// runSetUser prompts for a password, then inserts the user and hash // into the system.users table. // TODO(marc): once we have more fields in the user, we will need // to allow changing just some of them (eg: change email, but leave password). func runSetUser(cmd *cobra.Command, args []string) error { if len(args) != 1 { return usageAndError(cmd) } var err error var hashed []byte if password { hashed, err = security.PromptForPasswordAndHash() if err != nil { return err } } else { hashed, err = security.HashPassword("") if err != nil { return err } } conn, err := getPasswordAndMakeSQLClient() if err != nil { return err } defer conn.Close() // TODO(asubiotto): Implement appropriate server-side authorization rules // for users to be able to change their own passwords. return runQueryAndFormatResults(conn, os.Stdout, makeQuery(`UPSERT INTO system.users VALUES ($1, $2)`, args[0], hashed), cliCtx.prettyFmt) }
// runSetUser prompts for a password, then inserts the user and hash // into the system.users table. // TODO(marc): once we have more fields in the user, we will need // to allow changing just some of them (eg: change email, but leave password). func runSetUser(cmd *cobra.Command, args []string) error { if len(args) != 1 { return usageAndError(cmd) } var err error var hashed []byte switch password { case "": hashed, err = security.PromptForPasswordAndHash() if err != nil { return err } case "-": scanner := bufio.NewScanner(os.Stdin) if scanner.Scan() { hashed, err = security.HashPassword(scanner.Text()) if err != nil { return err } if scanner.Scan() { return errors.New("multiline passwords are not permitted") } if err := scanner.Err(); err != nil { return err } } else { if err := scanner.Err(); err != nil { return err } } default: hashed, err = security.HashPassword(password) if err != nil { return err } } // Only security.RootUser can set passwords. // TODO(asubiotto): Implement appropriate server-side authorization rules // for users to be able to change their own passwords. if connUser != security.RootUser { return fmt.Errorf("only %s is allowed to set passwords", security.RootUser) } conn, err := makeSQLClient(url.User(security.RootUser)) if err != nil { return err } defer conn.Close() return runQueryAndFormatResults(conn, os.Stdout, makeQuery(`UPSERT INTO system.users VALUES ($1, $2)`, args[0], hashed), cliCtx.prettyFmt) }