ssbc · cryptix · May 14, 2021 · May 11, 2021 · May 11, 2021 · May 11, 2021
diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml
@@ -27,7 +27,7 @@ jobs:
       run: go get -v -t -d ./...
 
     - name: Build smoke test
-      run: go build ./cmd/server
+      run: go build ./cmd/...
 
     - name: install node ssb-stack
       run: |

diff --git a/cmd/insert-user/main.go b/cmd/insert-user/main.go
@@ -1,6 +1,6 @@
 // SPDX-License-Identifier: MIT
 
-// insert-user is a utility to create a new member and password
+// insert-user is a utility to create a new member and fallback password for them
 package main
 
 import (
@@ -28,24 +28,10 @@ func main() {
 	check(err)
 
 	var (
-		login    string
-		pubKey   *refs.FeedRef
 		role     roomdb.Role = roomdb.RoleAdmin
 		repoPath string
 	)
 
-	flag.StringVar(&login, "login", "", "username (used when logging into the room's web ui)")
-	flag.Func("key", "the public key of the user, format: @<base64-encoded public-key>.ed25519", func(val string) error {
-		if len(val) == 0 {
-			return fmt.Errorf("the public key is required. if you are just testing things out, generate one by running 'cmd/insert-user/generate-fake-id.sh'\n")
-		}
-		key, err := refs.ParseFeedRef(val)
-		if err != nil {
-			return fmt.Errorf("%s\n", err)
-		}
-		pubKey = key
-		return nil
-	})
 	flag.StringVar(&repoPath, "repo", filepath.Join(u.HomeDir, ".ssb-go-room"), "[optional] where the locally stored files of the room is located")
 	flag.Func("role", "[optional] which role the new member should have (values: mod[erator], admin, or member. default is admin)", func(val string) error {
 		switch strings.ToLower(val) {
@@ -65,18 +51,15 @@ func main() {
 	})
 	flag.Parse()
 
-	/* we require at least 5 arguments: <executable> + -login <val> + -key <val> */
-	/*                                  1              2     3       4    5     */
-	if len(os.Args) < 5 {
-		cliMissingArguments("please provide the default arguments -login and -key")
+	// we require one more argument which is not a flag.
+	if len(flag.Args()) != 1 {
+		cliMissingArguments("please provide a public key")
 	}
 
-	if login == "" {
-		cliMissingArguments("please provide a username with -login <username>")
-	}
-
-	if pubKey == nil {
-		cliMissingArguments("please provide a public key with -key")
+	pubKey, err := refs.ParseFeedRef(flag.Arg(0))
+	if err != nil {
+		fmt.Fprintln(os.Stderr, "Invalid ssb public-key referenfce:", err)
+		os.Exit(1)
 	}
 
 	r := repo.New(repoPath)
@@ -95,22 +78,21 @@ func main() {
 	if !bytes.Equal(bytePassword, bytePasswordRepeat) {
 		fmt.Fprintln(os.Stderr, "Passwords didn't match")
 		os.Exit(1)
-		return
 	}
 
 	ctx := context.Background()
 	mid, err := db.Members.Add(ctx, *pubKey, role)
 	check(err)
 
-	err = db.AuthFallback.Create(ctx, mid, login, bytePassword)
+	err = db.AuthFallback.SetPassword(ctx, mid, string(bytePassword))
 	check(err)
 
-	fmt.Fprintf(os.Stderr, "Created member %s (%s) with ID %d\n", login, role, mid)
+	fmt.Fprintf(os.Stderr, "Created member (%s) with ID %d\n", role, mid)
 }
 
 func cliMissingArguments(message string) {
 	executable := strings.TrimPrefix(os.Args[0], "./")
-	fmt.Fprintf(os.Stderr, "%s: %s\nusage:%s -login <login-name> -key <@<base64-encoded public key>.ed25519> <optional flags>\n", executable, message, executable)
+	fmt.Fprintf(os.Stderr, "%s: %s\nusage:%s <@base64-encoded-public-key=.ed25519> <optional flags>\n", executable, message, executable)
 	flag.Usage()
 	os.Exit(1)
 }

