diff options
author | Devaev Maxim <[email protected]> | 2020-09-15 00:54:17 +0300 |
---|---|---|
committer | Devaev Maxim <[email protected]> | 2020-09-15 00:54:17 +0300 |
commit | 1c31b8f80d90c6d4b1311e7527343d54316974d5 (patch) | |
tree | 59d90f5057d979edf31a538cc5ecaeb84df602f2 /kvmd | |
parent | 1dad3ee3ad73372815a56c4b8f3dc7550264ef6d (diff) |
pikvm/pikvm#69: note about user invalidation in kvmd-htpasswd
Diffstat (limited to 'kvmd')
-rw-r--r-- | kvmd/apps/htpasswd/__init__.py | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/kvmd/apps/htpasswd/__init__.py b/kvmd/apps/htpasswd/__init__.py index bf03dd47..2b7e676a 100644 --- a/kvmd/apps/htpasswd/__init__.py +++ b/kvmd/apps/htpasswd/__init__.py @@ -25,6 +25,7 @@ import os import getpass import tempfile import contextlib +import textwrap import argparse from typing import List @@ -75,6 +76,26 @@ def _get_htpasswd_for_write(config: Section) -> Generator[passlib.apache.Htpassw os.remove(tmp_path) +def _print_invalidate_tip(prepend_nl: bool) -> None: + if sys.stdout.isatty() and sys.stderr.isatty(): + gray = "\033[30;1m" + blue = "\033[34m" + reset = "\033[39m" + else: + gray = blue = reset = "" + if prepend_nl: + print(file=sys.stderr) + print(textwrap.dedent(f""" + {gray}# Note: Users logged in with this username will stay logged in. + # To invalidate their cookies you need to restart kvmd & kvmd-nginx: + # {reset}{blue}systemctl restart kvmd kvmd-nginx{gray} + # Be careful, this will break your connection to the Pi-KVM + # and may affect the GPIO relays state. Also don't forget to edit + # the files {reset}{blue}/etc/kvmd/{{vncpasswd,ipmipasswd}}{gray} and restart + # the corresponding services {reset}{blue}kvmd-vnc{gray} & {reset}{blue}kvmd-ipmi{gray} if necessary.{reset} + """).strip(), file=sys.stderr) + + # ==== def _cmd_list(config: Section, _: argparse.Namespace) -> None: for user in sorted(passlib.apache.HtpasswdFile(_get_htpasswd_path(config)).users()): @@ -83,6 +104,7 @@ def _cmd_list(config: Section, _: argparse.Namespace) -> None: def _cmd_set(config: Section, options: argparse.Namespace) -> None: with _get_htpasswd_for_write(config) as htpasswd: + has_user = (options.user in htpasswd.users()) if options.read_stdin: passwd = valid_passwd(input()) else: @@ -90,11 +112,16 @@ def _cmd_set(config: Section, options: argparse.Namespace) -> None: if valid_passwd(getpass.getpass("Repeat: ", stream=sys.stderr)) != passwd: raise SystemExit("Sorry, passwords do not match") htpasswd.set_password(options.user, passwd) + if has_user and not options.quiet: + _print_invalidate_tip(True) def _cmd_delete(config: Section, options: argparse.Namespace) -> None: with _get_htpasswd_for_write(config) as htpasswd: + has_user = (options.user in htpasswd.users()) htpasswd.delete(options.user) + if has_user and not options.quiet: + _print_invalidate_tip(False) # ===== @@ -118,10 +145,12 @@ def main(argv: Optional[List[str]]=None) -> None: cmd_set_parser = subparsers.add_parser("set", help="Create user or change password") cmd_set_parser.add_argument("user", type=valid_user) cmd_set_parser.add_argument("-i", "--read-stdin", action="store_true", help="Read password from stdin") + cmd_set_parser.add_argument("-q", "--quiet", action="store_true", help="Don't show invalidation note") cmd_set_parser.set_defaults(cmd=_cmd_set) cmd_delete_parser = subparsers.add_parser("del", help="Delete user") cmd_delete_parser.add_argument("user", type=valid_user) + cmd_delete_parser.add_argument("-q", "--quiet", action="store_true", help="Don't show invalidation note") cmd_delete_parser.set_defaults(cmd=_cmd_delete) options = parser.parse_args(argv[1:]) |