From 97c3d988161f69821f00b722aafaea4fcb31759f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Tue, 18 Jun 2024 17:21:51 +0200 Subject: [PATCH] register_new_matrix_user: add password-file flag (#17294) Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> Co-authored-by: Andrew Morgan --- changelog.d/17294.feature | 2 ++ debian/changelog | 6 ++++++ debian/register_new_matrix_user.ronn | 8 ++++++-- synapse/_scripts/register_new_matrix_user.py | 20 +++++++++++++++----- 4 files changed, 29 insertions(+), 7 deletions(-) create mode 100644 changelog.d/17294.feature diff --git a/changelog.d/17294.feature b/changelog.d/17294.feature new file mode 100644 index 0000000000..33aac7b0bc --- /dev/null +++ b/changelog.d/17294.feature @@ -0,0 +1,2 @@ +`register_new_matrix_user` now supports a --password-file flag, which +is useful for scripting. diff --git a/debian/changelog b/debian/changelog index e9b05f8553..55e17bd868 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +matrix-synapse-py3 (1.109.0+nmu1) UNRELEASED; urgency=medium + + * `register_new_matrix_user` now supports a --password-file flag. + + -- Synapse Packaging team Tue, 18 Jun 2024 13:29:36 +0100 + matrix-synapse-py3 (1.109.0) stable; urgency=medium * New synapse release 1.109.0. diff --git a/debian/register_new_matrix_user.ronn b/debian/register_new_matrix_user.ronn index 0410b1f4cd..963e67c004 100644 --- a/debian/register_new_matrix_user.ronn +++ b/debian/register_new_matrix_user.ronn @@ -31,8 +31,12 @@ A sample YAML file accepted by `register_new_matrix_user` is described below: Local part of the new user. Will prompt if omitted. * `-p`, `--password`: - New password for user. Will prompt if omitted. Supplying the password - on the command line is not recommended. Use the STDIN instead. + New password for user. Will prompt if this option and `--password-file` are omitted. + Supplying the password on the command line is not recommended. + + * `--password-file`: + File containing the new password for user. If set, overrides `--password`. + This is a more secure alternative to specifying the password on the command line. * `-a`, `--admin`: Register new user as an admin. Will prompt if omitted. diff --git a/synapse/_scripts/register_new_matrix_user.py b/synapse/_scripts/register_new_matrix_user.py index 77a7129ee2..972b35e2dc 100644 --- a/synapse/_scripts/register_new_matrix_user.py +++ b/synapse/_scripts/register_new_matrix_user.py @@ -173,11 +173,18 @@ def main() -> None: default=None, help="Local part of the new user. Will prompt if omitted.", ) - parser.add_argument( + password_group = parser.add_mutually_exclusive_group() + password_group.add_argument( "-p", "--password", default=None, - help="New password for user. Will prompt if omitted.", + help="New password for user. Will prompt for a password if " + "this flag and `--password-file` are both omitted.", + ) + password_group.add_argument( + "--password-file", + default=None, + help="File containing the new password for user. If set, will override `--password`.", ) parser.add_argument( "-t", @@ -247,6 +254,11 @@ def main() -> None: print(_NO_SHARED_SECRET_OPTS_ERROR, file=sys.stderr) sys.exit(1) + if args.password_file: + password = _read_file(args.password_file, "password-file").strip() + else: + password = args.password + if args.server_url: server_url = args.server_url elif config is not None: @@ -269,9 +281,7 @@ def main() -> None: if args.admin or args.no_admin: admin = args.admin - register_new_user( - args.user, args.password, server_url, secret, admin, args.user_type - ) + register_new_user(args.user, password, server_url, secret, admin, args.user_type) def _read_file(file_path: Any, config_path: str) -> str: