hydra-create-user: support Argon2
[?]
Apr 15, 2021, 3:14 PM
XXHU6BCODIAQ2LJMXTYTY3YY36PZDPUQPS4JDHILISDLJZ62EDYQCDependencies
- [2]
BVFH3BWMhydra-create-user now has `--password-hash` option (#504) - [3]
XHOZT4WTAdd a command `hydra-create-user' for managing user accounts - [4]
3YHNO5H2Don't use Perl's -w flag - [5]
7VHPMFAGUse /usr/bin/env to find perl - [6]
BPT4WJ7URemove Persona support - [7]
GNQYRBAGImplement GitHub logins
Change contents
- edit in src/script/hydra-create-user at line 8
use Digest::SHA1 qw(sha1_hex); - replacement in src/script/hydra-create-user at line 10
print <<EOF;Usage: $0 NAMEprint q%Usage: hydra-create-user NAME - replacement in src/script/hydra-create-user at line 17
[--password-hash SHA1-HASH][--password-hash HASH] - replacement in src/script/hydra-create-user at line 27
Example:\$ hydra-create-user alice --password foobar --role adminEOF* PASSWORD HASHThe password hash should be an Argon2id hash, which can be generatedvia:$ nix-shell -p libargon2[nix-shell]$ argon2 "$(LC_ALL=C tr -dc '[:alnum:]' < /dev/urandom | head -c16)" -id -t 3 -k 262144 -p 1 -l 16 -efoobarCtrl^D$argon2id$v=19$m=262144,t=3,p=1$NFU1QXJRNnc4V1BhQ0NJQg$6GHqjqv5cNDDwZqrqUD0zQSHA1 is also accepted, but SHA1 support is deprecated and the user'spassword will be upgraded to Argon2id on first login.Examples:Create a user with an argon2 password:$ hydra-create-user alice --password-hash '$argon2id$v=19$m=262144,t=3,p=1$NFU1QXJRNnc4V1BhQ0NJQg$6GHqjqv5cNDDwZqrqUD0zQ' --role adminCreate a user with a password insecurely provided on the commandline:$ hydra-create-user alice --password foobar --role admin%; - edit in src/script/hydra-create-user at line 108
- replacement in src/script/hydra-create-user at line 110
$passwordHash = sha1_hex($password);$user->setPassword($password);