feat: add config flag to hash-password tool (#2047)

This change implements a --config flag for the hash-password which parses the config and validates it just as it would at run-time. The values specified in the config replace those specified as parameters.

* feat(cmd): add config flag to hash-password tool
* fix(cmd): fix linting issue

Closes: #1709.
pull/2380/head
Alex Gustafsson 2021-09-16 02:20:42 +02:00 committed by GitHub
parent 69f37d4161
commit a88c5588e8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 29 additions and 4 deletions

View File

@ -69,7 +69,7 @@ resetting their passwords.
### path ### path
<div markdown="1"> <div markdown="1">
type: string (path) type: string (path)
{: .label .label-config .label-purple } {: .label .label-config .label-purple }
required: yes required: yes
{: .label .label-config .label-red } {: .label .label-config .label-red }
</div> </div>
@ -80,7 +80,7 @@ required: yes
#### algorithm #### algorithm
<div markdown="1"> <div markdown="1">
type: string type: string
{: .label .label-config .label-purple } {: .label .label-config .label-purple }
default: argon2id default: argon2id
{: .label .label-config .label-blue } {: .label .label-config .label-blue }
required: no required: no
@ -108,7 +108,7 @@ When using `sha512` the minimum is 1000, and 50000 is the recommended value.
#### salt_length #### salt_length
<div markdown="1"> <div markdown="1">
type: integer type: integer
{: .label .label-config .label-purple } {: .label .label-config .label-purple }
default: 16 default: 16
{: .label .label-config .label-blue } {: .label .label-config .label-blue }
required: no required: no
@ -122,7 +122,7 @@ and there is no documented reason why you'd set it to anything other than this,
#### parallelism #### parallelism
<div markdown="1"> <div markdown="1">
type: integer type: integer
{: .label .label-config .label-purple } {: .label .label-config .label-purple }
default: 8 default: 8
{: .label .label-config .label-blue } {: .label .label-config .label-blue }
required: no required: no
@ -158,6 +158,8 @@ For instance to generate a hash with the docker image just run:
$ docker run authelia/authelia:latest authelia hash-password 'yourpassword' $ docker run authelia/authelia:latest authelia hash-password 'yourpassword'
Password hash: $argon2id$v=19$m=65536$3oc26byQuSkQqksq$zM1QiTvVPrMfV6BVLs2t4gM+af5IN7euO0VB6+Q8ZFs Password hash: $argon2id$v=19$m=65536$3oc26byQuSkQqksq$zM1QiTvVPrMfV6BVLs2t4gM+af5IN7euO0VB6+Q8ZFs
You may also use the `--config` flag to point to your existing configuration. When used, the values defined in the config will be used instead.
Full CLI Help Documentation: Full CLI Help Documentation:
``` ```

View File

@ -7,6 +7,7 @@ import (
"github.com/spf13/cobra" "github.com/spf13/cobra"
"github.com/authelia/authelia/v4/internal/authentication" "github.com/authelia/authelia/v4/internal/authentication"
"github.com/authelia/authelia/v4/internal/configuration"
"github.com/authelia/authelia/v4/internal/configuration/schema" "github.com/authelia/authelia/v4/internal/configuration/schema"
"github.com/authelia/authelia/v4/internal/logging" "github.com/authelia/authelia/v4/internal/logging"
) )
@ -27,11 +28,14 @@ func NewHashPasswordCmd() (cmd *cobra.Command) {
cmd.Flags().IntP("parallelism", "p", schema.DefaultPasswordConfiguration.Parallelism, "[argon2id] set the parallelism param") cmd.Flags().IntP("parallelism", "p", schema.DefaultPasswordConfiguration.Parallelism, "[argon2id] set the parallelism param")
cmd.Flags().IntP("key-length", "k", schema.DefaultPasswordConfiguration.KeyLength, "[argon2id] set the key length param") cmd.Flags().IntP("key-length", "k", schema.DefaultPasswordConfiguration.KeyLength, "[argon2id] set the key length param")
cmd.Flags().IntP("salt-length", "l", schema.DefaultPasswordConfiguration.SaltLength, "set the auto-generated salt length") cmd.Flags().IntP("salt-length", "l", schema.DefaultPasswordConfiguration.SaltLength, "set the auto-generated salt length")
cmd.Flags().StringSliceP("config", "c", []string{}, "Configuration files")
return cmd return cmd
} }
func cmdHashPasswordRun(cmd *cobra.Command, args []string) { func cmdHashPasswordRun(cmd *cobra.Command, args []string) {
logger := logging.Logger()
sha512, _ := cmd.Flags().GetBool("sha512") sha512, _ := cmd.Flags().GetBool("sha512")
iterations, _ := cmd.Flags().GetInt("iterations") iterations, _ := cmd.Flags().GetInt("iterations")
salt, _ := cmd.Flags().GetString("salt") salt, _ := cmd.Flags().GetString("salt")
@ -39,6 +43,25 @@ func cmdHashPasswordRun(cmd *cobra.Command, args []string) {
saltLength, _ := cmd.Flags().GetInt("salt-length") saltLength, _ := cmd.Flags().GetInt("salt-length")
memory, _ := cmd.Flags().GetInt("memory") memory, _ := cmd.Flags().GetInt("memory")
parallelism, _ := cmd.Flags().GetInt("parallelism") parallelism, _ := cmd.Flags().GetInt("parallelism")
configs, _ := cmd.Flags().GetStringSlice("config")
if len(configs) > 0 {
val := schema.NewStructValidator()
_, config, err := configuration.Load(val, configuration.NewDefaultSources(configs, configuration.DefaultEnvPrefix, configuration.DefaultEnvDelimiter)...)
if err != nil {
logger.Fatalf("Error occurred loading configuration: %v", err)
}
if config.AuthenticationBackend.File != nil && config.AuthenticationBackend.File.Password != nil {
sha512 = config.AuthenticationBackend.File.Password.Algorithm == "sha512"
iterations = config.AuthenticationBackend.File.Password.Iterations
keyLength = config.AuthenticationBackend.File.Password.KeyLength
saltLength = config.AuthenticationBackend.File.Password.SaltLength
memory = config.AuthenticationBackend.File.Password.Memory
parallelism = config.AuthenticationBackend.File.Password.Parallelism
}
}
var ( var (
hash string hash string