From 7e6a56ee1efa6a6b7168e2a7d5a6dd4d0c625c4b Mon Sep 17 00:00:00 2001
From: Jordan Orelli <jordanorelli@gmail.com>
Date: Sat, 22 Feb 2020 23:37:32 +0000
Subject: [PATCH] can now update user passwords

---
 server/db/sqlite.go | 17 +++++++++++++++++
 server/main.go      | 25 ++++++++++++++++++++++++-
 2 files changed, 41 insertions(+), 1 deletion(-)

diff --git a/server/db/sqlite.go b/server/db/sqlite.go
index 6eeb1b8..7777654 100644
--- a/server/db/sqlite.go
+++ b/server/db/sqlite.go
@@ -78,4 +78,21 @@ func (db *SQLite) CheckPassword(name, pass string) error {
 	return nil
 }
 
+func (db *SQLite) SetPassword(name, pass, salt string) error {
+	combined := []byte(pass + salt)
+	hashBytes, err := bcrypt.GenerateFromPassword(combined, 13)
+	if err != nil {
+		return fmt.Errorf("unable to generate password hash: %v", err)
+	}
+	hash := string(hashBytes)
+	if _, err := db.db.Exec(`
+	update users
+	set phash = ?, psalt = ?
+	where name = ?;
+	`, hash, salt, name); err != nil {
+		return fmt.Errorf("unable to update user: %v", err)
+	}
+	return nil
+}
+
 func (db *SQLite) Close() error { return db.db.Close() }
diff --git a/server/main.go b/server/main.go
index 411b223..63a111b 100644
--- a/server/main.go
+++ b/server/main.go
@@ -92,6 +92,21 @@ func runUserCheckPassword(cmd *cobra.Command, args []string) {
 	}
 }
 
+func runUserSetPassword(cmd *cobra.Command, args []string) {
+	conn, err := db.OpenSQLite(cmd.Flag("db").Value.String())
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "unable to open sqlite database: %v\n", err)
+	}
+	defer conn.Close()
+
+	user := args[0]
+	pass := args[1]
+	salt := cryptostring(12)
+	if err := conn.SetPassword(user, pass, salt); err != nil {
+		fmt.Fprintf(os.Stderr, "failed to set password: %v\n", err)
+	}
+}
+
 func main() {
 	cmd := &cobra.Command{
 		Use: "kloam",
@@ -122,11 +137,19 @@ func main() {
 
 	userCheckPassword := &cobra.Command{
 		Use:   "check-password",
-		Short: "checks a users password",
+		Short: "checks a user's password",
 		Args:  cobra.ExactArgs(2),
 		Run:   runUserCheckPassword,
 	}
 	user.AddCommand(userCheckPassword)
 
+	userSetPassword := &cobra.Command{
+		Use:   "set-password",
+		Short: "sets a user's password",
+		Args:  cobra.ExactArgs(2),
+		Run:   runUserSetPassword,
+	}
+	user.AddCommand(userSetPassword)
+
 	cmd.Execute()
 }