// runSetUser prompts for a password, then inserts the user and hash
// into the system.users table.
// TODO(marc): once we have more fields in the user, we will need
// to allow changing just some of them (eg: change email, but leave password).
func runSetUser(cmd *cobra.Command, args []string) error {
if len(args) != 1 {
return usageAndError(cmd)
}
var err error
var hashed []byte
switch password {
case "":
hashed, err = security.PromptForPasswordAndHash()
if err != nil {
return err
}
case "-":
scanner := bufio.NewScanner(os.Stdin)
if scanner.Scan() {
hashed, err = security.HashPassword(scanner.Text())
if err != nil {
return err
}
if scanner.Scan() {
return errors.New("multiline passwords are not permitted")
}
if err := scanner.Err(); err != nil {
return err
}
} else {
if err := scanner.Err(); err != nil {
return err
}
}
default:
hashed, err = security.HashPassword(password)
if err != nil {
return err
}
}
// Only security.RootUser can set passwords.
// TODO(asubiotto): Implement appropriate server-side authorization rules
// for users to be able to change their own passwords.
if connUser != security.RootUser {
return fmt.Errorf("only %s is allowed to set passwords", security.RootUser)
}
conn, err := makeSQLClient(url.User(security.RootUser))
if err != nil {
return err
}
defer conn.Close()
return runQueryAndFormatResults(conn, os.Stdout,
makeQuery(`UPSERT INTO system.users VALUES ($1, $2)`, args[0], hashed), cliCtx.prettyFmt)
}
// runSetUser prompts for a password, then inserts the user and hash
// into the system.users table.
// TODO(marc): once we have more fields in the user, we will need
// to allow changing just some of them (eg: change email, but leave password).
func runSetUser(cmd *cobra.Command, args []string) error {
if len(args) != 1 {
return usageAndError(cmd)
}
var err error
var hashed []byte
if password {
hashed, err = security.PromptForPasswordAndHash()
if err != nil {
return err
}
} else {
hashed, err = security.HashPassword("")
if err != nil {
return err
}
}
conn, err := getPasswordAndMakeSQLClient()
if err != nil {
return err
}
defer conn.Close()
// TODO(asubiotto): Implement appropriate server-side authorization rules
// for users to be able to change their own passwords.
return runQueryAndFormatResults(conn, os.Stdout,
makeQuery(`UPSERT INTO system.users VALUES ($1, $2)`, args[0], hashed), cliCtx.prettyFmt)
}