summary refs log tree commit diff
diff options
context:
space:
mode:
authorJörg Thalheim <Mic92@users.noreply.github.com>2024-06-18 17:21:51 +0200
committerGitHub <noreply@github.com>2024-06-18 16:21:51 +0100
commit97c3d988161f69821f00b722aafaea4fcb31759f (patch)
treef30651a502235dc1f3af67a63961223f770cba10
parentMerge branch 'master' into develop (diff)
downloadsynapse-97c3d988161f69821f00b722aafaea4fcb31759f.tar.xz
register_new_matrix_user: add password-file flag (#17294)
Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
Co-authored-by: Andrew Morgan <andrew@amorgan.xyz>
-rw-r--r--changelog.d/17294.feature2
-rw-r--r--debian/changelog6
-rw-r--r--debian/register_new_matrix_user.ronn8
-rw-r--r--synapse/_scripts/register_new_matrix_user.py20
4 files changed, 29 insertions, 7 deletions
diff --git a/changelog.d/17294.feature b/changelog.d/17294.feature
new file mode 100644
index 0000000000..33aac7b0bc
--- /dev/null
+++ b/changelog.d/17294.feature
@@ -0,0 +1,2 @@
+`register_new_matrix_user` now supports a --password-file flag, which
+is useful for scripting.
diff --git a/debian/changelog b/debian/changelog
index e9b05f8553..55e17bd868 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+matrix-synapse-py3 (1.109.0+nmu1) UNRELEASED; urgency=medium
+
+  * `register_new_matrix_user` now supports a --password-file flag.
+
+ -- Synapse Packaging team <packages@matrix.org>  Tue, 18 Jun 2024 13:29:36 +0100
+
 matrix-synapse-py3 (1.109.0) stable; urgency=medium
 
   * New synapse release 1.109.0.
diff --git a/debian/register_new_matrix_user.ronn b/debian/register_new_matrix_user.ronn
index 0410b1f4cd..963e67c004 100644
--- a/debian/register_new_matrix_user.ronn
+++ b/debian/register_new_matrix_user.ronn
@@ -31,8 +31,12 @@ A sample YAML file accepted by `register_new_matrix_user` is described below:
     Local part of the new user. Will prompt if omitted.
 
   * `-p`, `--password`:
-    New password for user. Will prompt if omitted. Supplying the password
-    on the command line is not recommended. Use the STDIN instead.
+    New password for user. Will prompt if this option and `--password-file` are omitted.
+    Supplying the password on the command line is not recommended.
+
+  * `--password-file`:
+    File containing the new password for user. If set, overrides `--password`.
+    This is a more secure alternative to specifying the password on the command line.
 
   * `-a`, `--admin`:
     Register new user as an admin. Will prompt if omitted.
diff --git a/synapse/_scripts/register_new_matrix_user.py b/synapse/_scripts/register_new_matrix_user.py
index 77a7129ee2..972b35e2dc 100644
--- a/synapse/_scripts/register_new_matrix_user.py
+++ b/synapse/_scripts/register_new_matrix_user.py
@@ -173,11 +173,18 @@ def main() -> None:
         default=None,
         help="Local part of the new user. Will prompt if omitted.",
     )
-    parser.add_argument(
+    password_group = parser.add_mutually_exclusive_group()
+    password_group.add_argument(
         "-p",
         "--password",
         default=None,
-        help="New password for user. Will prompt if omitted.",
+        help="New password for user. Will prompt for a password if "
+        "this flag and `--password-file` are both omitted.",
+    )
+    password_group.add_argument(
+        "--password-file",
+        default=None,
+        help="File containing the new password for user. If set, will override `--password`.",
     )
     parser.add_argument(
         "-t",
@@ -247,6 +254,11 @@ def main() -> None:
             print(_NO_SHARED_SECRET_OPTS_ERROR, file=sys.stderr)
             sys.exit(1)
 
+    if args.password_file:
+        password = _read_file(args.password_file, "password-file").strip()
+    else:
+        password = args.password
+
     if args.server_url:
         server_url = args.server_url
     elif config is not None:
@@ -269,9 +281,7 @@ def main() -> None:
     if args.admin or args.no_admin:
         admin = args.admin
 
-    register_new_user(
-        args.user, args.password, server_url, secret, admin, args.user_type
-    )
+    register_new_user(args.user, password, server_url, secret, admin, args.user_type)
 
 
 def _read_file(file_path: Any, config_path: str) -> str: