From a88c5588e8fbbf59a424dfbb05667ed3a31cd376 Mon Sep 17 00:00:00 2001 From: Alex Gustafsson Date: Thu, 16 Sep 2021 02:20:42 +0200 Subject: [PATCH] feat: add config flag to hash-password tool (#2047) This change implements a --config flag for the hash-password which parses the config and validates it just as it would at run-time. The values specified in the config replace those specified as parameters. * feat(cmd): add config flag to hash-password tool * fix(cmd): fix linting issue Closes: #1709. --- docs/configuration/authentication/file.md | 10 ++++++---- internal/commands/hash.go | 23 +++++++++++++++++++++++ 2 files changed, 29 insertions(+), 4 deletions(-) diff --git a/docs/configuration/authentication/file.md b/docs/configuration/authentication/file.md index d8e43dd03..314447b3c 100644 --- a/docs/configuration/authentication/file.md +++ b/docs/configuration/authentication/file.md @@ -69,7 +69,7 @@ resetting their passwords. ### path
type: string (path) -{: .label .label-config .label-purple } +{: .label .label-config .label-purple } required: yes {: .label .label-config .label-red }
@@ -80,7 +80,7 @@ required: yes #### algorithm
type: string -{: .label .label-config .label-purple } +{: .label .label-config .label-purple } default: argon2id {: .label .label-config .label-blue } required: no @@ -108,7 +108,7 @@ When using `sha512` the minimum is 1000, and 50000 is the recommended value. #### salt_length
type: integer -{: .label .label-config .label-purple } +{: .label .label-config .label-purple } default: 16 {: .label .label-config .label-blue } required: no @@ -122,7 +122,7 @@ and there is no documented reason why you'd set it to anything other than this, #### parallelism
type: integer -{: .label .label-config .label-purple } +{: .label .label-config .label-purple } default: 8 {: .label .label-config .label-blue } required: no @@ -158,6 +158,8 @@ For instance to generate a hash with the docker image just run: $ docker run authelia/authelia:latest authelia hash-password 'yourpassword' Password hash: $argon2id$v=19$m=65536$3oc26byQuSkQqksq$zM1QiTvVPrMfV6BVLs2t4gM+af5IN7euO0VB6+Q8ZFs +You may also use the `--config` flag to point to your existing configuration. When used, the values defined in the config will be used instead. + Full CLI Help Documentation: ``` diff --git a/internal/commands/hash.go b/internal/commands/hash.go index db4b98cf8..a0bf67208 100644 --- a/internal/commands/hash.go +++ b/internal/commands/hash.go @@ -7,6 +7,7 @@ import ( "github.com/spf13/cobra" "github.com/authelia/authelia/v4/internal/authentication" + "github.com/authelia/authelia/v4/internal/configuration" "github.com/authelia/authelia/v4/internal/configuration/schema" "github.com/authelia/authelia/v4/internal/logging" ) @@ -27,11 +28,14 @@ func NewHashPasswordCmd() (cmd *cobra.Command) { cmd.Flags().IntP("parallelism", "p", schema.DefaultPasswordConfiguration.Parallelism, "[argon2id] set the parallelism param") cmd.Flags().IntP("key-length", "k", schema.DefaultPasswordConfiguration.KeyLength, "[argon2id] set the key length param") cmd.Flags().IntP("salt-length", "l", schema.DefaultPasswordConfiguration.SaltLength, "set the auto-generated salt length") + cmd.Flags().StringSliceP("config", "c", []string{}, "Configuration files") return cmd } func cmdHashPasswordRun(cmd *cobra.Command, args []string) { + logger := logging.Logger() + sha512, _ := cmd.Flags().GetBool("sha512") iterations, _ := cmd.Flags().GetInt("iterations") salt, _ := cmd.Flags().GetString("salt") @@ -39,6 +43,25 @@ func cmdHashPasswordRun(cmd *cobra.Command, args []string) { saltLength, _ := cmd.Flags().GetInt("salt-length") memory, _ := cmd.Flags().GetInt("memory") parallelism, _ := cmd.Flags().GetInt("parallelism") + configs, _ := cmd.Flags().GetStringSlice("config") + + if len(configs) > 0 { + val := schema.NewStructValidator() + + _, config, err := configuration.Load(val, configuration.NewDefaultSources(configs, configuration.DefaultEnvPrefix, configuration.DefaultEnvDelimiter)...) + if err != nil { + logger.Fatalf("Error occurred loading configuration: %v", err) + } + + if config.AuthenticationBackend.File != nil && config.AuthenticationBackend.File.Password != nil { + sha512 = config.AuthenticationBackend.File.Password.Algorithm == "sha512" + iterations = config.AuthenticationBackend.File.Password.Iterations + keyLength = config.AuthenticationBackend.File.Password.KeyLength + saltLength = config.AuthenticationBackend.File.Password.SaltLength + memory = config.AuthenticationBackend.File.Password.Memory + parallelism = config.AuthenticationBackend.File.Password.Parallelism + } + } var ( hash string