From ca960da58f72e5fa207bf567d35351ff4611f445 Mon Sep 17 00:00:00 2001
From: rht <rhtbot@protonmail.com>
Date: Tue, 18 Jul 2017 05:50:54 +0200
Subject: [PATCH] create_user: Receive password input from a file instead of
 shell arg.

This is to be used for the case of container orchestration instead of
shell arg to prevent snooping by any user account on the server via `ps
-ef` or any superuser with read access to the user\'s bash history.
---
 zerver/management/commands/create_user.py | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/zerver/management/commands/create_user.py b/zerver/management/commands/create_user.py
index 9ed69c70d2..177aaf2644 100644
--- a/zerver/management/commands/create_user.py
+++ b/zerver/management/commands/create_user.py
@@ -41,9 +41,16 @@ Omit both <email> and <full name> for interactive user creation.
                             dest='password',
                             type=str,
                             default='',
-                            help='password of new user.  Note that we recommend against setting '
+                            help='password of new user. For development only.'
+                                 'Note that we recommend against setting '
                                  'passwords this way, since they can be snooped by any user account '
-                                 'on the server via `ps -ef`.')
+                                 'on the server via `ps -ef` or by any superuser with'
+                                 'read access to the user\'s bash history.')
+        parser.add_argument('--password-file',
+                            dest='password_file',
+                            type=str,
+                            default='',
+                            help='The file containing the password of the new user.')
         parser.add_argument('email', metavar='<email>', type=str, nargs='?', default=argparse.SUPPRESS,
                             help='email address of new user')
         parser.add_argument('full_name', metavar='<full name>', type=str, nargs='?', default=argparse.SUPPRESS,
@@ -85,7 +92,12 @@ parameters, or specify no parameters for interactive user creation.""")
                 full_name = input("Full name: ")
 
         try:
-            pw = options.get('password', initial_password(email))
+            if 'password' in options:
+                pw = options['password']
+            if 'password_file' in options:
+                pw = open(options['password_file'], 'r').read()
+            else:
+                pw = initial_password(email).encode()
             notify_new_user(do_create_user(email, pw,
                                            realm, full_name, email_to_username(email)),
                             internal=True)