Hash etherpad passwords

src/freedombone-app-etherpad

@@ -53,20 +53,24 @@ etherpad_variables=(ETHERPAD_COMMIT
                     DDNS_PROVIDER
                     MY_USERNAME)
 
+function etherpad_password_hash {
+    echo $(python -c "from passlib.hash import bcrypt;print(bcrypt.encrypt(\"$1\", rounds=10))")
+}
+
 function change_password_etherpad {
     change_username="$1"
-    new_user_password="$2"
+    new_user_password=$(etherpad_password_hash "$2")
 
     read_config_param ETHERPAD_DOMAIN_NAME
 
     if grep "\"$change_username\": {" /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json; then
         user_line=$(cat /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json | grep "\"$change_username\": {")
         if [[ "$user_line" == *"\"is_admin\": true"* ]]; then
-            sed -i "s|\"$change_username\": {.*|\"$change_username\": { \"password\": \"$new_user_password\", \"is_admin\": true }|g" /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
+            sed -i "s|\"$change_username\": {.*|\"$change_username\": { \"hash\": \"$new_user_password\", \"is_admin\": true }|g" /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
         else
-            sed -i "s|\"$change_username\": {.*|\"$change_username\": { \"password\": \"$new_user_password\", \"is_admin\": false },|g" /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
+            sed -i "s|\"$change_username\": {.*|\"$change_username\": { \"hash\": \"$new_user_password\", \"is_admin\": false },|g" /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
         fi
-        ${PROJECT_NAME}-pass -u $change_username -a etherpad -p "$new_user_password"
+        ${PROJECT_NAME}-pass -u $change_username -a etherpad -p "$2"
         systemctl restart etherpad
     fi
 }
@@ -146,7 +150,7 @@ function create_etherpad_settings {
     echo '  "disableIPlogging" : true,' >> $settings_file
 
     echo '  "users": {' >> $settings_file
-    echo "    \"${MY_USERNAME}\": { \"password\": \"${ETHERPAD_ADMIN_PASSWORD}\", \"is_admin\": true }" >> $settings_file
+    echo "    \"${MY_USERNAME}\": { \"hash\": \"$(etherpad_password_hash "${ETHERPAD_ADMIN_PASSWORD}")\", \"is_admin\": true }" >> $settings_file
     echo '  },' >> $settings_file
 
     echo '  "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"],' >> $settings_file
@@ -187,12 +191,12 @@ function remove_user_etherpad {
 
 function add_user_etherpad {
     new_username="$1"
-    new_user_password="$2"
+    new_user_password=$(etherpad_password_hash "$2")
     settings_file=/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
 
     if ! grep -q "\"$new_username\": {" $settings_file; then
         ${PROJECT_NAME}-pass -u $new_username -a etherpad -p "$new_user_password"
-        sed -i "/\"users\": {/a    \"$new_username\": { \"password\": \"$new_user_password\", \"is_admin\": false }," $settings_file
+        sed -i "/\"users\": {/a    \"$new_username\": { \"hash\": \"$new_user_password\", \"is_admin\": false }," $settings_file
         if grep -q "\"$new_username\": {" $settings_file; then
             systemctl restart etherpad
         else
@@ -458,7 +462,8 @@ function install_etherpad {
     repair_databases_script
 
     apt-get -yq install gzip git curl python libssl-dev pkg-config \
-            build-essential python g++ make checkinstall
+            build-essential python g++ make checkinstall \
+            python-bcrypt python-passlib
 
     function_check install_nodejs
     install_nodejs etherpad