From cebc7aa5dc4891ba89b00b10ceb0682770ce4430 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sat, 6 Jan 2018 17:06:13 +0000
Subject: [PATCH] Don't use hashing for etherpad passwords. They're still
 somewhat defended by TLS or onion encryption The previous bcrypt hash no
 longer works

---
 src/freedombone-app-etherpad | 16 ++++++----------
 1 file changed, 6 insertions(+), 10 deletions(-)

diff --git a/src/freedombone-app-etherpad b/src/freedombone-app-etherpad
index 5acce614..ba0c44aa 100755
--- a/src/freedombone-app-etherpad
+++ b/src/freedombone-app-etherpad
@@ -60,22 +60,18 @@ function logging_off_etherpad {
     echo -n ''
 }
 
-function etherpad_password_hash {
-    echo $(python -c "from passlib.hash import bcrypt;print(bcrypt.encrypt(\"$1\", rounds=10))")
-}
-
 function change_password_etherpad {
     change_username="$1"
-    new_user_password=$(etherpad_password_hash "$2")
+    new_user_password="$2"
 
     read_config_param ETHERPAD_DOMAIN_NAME
 
     if grep -q "\"$change_username\": {" /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json; then
         user_line=$(cat /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json | grep "\"$change_username\": {")
         if [[ "$user_line" == *"\"is_admin\": true"* ]]; then
-            sed -i "s|\"$change_username\": {.*|\"$change_username\": { \"hash\": \"$new_user_password\", \"is_admin\": true }|g" /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
+            sed -i "s|\"$change_username\": {.*|\"$change_username\": { \"password\": "$new_user_password", \"is_admin\": true }|g" /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
         else
-            sed -i "s|\"$change_username\": {.*|\"$change_username\": { \"hash\": \"$new_user_password\", \"is_admin\": false },|g" /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
+            sed -i "s|\"$change_username\": {.*|\"$change_username\": { \"password\": "$new_user_password", \"is_admin\": false },|g" /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
         fi
         ${PROJECT_NAME}-pass -u $change_username -a etherpad -p "$2"
         systemctl restart etherpad
@@ -149,7 +145,7 @@ function create_etherpad_settings {
     echo '  "disableIPlogging" : true,' >> $settings_file
 
     echo '  "users": {' >> $settings_file
-    echo "    \"${MY_USERNAME}\": { \"hash\": \"$(etherpad_password_hash "${ETHERPAD_ADMIN_PASSWORD}")\", \"is_admin\": true }" >> $settings_file
+    echo "    \"${MY_USERNAME}\": { \"password\": \"${ETHERPAD_ADMIN_PASSWORD}\", \"is_admin\": true }" >> $settings_file
     echo '  },' >> $settings_file
 
     echo '  "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"],' >> $settings_file
@@ -191,12 +187,12 @@ function remove_user_etherpad {
 
 function add_user_etherpad {
     new_username="$1"
-    new_user_password=$(etherpad_password_hash "$2")
+    new_user_password="$2"
     settings_file=/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
 
     if ! grep -q "\"$new_username\": {" $settings_file; then
         ${PROJECT_NAME}-pass -u $new_username -a etherpad -p "$2"
-        sed -i "/\"users\": {/a    \"$new_username\": { \"hash\": \"$new_user_password\", \"is_admin\": false }," $settings_file
+        sed -i "/\"users\": {/a    \"$new_username\": { \"password\": \"$new_user_password\", \"is_admin\": false }," $settings_file
         if grep -q "\"$new_username\": {" $settings_file; then
             systemctl restart etherpad
         else