summary refs log tree commit diff
path: root/scripts/hash_password
diff options
context:
space:
mode:
authorErik Johnston <erikj@jki.re>2016-07-06 09:59:59 +0100
committerGitHub <noreply@github.com>2016-07-06 09:59:59 +0100
commit2e3c8acc68f4a2358aaba8363c7eaeaded2b329a (patch)
tree7e98683829b1b0a34038819f8f02992bd882c067 /scripts/hash_password
parentMerge pull request #904 from matrix-org/dbkr/register_email_no_untrusted_id_s... (diff)
parentUpdate password config comment (diff)
downloadsynapse-2e3c8acc68f4a2358aaba8363c7eaeaded2b329a.tar.xz
Merge pull request #910 from KentShikama/hash_password_followup
Follow up to adding password pepper
Diffstat (limited to 'scripts/hash_password')
-rwxr-xr-xscripts/hash_password18
1 files changed, 17 insertions, 1 deletions
diff --git a/scripts/hash_password b/scripts/hash_password
index e784600989..215ab25cfe 100755
--- a/scripts/hash_password
+++ b/scripts/hash_password
@@ -1,10 +1,16 @@
 #!/usr/bin/env python
 
 import argparse
+
+import sys
+
 import bcrypt
 import getpass
 
+import yaml
+
 bcrypt_rounds=12
+password_pepper = ""
 
 def prompt_for_pass():
     password = getpass.getpass("Password: ")
@@ -28,12 +34,22 @@ if __name__ == "__main__":
         default=None,
         help="New password for user. Will prompt if omitted.",
     )
+    parser.add_argument(
+        "-c", "--config",
+        type=argparse.FileType('r'),
+        help="Path to server config file. Used to read in bcrypt_rounds and password_pepper.",
+    )
 
     args = parser.parse_args()
+    if "config" in args and args.config:
+        config = yaml.safe_load(args.config)
+        bcrypt_rounds = config.get("bcrypt_rounds", bcrypt_rounds)
+        password_config = config.get("password_config", {})
+        password_pepper = password_config.get("pepper", password_pepper)
     password = args.password
 
     if not password:
         password = prompt_for_pass()
 
-    print bcrypt.hashpw(password, bcrypt.gensalt(bcrypt_rounds))
+    print bcrypt.hashpw(password + password_pepper, bcrypt.gensalt(bcrypt_rounds))