diff --git a/go.mod b/go.mod
@@ -15,6 +15,7 @@ require (
 	github.com/gorilla/sessions v1.2.1
 	github.com/gorilla/websocket v1.4.2
 	github.com/keks/nocomment v0.0.0-20181007001506-30c6dcb4a472
+	github.com/mattevans/pwned-passwords v0.3.0 // indirect
 	github.com/mattn/go-sqlite3 v2.0.3+incompatible
 	github.com/maxbrunsfeld/counterfeiter/v6 v6.3.0
 	github.com/nicksnyder/go-i18n/v2 v2.1.2

diff --git a/go.sum b/go.sum
@@ -264,6 +264,8 @@ github.com/lyft/protoc-gen-validate v0.0.13/go.mod h1:XbGvPuh87YZc5TdIa2/I4pLk0Q
 github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
 github.com/magiconair/properties v1.8.1 h1:ZC2Vc7/ZFkGmsVC9KvOjumD+G5lXy2RtTKyzRKO2BQ4=
 github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
+github.com/mattevans/pwned-passwords v0.3.0 h1:PFUAQXHH6NVugTiQ3Uh/iUY5dUljtEmzdg2kE8a7cXI=
+github.com/mattevans/pwned-passwords v0.3.0/go.mod h1:waUnV5nlikMlUqnjQtFV+DAgFPUQNPabvMGv8NG2IaQ=
 github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
 github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
 github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
@@ -318,6 +320,7 @@ github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108
 github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
 github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
 github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
+github.com/onsi/gomega v1.8.1/go.mod h1:Ho0h+IUsWyvy1OpqCwxlQ/21gkhVunqlU8fDGcoTdcA=
 github.com/onsi/gomega v1.10.3 h1:gph6h/qe9GSUw1NhH1gp+qb+h8rXD8Cy60Z32Qw3ELA=
 github.com/onsi/gomega v1.10.3/go.mod h1:V9xEwhxec5O8UDM77eCW8vLymOMltsqPVYWrpDsH8xc=
 github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk=
@@ -333,6 +336,8 @@ github.com/oxtoacart/bpool v0.0.0-20190524125616-8c0b41497736 h1:C9bEdTfu5QY+TIf
 github.com/oxtoacart/bpool v0.0.0-20190524125616-8c0b41497736/go.mod h1:L3UMQOThbttwfYRNFOWLLVXMhk5Lkio4GGOtw5UrxS0=
 github.com/pact-foundation/pact-go v1.0.4/go.mod h1:uExwJY4kCzNPcHRj+hCR/HBbOOIwwtUjcrb0b5/5kLM=
 github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
+github.com/patrickmn/go-cache v2.1.0+incompatible h1:HRMgzkcYKYpi3C8ajMPV8OFXaaRUnok+kx1WdO15EQc=
+github.com/patrickmn/go-cache v2.1.0+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ=
 github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k=
 github.com/pelletier/go-toml v1.2.0 h1:T5zMGML61Wp+FlcbWjRDT7yAxhJNAiPPLOFECq181zc=
 github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=

diff --git a/roomdb/interface.go b/roomdb/interface.go
@@ -29,14 +29,18 @@ type RoomConfig interface {
 type AuthFallbackService interface {
 
 	// Check receives the username and password (in clear) and checks them accordingly.
+	// Login might be a registered alias or a ssb id who belongs to a member.
 	// If it's a valid combination it returns the user ID, or an error if they are not.
 	auth.Auther
 
-	Create(_ context.Context, memberID int64, login string, password []byte) error
-	// GetByID(context.Context, int64) (User, error)
-	// ListAll()
-	// ListByMember()
-	// Remove(pwid)
+	// SetPassword creates or updates a fallback login password for this user.
+	SetPassword(_ context.Context, memberID int64, password string) error
+
+	// CreateResetToken returns a token which can be used via SetPasswordWithToken() to reset the password of a member.
+	CreateResetToken(_ context.Context, createdByMember, forMember int64) (string, error)
+
+	// SetPasswordWithToken consumes a token created with CreateResetToken() and updates the password for that member accordingly.
+	SetPasswordWithToken(_ context.Context, resetToken string, password string) error
 }
 
 // AuthWithSSBService defines utility functions for the challenge/response system of sign-in with ssb