free
/
freedomboneeee
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Don't use hashing for etherpad passwords. They're still somewhat defended by TLS or onion encryption The previous bcrypt hash no longer works

This commit is contained in:
Bob Mottram 2018-01-06 17:06:13 +00:00
parent cf1ea58e44
commit cebc7aa5dc
1 changed files with 6 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/freedombone-app-etherpad
View File

@ -60,22 +60,18 @@ function logging_off_etherpad {
echo -n '' echo -n ''
} }
function etherpad_password_hash {
echo $(python -c "from passlib.hash import bcrypt;print(bcrypt.encrypt(\"$1\", rounds=10))")
}
function change_password_etherpad { function change_password_etherpad {
change_username="$1" change_username="$1"
new_user_password=$(etherpad_password_hash "$2") new_user_password="$2"
read_config_param ETHERPAD_DOMAIN_NAME read_config_param ETHERPAD_DOMAIN_NAME
if grep -q "\"$change_username\": {" /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json; then if grep -q "\"$change_username\": {" /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json; then
user_line=$(cat /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json | grep "\"$change_username\": {") user_line=$(cat /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json | grep "\"$change_username\": {")
if [[ "$user_line" == *"\"is_admin\": true"* ]]; then if [[ "$user_line" == *"\"is_admin\": true"* ]]; then
sed -i "s|\"$change_username\": {.*|\"$change_username\": { \"hash\": \"$new_user_password\", \"is_admin\": true }|g" /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json sed -i "s|\"$change_username\": {.*|\"$change_username\": { \"password\": "$new_user_password", \"is_admin\": true }|g" /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
else else
sed -i "s|\"$change_username\": {.*|\"$change_username\": { \"hash\": \"$new_user_password\", \"is_admin\": false },|g" /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json sed -i "s|\"$change_username\": {.*|\"$change_username\": { \"password\": "$new_user_password", \"is_admin\": false },|g" /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
fi fi
${PROJECT_NAME}-pass -u $change_username -a etherpad -p "$2" ${PROJECT_NAME}-pass -u $change_username -a etherpad -p "$2"
systemctl restart etherpad systemctl restart etherpad
@ -149,7 +145,7 @@ function create_etherpad_settings {
echo ' "disableIPlogging" : true,' >> $settings_file echo ' "disableIPlogging" : true,' >> $settings_file
echo ' "users": {' >> $settings_file echo ' "users": {' >> $settings_file
echo " \"${MY_USERNAME}\": { \"hash\": \"$(etherpad_password_hash "${ETHERPAD_ADMIN_PASSWORD}")\", \"is_admin\": true }" >> $settings_file echo " \"${MY_USERNAME}\": { \"password\": \"${ETHERPAD_ADMIN_PASSWORD}\", \"is_admin\": true }" >> $settings_file
echo ' },' >> $settings_file echo ' },' >> $settings_file
echo ' "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"],' >> $settings_file echo ' "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"],' >> $settings_file
@ -191,12 +187,12 @@ function remove_user_etherpad {
function add_user_etherpad { function add_user_etherpad {
new_username="$1" new_username="$1"
new_user_password=$(etherpad_password_hash "$2") new_user_password="$2"
settings_file=/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json settings_file=/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
if ! grep -q "\"$new_username\": {" $settings_file; then if ! grep -q "\"$new_username\": {" $settings_file; then
${PROJECT_NAME}-pass -u $new_username -a etherpad -p "$2" ${PROJECT_NAME}-pass -u $new_username -a etherpad -p "$2"
sed -i "/\"users\": {/a \"$new_username\": { \"hash\": \"$new_user_password\", \"is_admin\": false }," $settings_file sed -i "/\"users\": {/a \"$new_username\": { \"password\": \"$new_user_password\", \"is_admin\": false }," $settings_file
if grep -q "\"$new_username\": {" $settings_file; then if grep -q "\"$new_username\": {" $settings_file; then
systemctl restart etherpad systemctl restart etherpad
else else