From c129e2a1677a51b1adae3c08839fb397b565a57e Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Mon, 23 Jan 2017 22:50:29 +0100 Subject: [PATCH] Do not let admin put password on cli argument when reseting password --- scripts/reset-password.js | 34 +++++++++++++++++++++++++--------- 1 file changed, 25 insertions(+), 9 deletions(-) diff --git a/scripts/reset-password.js b/scripts/reset-password.js index 6a00b37eb..5ae3af9ea 100755 --- a/scripts/reset-password.js +++ b/scripts/reset-password.js @@ -10,10 +10,9 @@ const db = require('../server/initializers/database') program .option('-u, --user [user]', 'User') - .option('-p, --password [new password]', 'New password') .parse(process.argv) -if (program.user === undefined || program.password === undefined) { +if (program.user === undefined) { console.error('All parameters are mandatory.') process.exit(-1) } @@ -30,15 +29,32 @@ db.init(true, function () { return } - user.password = program.password - user.save().asCallback(function (err) { - if (err) { - console.error(err) - return + const readline = require('readline') + const Writable = require('stream').Writable + const mutableStdout = new Writable({ + write: function (chunk, encoding, callback) { + callback() } + }) + const rl = readline.createInterface({ + input: process.stdin, + output: mutableStdout, + terminal: true + }) - console.log('User pasword updated.') - process.exit(0) + console.log('New password?') + rl.on('line', function (password) { + user.password = password + + user.save().asCallback(function (err) { + if (err) { + console.error(err) + } else { + console.log('User password updated.') + } + + process.exit(0) + }) }) }) })