Home Explore Help
Sign In
RISCI_ATOM
/
synapse
mirror of https://github.com/matrix-org/synapse.git
1
0
Fork 0
Files Issues 3 Wiki
Tree: b378d98c8f
Branches Tags
synapse
/
scripts
/
hash_password

hash_password 2.0 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879 
  1. #!/usr/bin/env python
    2. 

  2. 

  3. import argparse
    4. 

  4. import getpass
    5. 

  5. import sys
    6. 

  6. import unicodedata
    7. 

  7. 

  8. import bcrypt
    9. 

  9. import yaml
    10. 

  10. 

  11. bcrypt_rounds = 12
    12. 

  12. password_pepper = ""
    13. 

  13. 

  14. 

  15. def prompt_for_pass():
    16. 

  16.     password = getpass.getpass("Password: ")
    17. 

  17. 

  18.     if not password:
    19. 

  19.         raise Exception("Password cannot be blank.")
    20. 

  20. 

  21.     confirm_password = getpass.getpass("Confirm password: ")
    22. 

  22. 

  23.     if password != confirm_password:
    24. 

  24.         raise Exception("Passwords do not match.")
    25. 

  25. 

  26.     return password
    27. 

  27. 

  28. 

  29. if __name__ == "__main__":
    30. 

  30.     parser = argparse.ArgumentParser(
    31. 

  31.         description=(
    32. 

  32.             "Calculate the hash of a new password, so that passwords can be reset"
    33. 

  33.         )
    34. 

  34.     )
    35. 

  35.     parser.add_argument(
    36. 

  36.         "-p",
    37. 

  37.         "--password",
    38. 

  38.         default=None,
    39. 

  39.         help="New password for user. Will prompt if omitted.",
    40. 

  40.     )
    41. 

  41.     parser.add_argument(
    42. 

  42.         "-c",
    43. 

  43.         "--config",
    44. 

  44.         type=argparse.FileType('r'),
    45. 

  45.         help=(
    46. 

  46.             "Path to server config file. "
    47. 

  47.             "Used to read in bcrypt_rounds and password_pepper."
    48. 

  48.         ),
    49. 

  49.     )
    50. 

  50. 

  51.     args = parser.parse_args()
    52. 

  52.     if "config" in args and args.config:
    53. 

  53.         config = yaml.safe_load(args.config)
    54. 

  54.         bcrypt_rounds = config.get("bcrypt_rounds", bcrypt_rounds)
    55. 

  55.         password_config = config.get("password_config", None) or {}
    56. 

  56.         password_pepper = password_config.get("pepper", password_pepper)
    57. 

  57.     password = args.password
    58. 

  58. 

  59.     if not password:
    60. 

  60.         password = prompt_for_pass()
    61. 

  61. 

  62.     # On Python 2, make sure we decode it to Unicode before we normalise it
    63. 

  63.     if isinstance(password, bytes):
    64. 

  64.         try:
    65. 

  65.             password = password.decode(sys.stdin.encoding)
    66. 

  66.         except UnicodeDecodeError:
    67. 

  67.             print(
    68. 

  68.                 "ERROR! Your password is not decodable using your terminal encoding (%s)."
    69. 

  69.                 % (sys.stdin.encoding,)
    70. 

  70.             )
    71. 

  71. 

  72.     pw = unicodedata.normalize("NFKC", password)
    73. 

  73. 

  74.     hashed = bcrypt.hashpw(
    75. 

  75.         pw.encode('utf8') + password_pepper.encode("utf8"),
    76. 

  76.         bcrypt.gensalt(bcrypt_rounds),
    77. 

  77.     ).decode('ascii')
    78. 

  78. 

  79.     print(hashed)
    80.