Use accountdb with provided config (#2273)

* Fix #2272

* Ensure we only allow lowercase usernames using `create-account`

Co-authored-by: kegsay <kegan@matrix.org>
This commit is contained in:
S7evinK 2022-03-15 12:13:33 +01:00 committed by GitHub
parent a2cf1aaf48
commit 69268fc48e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -21,16 +21,15 @@ import (
"io" "io"
"io/ioutil" "io/ioutil"
"os" "os"
"regexp"
"strings" "strings"
"github.com/matrix-org/dendrite/setup/base"
"github.com/sirupsen/logrus" "github.com/sirupsen/logrus"
"golang.org/x/crypto/bcrypt"
"golang.org/x/term" "golang.org/x/term"
"github.com/matrix-org/dendrite/setup" "github.com/matrix-org/dendrite/setup"
"github.com/matrix-org/dendrite/setup/config"
"github.com/matrix-org/dendrite/userapi/api" "github.com/matrix-org/dendrite/userapi/api"
userdb "github.com/matrix-org/dendrite/userapi/storage"
) )
const usage = `Usage: %s const usage = `Usage: %s
@ -56,13 +55,14 @@ Arguments:
` `
var ( var (
username = flag.String("username", "", "The username of the account to register (specify the localpart only, e.g. 'alice' for '@alice:domain.com')") username = flag.String("username", "", "The username of the account to register (specify the localpart only, e.g. 'alice' for '@alice:domain.com')")
password = flag.String("password", "", "The password to associate with the account (optional, account will be password-less if not specified)") password = flag.String("password", "", "The password to associate with the account (optional, account will be password-less if not specified)")
pwdFile = flag.String("passwordfile", "", "The file to use for the password (e.g. for automated account creation)") pwdFile = flag.String("passwordfile", "", "The file to use for the password (e.g. for automated account creation)")
pwdStdin = flag.Bool("passwordstdin", false, "Reads the password from stdin") pwdStdin = flag.Bool("passwordstdin", false, "Reads the password from stdin")
askPass = flag.Bool("ask-pass", false, "Ask for the password to use") askPass = flag.Bool("ask-pass", false, "Ask for the password to use")
isAdmin = flag.Bool("admin", false, "Create an admin account") isAdmin = flag.Bool("admin", false, "Create an admin account")
resetPassword = flag.Bool("reset-password", false, "Resets the password for the given username") resetPassword = flag.Bool("reset-password", false, "Resets the password for the given username")
validUsernameRegex = regexp.MustCompile(`^[0-9a-z_\-=./]+$`)
) )
func main() { func main() {
@ -78,25 +78,21 @@ func main() {
os.Exit(1) os.Exit(1)
} }
if !validUsernameRegex.MatchString(*username) {
logrus.Warn("Username can only contain characters a-z, 0-9, or '_-./='")
os.Exit(1)
}
pass := getPassword(password, pwdFile, pwdStdin, askPass, os.Stdin) pass := getPassword(password, pwdFile, pwdStdin, askPass, os.Stdin)
accountDB, err := userdb.NewDatabase( b := base.NewBaseDendrite(cfg, "create-account")
&config.DatabaseOptions{ accountDB := b.CreateAccountsDB()
ConnectionString: cfg.UserAPI.AccountDatabase.ConnectionString,
},
cfg.Global.ServerName, bcrypt.DefaultCost,
cfg.UserAPI.OpenIDTokenLifetimeMS,
api.DefaultLoginTokenLifetime,
)
if err != nil {
logrus.Fatalln("Failed to connect to the database:", err.Error())
}
accType := api.AccountTypeUser accType := api.AccountTypeUser
if *isAdmin { if *isAdmin {
accType = api.AccountTypeAdmin accType = api.AccountTypeAdmin
} }
var err error
if *resetPassword { if *resetPassword {
err = accountDB.SetPassword(context.Background(), *username, pass) err = accountDB.SetPassword(context.Background(), *username, pass)
if err != nil { if err != nil {