Allow secure user password update.
This patch allows the ability for user password to be updated via a command prompt so the password doesnt show up in the bash history. The prompted password is asked twice to verify the match. If user cntl-D's the prompt a message appears suggesting user to use either of the options to update the password. Fixes: bug#938315 Change-Id: I4271ae569b922f33c34f9b015a7ee6f760414e39
This commit is contained in:
Pradeep Kilambi
@@ -1,5 +1,7 @@
|
|||||||
import uuid
|
import getpass
|
||||||
import hashlib
|
import hashlib
|
||||||
|
import sys
|
||||||
|
import uuid
|
||||||
|
|
||||||
import prettytable
|
import prettytable
|
||||||
|
|
||||||
@@ -128,3 +130,22 @@ def hash_signed_token(signed_text):
|
|||||||
hash_ = hashlib.md5()
|
hash_ = hashlib.md5()
|
||||||
hash_.update(signed_text)
|
hash_.update(signed_text)
|
||||||
return hash_.hexdigest()
|
return hash_.hexdigest()
|
||||||
|
|
||||||
|
|
||||||
|
def prompt_for_password():
|
||||||
|
"""
|
||||||
|
Prompt user for password if not provided so the password
|
||||||
|
doesn't show up in the bash history.
|
||||||
|
"""
|
||||||
|
if not (hasattr(sys.stdin, 'isatty') and sys.stdin.isatty()):
|
||||||
|
# nothing to do
|
||||||
|
return
|
||||||
|
|
||||||
|
while True:
|
||||||
|
try:
|
||||||
|
new_passwd = getpass.getpass('New Password: ')
|
||||||
|
rep_passwd = getpass.getpass('Repeat New Password: ')
|
||||||
|
if new_passwd == rep_passwd:
|
||||||
|
return new_passwd
|
||||||
|
except EOFError:
|
||||||
|
return
|
||||||
|
|||||||
@@ -17,6 +17,7 @@
|
|||||||
|
|
||||||
import argparse
|
import argparse
|
||||||
import getpass
|
import getpass
|
||||||
|
import sys
|
||||||
|
|
||||||
from keystoneclient.v2_0 import client
|
from keystoneclient.v2_0 import client
|
||||||
from keystoneclient import utils
|
from keystoneclient import utils
|
||||||
@@ -103,14 +104,19 @@ def do_user_update(kc, args):
|
|||||||
print 'Unable to update user: %s' % e
|
print 'Unable to update user: %s' % e
|
||||||
|
|
||||||
|
|
||||||
@utils.arg('--pass', metavar='<password>', dest='passwd', required=True,
|
@utils.arg('--pass', metavar='<password>', dest='passwd', required=False,
|
||||||
help='Desired new password')
|
help='Desired new password')
|
||||||
@utils.arg('user', metavar='<user>',
|
@utils.arg('user', metavar='<user>',
|
||||||
help='Name or ID of user to update password')
|
help='Name or ID of user to update password')
|
||||||
def do_user_password_update(kc, args):
|
def do_user_password_update(kc, args):
|
||||||
"""Update user password"""
|
"""Update user password"""
|
||||||
user = utils.find_resource(kc.users, args.user)
|
user = utils.find_resource(kc.users, args.user)
|
||||||
kc.users.update_password(user, args.passwd)
|
new_passwd = args.passwd or utils.prompt_for_password()
|
||||||
|
if new_passwd is None:
|
||||||
|
msg = ("\nPlease specify password using the --pass option "
|
||||||
|
"or using the prompt")
|
||||||
|
sys.exit(msg)
|
||||||
|
kc.users.update_password(user, new_passwd)
|
||||||
|
|
||||||
|
|
||||||
@utils.arg('--current-password', metavar='<current-password>',
|
@utils.arg('--current-password', metavar='<current-password>',
|
||||||
|
|||||||
Reference in New Issue
Block a user