register_new_matrix_user: add password-file flag

getpass in python expects stdin to be a tty, hence we cannot just pipe into register_new_matrix_user. --password-file instead works better and it would also allow the use of stdin if /dev/stdin is passed. Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> Signed-off-by: Jörg Thalheim <joerg@thalheim.io>
2024-06-28 05:43:30 +00:00 · 2024-06-11 11:40:47 +02:00 · 2024-06-11 11:40:47 +02:00 · bc199a27f2
parent 2c36a679ae
commit bc199a27f2
3 changed files with 24 additions and 7 deletions
--- a/changelog.d/17294.feature
+++ b/changelog.d/17294.feature
@ -0,0 +1,2 @@
+`register_new_matrix_user` now supports a --password-file flag, which
+is useful for scripting.
--- a/debian/register_new_matrix_user.ronn
+++ b/debian/register_new_matrix_user.ronn
@ -31,8 +31,13 @@ A sample YAML file accepted by `register_new_matrix_user` is described below:
    Local part of the new user. Will prompt if omitted.

  * `-p`, `--password`:
-    New password for user. Will prompt if omitted. Supplying the password
-    on the command line is not recommended. Use the STDIN instead.
+    New password for user. Will prompt if this option and `--password-file` are omitted.
+    Supplying the password on the command line is not recommended.
+    Use `--password-file` if possible.
+
+  * `--password-file`:
+    File containing the new password for user. If set, overrides `--password`.
+    This is a more secure alternative to specifying the password on the command line.

  * `-a`, `--admin`:
    Register new user as an admin. Will prompt if omitted.
--- a/synapse/_scripts/register_new_matrix_user.py
+++ b/synapse/_scripts/register_new_matrix_user.py
@ -173,11 +173,18 @@ def main() -> None:
        default=None,
        help="Local part of the new user. Will prompt if omitted.",
    )
-    parser.add_argument(
+    password_group = parser.add_mutually_exclusive_group()
+    password_group.add_argument(
        "-p",
        "--password",
        default=None,
-        help="New password for user. Will prompt if omitted.",
+        help="New password for user. Will prompt for a password if "
+        "this flag and `--password-file` are both omitted.",
+    )
+    password_group.add_argument(
+        "--password-file",
+        default=None,
+        help="File containing the new password for user. If set, will override `--password`.",
    )
    parser.add_argument(
        "-t",
@ -247,6 +254,11 @@ def main() -> None:
            print(_NO_SHARED_SECRET_OPTS_ERROR, file=sys.stderr)
            sys.exit(1)

+    if args.password_file:
+        password = _read_file(args.password_file, "password-file").strip()
+    else:
+        password = args.password
+
    if args.server_url:
        server_url = args.server_url
    elif config is not None:
@ -269,9 +281,7 @@ def main() -> None:
    if args.admin or args.no_admin:
        admin = args.admin

-    register_new_user(
-        args.user, args.password, server_url, secret, admin, args.user_type
-    )
+    register_new_user(args.user, password, server_url, secret, admin, args.user_type)


 def _read_file(file_path: Any, config_path: str) -> str: