Merge branch 'develop' of github.com:matrix-org/synapse into erikj/test2

2024-10-01 11:49:51 -04:00 · 2016-07-06 14:50:22 +01:00 · 2016-07-06 14:50:22 +01:00 · eef7778af9
commit eef7778af9
parent a17e7caeb7 f0c06ac65c
2 changed files with 18 additions and 2 deletions
--- a/scripts/hash_password
+++ b/scripts/hash_password
@ -1,10 +1,16 @@
 #!/usr/bin/env python
 import argparse
 import sys
 import bcrypt
 import getpass
 import yaml
 bcrypt_rounds=12
 password_pepper = ""
 def prompt_for_pass():
    password = getpass.getpass("Password: ")
@ -28,12 +34,22 @@ if __name__ == "__main__":
        default=None,
        help="New password for user. Will prompt if omitted.",
    )
    parser.add_argument(
        "-c", "--config",
        type=argparse.FileType('r'),
        help="Path to server config file. Used to read in bcrypt_rounds and password_pepper.",
    )
    args = parser.parse_args()
    if "config" in args and args.config:
        config = yaml.safe_load(args.config)
        bcrypt_rounds = config.get("bcrypt_rounds", bcrypt_rounds)
        password_config = config.get("password_config", {})
        password_pepper = password_config.get("pepper", password_pepper)
    password = args.password
    if not password:
        password = prompt_for_pass()
-    print bcrypt.hashpw(password, bcrypt.gensalt(bcrypt_rounds))
+    print bcrypt.hashpw(password + password_pepper, bcrypt.gensalt(bcrypt_rounds))
--- a/synapse/config/password.py
+++ b/synapse/config/password.py
@ -30,7 +30,7 @@ class PasswordConfig(Config):
        # Enable password for login.
        password_config:
           enabled: true
-           # Change to a secret random string.
+           # Uncomment and change to a secret random string for extra security.
           # DO NOT CHANGE THIS AFTER INITIAL SETUP!
           #pepper: ""
        """