Don't use hashing for etherpad passwords. They're still somewhat defended by TLS or onion encryption The previous bcrypt hash no longer works

2018-01-06 17:06:13 +00:00 · 2018-01-06 17:06:13 +00:00 · cebc7aa5dc
parent cf1ea58e44
commit cebc7aa5dc
1 changed files with 6 additions and 10 deletions
--- a/src/freedombone-app-etherpad
+++ b/src/freedombone-app-etherpad
@ -60,22 +60,18 @@ function logging_off_etherpad {
    echo -n ''
 }

-function etherpad_password_hash {
-    echo $(python -c "from passlib.hash import bcrypt;print(bcrypt.encrypt(\"$1\", rounds=10))")
-}
-
 function change_password_etherpad {
    change_username="$1"
-    new_user_password=$(etherpad_password_hash "$2")
+    new_user_password="$2"

    read_config_param ETHERPAD_DOMAIN_NAME

    if grep -q "\"$change_username\": {" /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json; then
        user_line=$(cat /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json | grep "\"$change_username\": {")
        if [[ "$user_line" == *"\"is_admin\": true"* ]]; then
-            sed -i "s|\"$change_username\": {.*|\"$change_username\": { \"hash\": \"$new_user_password\", \"is_admin\": true }|g" /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
+            sed -i "s|\"$change_username\": {.*|\"$change_username\": { \"password\": "$new_user_password", \"is_admin\": true }|g" /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
        else
-            sed -i "s|\"$change_username\": {.*|\"$change_username\": { \"hash\": \"$new_user_password\", \"is_admin\": false },|g" /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
+            sed -i "s|\"$change_username\": {.*|\"$change_username\": { \"password\": "$new_user_password", \"is_admin\": false },|g" /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
        fi
        ${PROJECT_NAME}-pass -u $change_username -a etherpad -p "$2"
        systemctl restart etherpad
@ -149,7 +145,7 @@ function create_etherpad_settings {
    echo '  "disableIPlogging" : true,' >> $settings_file

    echo '  "users": {' >> $settings_file
-    echo "    \"${MY_USERNAME}\": { \"hash\": \"$(etherpad_password_hash "${ETHERPAD_ADMIN_PASSWORD}")\", \"is_admin\": true }" >> $settings_file
+    echo "    \"${MY_USERNAME}\": { \"password\": \"${ETHERPAD_ADMIN_PASSWORD}\", \"is_admin\": true }" >> $settings_file
    echo '  },' >> $settings_file

    echo '  "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"],' >> $settings_file
@ -191,12 +187,12 @@ function remove_user_etherpad {

 function add_user_etherpad {
    new_username="$1"
-    new_user_password=$(etherpad_password_hash "$2")
+    new_user_password="$2"
    settings_file=/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json

    if ! grep -q "\"$new_username\": {" $settings_file; then
        ${PROJECT_NAME}-pass -u $new_username -a etherpad -p "$2"
-        sed -i "/\"users\": {/a    \"$new_username\": { \"hash\": \"$new_user_password\", \"is_admin\": false }," $settings_file
+        sed -i "/\"users\": {/a    \"$new_username\": { \"password\": \"$new_user_password\", \"is_admin\": false }," $settings_file
        if grep -q "\"$new_username\": {" $settings_file; then
            systemctl restart etherpad
        else