From ef0b5366ded785d3e0bb55baebbee18bd36cfe7d Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@robotics.uk.to>
Date: Mon, 21 Nov 2016 14:54:57 +0000
Subject: [PATCH] Hash etherpad passwords
---
src/freedombone-app-etherpad | 21 +++++++++++++--------
1 file changed, 13 insertions(+), 8 deletions(-)
diff --git a/src/freedombone-app-etherpad b/src/freedombone-app-etherpad
index adc910347..2e9ad7736 100755
--- a/src/freedombone-app-etherpad
+++ b/src/freedombone-app-etherpad
@@ -53,20 +53,24 @@ etherpad_variables=(ETHERPAD_COMMIT
DDNS_PROVIDER
MY_USERNAME)
+function etherpad_password_hash {
+ echo $(python -c "from passlib.hash import bcrypt;print(bcrypt.encrypt(\"$1\", rounds=10))")
+}
+
function change_password_etherpad {
change_username="$1"
- new_user_password="$2"
+ new_user_password=$(etherpad_password_hash "$2")
read_config_param ETHERPAD_DOMAIN_NAME
if grep "\"$change_username\": {" /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json; then
user_line=$(cat /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json | grep "\"$change_username\": {")
if [[ "$user_line" == *"\"is_admin\": true"* ]]; then
- sed -i "s|\"$change_username\": {.*|\"$change_username\": { \"password\": \"$new_user_password\", \"is_admin\": true }|g" /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
+ sed -i "s|\"$change_username\": {.*|\"$change_username\": { \"hash\": \"$new_user_password\", \"is_admin\": true }|g" /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
else
- sed -i "s|\"$change_username\": {.*|\"$change_username\": { \"password\": \"$new_user_password\", \"is_admin\": false },|g" /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
+ sed -i "s|\"$change_username\": {.*|\"$change_username\": { \"hash\": \"$new_user_password\", \"is_admin\": false },|g" /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
fi
- ${PROJECT_NAME}-pass -u $change_username -a etherpad -p "$new_user_password"
+ ${PROJECT_NAME}-pass -u $change_username -a etherpad -p "$2"
systemctl restart etherpad
fi
}
@@ -146,7 +150,7 @@ function create_etherpad_settings {
echo ' "disableIPlogging" : true,' >> $settings_file
echo ' "users": {' >> $settings_file
- echo " \"${MY_USERNAME}\": { \"password\": \"${ETHERPAD_ADMIN_PASSWORD}\", \"is_admin\": true }" >> $settings_file
+ echo " \"${MY_USERNAME}\": { \"hash\": \"$(etherpad_password_hash "${ETHERPAD_ADMIN_PASSWORD}")\", \"is_admin\": true }" >> $settings_file
echo ' },' >> $settings_file
echo ' "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"],' >> $settings_file
@@ -187,12 +191,12 @@ function remove_user_etherpad {
function add_user_etherpad {
new_username="$1"
- new_user_password="$2"
+ new_user_password=$(etherpad_password_hash "$2")
settings_file=/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
if ! grep -q "\"$new_username\": {" $settings_file; then
${PROJECT_NAME}-pass -u $new_username -a etherpad -p "$new_user_password"
- sed -i "/\"users\": {/a \"$new_username\": { \"password\": \"$new_user_password\", \"is_admin\": false }," $settings_file
+ sed -i "/\"users\": {/a \"$new_username\": { \"hash\": \"$new_user_password\", \"is_admin\": false }," $settings_file
if grep -q "\"$new_username\": {" $settings_file; then
systemctl restart etherpad
else
@@ -458,7 +462,8 @@ function install_etherpad {
repair_databases_script
apt-get -yq install gzip git curl python libssl-dev pkg-config \
- build-essential python g++ make checkinstall
+ build-essential python g++ make checkinstall \
+ python-bcrypt python-passlib
function_check install_nodejs
install_nodejs etherpad
--
GitLab