hydra-create-user: support Argon2

[?]
Apr 15, 2021, 3:14 PM
XXHU6BCODIAQ2LJMXTYTY3YY36PZDPUQPS4JDHILISDLJZ62EDYQC

Dependencies

  • [2] BVFH3BWM hydra-create-user now has `--password-hash` option (#504)
  • [3] XHOZT4WT Add a command `hydra-create-user' for managing user accounts
  • [4] 3YHNO5H2 Don't use Perl's -w flag
  • [5] 7VHPMFAG Use /usr/bin/env to find perl
  • [6] BPT4WJ7U Remove Persona support
  • [7] GNQYRBAG Implement GitHub logins

Change contents

  • edit in src/script/hydra-create-user at line 8
    [3.585][3.585:616]()
    use Digest::SHA1 qw(sha1_hex);
  • replacement in src/script/hydra-create-user at line 10
    [3.632][3.632:664]()
    print <<EOF;
    Usage: $0 NAME
    [3.632]
    [3.664]
    print q%
    Usage: hydra-create-user NAME
  • replacement in src/script/hydra-create-user at line 17
    [3.795][2.0:30]()
    [--password-hash SHA1-HASH]
    [3.795]
    [3.795]
    [--password-hash HASH]
  • replacement in src/script/hydra-create-user at line 27
    [3.1108][3.1108:1181]()
    Example:
    \$ hydra-create-user alice --password foobar --role admin
    EOF
    [3.1108]
    [3.1181]
    * PASSWORD HASH
    The password hash should be an Argon2id hash, which can be generated
    via:
    $ nix-shell -p libargon2
    [nix-shell]$ argon2 "$(LC_ALL=C tr -dc '[:alnum:]' < /dev/urandom | head -c16)" -id -t 3 -k 262144 -p 1 -l 16 -e
    foobar
    Ctrl^D
    $argon2id$v=19$m=262144,t=3,p=1$NFU1QXJRNnc4V1BhQ0NJQg$6GHqjqv5cNDDwZqrqUD0zQ
    SHA1 is also accepted, but SHA1 support is deprecated and the user's
    password will be upgraded to Argon2id on first login.
    Examples:
    Create a user with an argon2 password:
    $ hydra-create-user alice --password-hash '$argon2id$v=19$m=262144,t=3,p=1$NFU1QXJRNnc4V1BhQ0NJQg$6GHqjqv5cNDDwZqrqUD0zQ' --role admin
    Create a user with a password insecurely provided on the commandline:
    $ hydra-create-user alice --password foobar --role admin
    %;
  • edit in src/script/hydra-create-user at line 108
    [3.3085]
    [2.257]
  • replacement in src/script/hydra-create-user at line 110
    [2.318][2.318:367]()
    $passwordHash = sha1_hex($password);
    [2.318]
    [2.367]
    $user->setPassword($password);