mirror of https://github.com/zulip/zulip.git
create_user: Receive password input from a file instead of shell arg.
This is to be used for the case of container orchestration instead of shell arg to prevent snooping by any user account on the server via `ps -ef` or any superuser with read access to the user\'s bash history.
This commit is contained in:
parent
b8b0cd41d0
commit
ca960da58f
|
@ -41,9 +41,16 @@ Omit both <email> and <full name> for interactive user creation.
|
||||||
dest='password',
|
dest='password',
|
||||||
type=str,
|
type=str,
|
||||||
default='',
|
default='',
|
||||||
help='password of new user. Note that we recommend against setting '
|
help='password of new user. For development only.'
|
||||||
|
'Note that we recommend against setting '
|
||||||
'passwords this way, since they can be snooped by any user account '
|
'passwords this way, since they can be snooped by any user account '
|
||||||
'on the server via `ps -ef`.')
|
'on the server via `ps -ef` or by any superuser with'
|
||||||
|
'read access to the user\'s bash history.')
|
||||||
|
parser.add_argument('--password-file',
|
||||||
|
dest='password_file',
|
||||||
|
type=str,
|
||||||
|
default='',
|
||||||
|
help='The file containing the password of the new user.')
|
||||||
parser.add_argument('email', metavar='<email>', type=str, nargs='?', default=argparse.SUPPRESS,
|
parser.add_argument('email', metavar='<email>', type=str, nargs='?', default=argparse.SUPPRESS,
|
||||||
help='email address of new user')
|
help='email address of new user')
|
||||||
parser.add_argument('full_name', metavar='<full name>', type=str, nargs='?', default=argparse.SUPPRESS,
|
parser.add_argument('full_name', metavar='<full name>', type=str, nargs='?', default=argparse.SUPPRESS,
|
||||||
|
@ -85,7 +92,12 @@ parameters, or specify no parameters for interactive user creation.""")
|
||||||
full_name = input("Full name: ")
|
full_name = input("Full name: ")
|
||||||
|
|
||||||
try:
|
try:
|
||||||
pw = options.get('password', initial_password(email))
|
if 'password' in options:
|
||||||
|
pw = options['password']
|
||||||
|
if 'password_file' in options:
|
||||||
|
pw = open(options['password_file'], 'r').read()
|
||||||
|
else:
|
||||||
|
pw = initial_password(email).encode()
|
||||||
notify_new_user(do_create_user(email, pw,
|
notify_new_user(do_create_user(email, pw,
|
||||||
realm, full_name, email_to_username(email)),
|
realm, full_name, email_to_username(email)),
|
||||||
internal=True)
|
internal=True)
|
||||||
|
|
Loading…
Reference in New Issue