diff --git a/doc/soju.1.scd b/doc/soju.1.scd index 4c9fd83..1aba97d 100644 --- a/doc/soju.1.scd +++ b/doc/soju.1.scd @@ -438,6 +438,9 @@ character. *-password* The bouncer password. + *-disable-password* + Disable password authentication. The user will be unable to login. + *-admin* true|false Make the new user an administrator. diff --git a/service.go b/service.go index f1c3e8c..d0b7f99 100644 --- a/service.go +++ b/service.go @@ -925,6 +925,7 @@ func handleUserCreate(ctx *serviceContext, params []string) error { fs := newFlagSet() username := fs.String("username", "", "") password := fs.String("password", "", "") + disablePassword := fs.Bool("disable-password", false, "") nick := fs.String("nick", "", "") realname := fs.String("realname", "", "") admin := fs.Bool("admin", false, "") @@ -939,7 +940,10 @@ func handleUserCreate(ctx *serviceContext, params []string) error { if *username == "" { return fmt.Errorf("flag -username is required") } - if *password == "" { + if *password != "" && *disablePassword { + return fmt.Errorf("flags -password and -disable-password are mutually exclusive") + } + if *password == "" && !*disablePassword { return fmt.Errorf("flag -password is required") } @@ -950,8 +954,10 @@ func handleUserCreate(ctx *serviceContext, params []string) error { Admin: *admin, Enabled: *enabled, } - if err := user.SetPassword(*password); err != nil { - return err + if !*disablePassword { + if err := user.SetPassword(*password); err != nil { + return err + } } if _, err := ctx.user.srv.createUser(ctx, user); err != nil { return fmt.Errorf("could not create user: %v", err) @@ -971,8 +977,10 @@ func popArg(params []string) (string, []string) { func handleUserUpdate(ctx *serviceContext, params []string) error { var password, nick, realname *string var admin, enabled *bool + var disablePassword bool fs := newFlagSet() fs.Var(stringPtrFlag{&password}, "password", "") + fs.BoolVar(&disablePassword, "disable-password", false, "") fs.Var(stringPtrFlag{&nick}, "nick", "") fs.Var(stringPtrFlag{&realname}, "realname", "") fs.Var(boolPtrFlag{&admin}, "admin", "") @@ -986,6 +994,10 @@ func handleUserUpdate(ctx *serviceContext, params []string) error { return fmt.Errorf("unexpected argument: %v", fs.Arg(0)) } + if password != nil && disablePassword { + return fmt.Errorf("flags -password and -disable-password are mutually exclusive") + } + if username != "" && username != ctx.user.Username { if !ctx.user.Admin { return fmt.Errorf("you must be an admin to update other users") @@ -1006,6 +1018,10 @@ func handleUserUpdate(ctx *serviceContext, params []string) error { hashedStr := string(hashedBytes) hashed = &hashedStr } + if disablePassword { + hashedStr := "" + hashed = &hashedStr + } u := ctx.user.srv.getUser(username) if u == nil { @@ -1039,6 +1055,9 @@ func handleUserUpdate(ctx *serviceContext, params []string) error { return err } } + if disablePassword { + record.Password = "" + } if nick != nil { record.Nick = *nick }