings_file
-    echo "    \"${MY_USERNAME}\": { \"password\": \"${ETHERPAD_ADMIN_PASSWORD}\", \"is_admin\": true }" >> $settings_file
+    echo "    \"${MY_USERNAME}\": { \"hash\": \"$(etherpad_password_hash "${ETHERPAD_ADMIN_PASSWORD}")\", \"is_admin\": true }" >> $settings_file
    echo '  },' >> $settings_file

    echo '  "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"],' >> $settings_file
@@ -187,12 +191,12 @@ function remove_user_etherpad {

 function add_user_etherpad {
    new_username="$1"
-    new_user_password="$2"
+    new_user_password=$(etherpad_password_hash "$2")
    settings_file=/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json

    if ! grep -q "\"$new_username\": {" $settings_file; then
        ${PROJECT_NAME}-pass -u $new_username -a etherpad -p "$new_user_password"
-        sed -i "/\"users\": {/a    \"$new_username\": { \"password\": \"$new_user_password\", \"is_admin\": false }," $settings_file
+        sed -i "/\"users\": {/a    \"$new_username\": { \"hash\": \"$new_user_password\", \"is_admin\": false }," $settings_file
        if grep -q "\"$new_username\": {" $settings_file; then
            systemctl restart etherpad
        else
@@ -458,7 +462,8 @@ function install_etherpad {
    repair_databases_script

    apt-get -yq install gzip git curl python libssl-dev pkg-config \
-            build-essential python g++ make checkinstall
+            build-essential python g++ make checkinstall \
+            python-bcrypt python-passlib

    function_check install_nodejs
    install_nodejs etherpad