pikvm/pikvm#69: note about user invalidation in kvmd-htpasswd

2025-12-12 09:10:30 +08:00 · 2020-09-15 00:54:17 +03:00 · 2020-09-15 00:54:17 +03:00 · 1c31b8f80d
commit 1c31b8f80d
parent 1dad3ee3ad
1 changed files with 29 additions and 0 deletions
--- a/kvmd/apps/htpasswd/init.py
+++ b/kvmd/apps/htpasswd/init.py
@ -25,6 +25,7 @@ import os
 import getpass
 import tempfile
 import contextlib
+import textwrap
 import argparse

 from typing import List
@ -75,6 +76,26 @@ def _get_htpasswd_for_write(config: Section) -> Generator[passlib.apache.Htpassw
            os.remove(tmp_path)


+def _print_invalidate_tip(prepend_nl: bool) -> None:
+    if sys.stdout.isatty() and sys.stderr.isatty():
+        gray = "\033[30;1m"
+        blue = "\033[34m"
+        reset = "\033[39m"
+    else:
+        gray = blue = reset = ""
+    if prepend_nl:
+        print(file=sys.stderr)
+    print(textwrap.dedent(f"""
+        {gray}# Note: Users logged in with this username will stay logged in.
+        # To invalidate their cookies you need to restart kvmd & kvmd-nginx:
+        #    {reset}{blue}systemctl restart kvmd kvmd-nginx{gray}
+        # Be careful, this will break your connection to the Pi-KVM
+        # and may affect the GPIO relays state. Also don't forget to edit
+        # the files {reset}{blue}/etc/kvmd/{{vncpasswd,ipmipasswd}}{gray} and restart
+        # the corresponding services {reset}{blue}kvmd-vnc{gray} & {reset}{blue}kvmd-ipmi{gray} if necessary.{reset}
+    """).strip(), file=sys.stderr)
+
+
 # ====
 def _cmd_list(config: Section, _: argparse.Namespace) -> None:
    for user in sorted(passlib.apache.HtpasswdFile(_get_htpasswd_path(config)).users()):
@ -83,6 +104,7 @@ def _cmd_list(config: Section, _: argparse.Namespace) -> None:

 def _cmd_set(config: Section, options: argparse.Namespace) -> None:
    with _get_htpasswd_for_write(config) as htpasswd:
+        has_user = (options.user in htpasswd.users())
        if options.read_stdin:
            passwd = valid_passwd(input())
        else:
@ -90,11 +112,16 @@ def _cmd_set(config: Section, options: argparse.Namespace) -> None:
            if valid_passwd(getpass.getpass("Repeat: ", stream=sys.stderr)) != passwd:
                raise SystemExit("Sorry, passwords do not match")
        htpasswd.set_password(options.user, passwd)
+    if has_user and not options.quiet:
+        _print_invalidate_tip(True)


 def _cmd_delete(config: Section, options: argparse.Namespace) -> None:
    with _get_htpasswd_for_write(config) as htpasswd:
+        has_user = (options.user in htpasswd.users())
        htpasswd.delete(options.user)
+    if has_user and not options.quiet:
+        _print_invalidate_tip(False)


 # =====
@ -118,10 +145,12 @@ def main(argv: Optional[List[str]]=None) -> None:
    cmd_set_parser = subparsers.add_parser("set", help="Create user or change password")
    cmd_set_parser.add_argument("user", type=valid_user)
    cmd_set_parser.add_argument("-i", "--read-stdin", action="store_true", help="Read password from stdin")
+    cmd_set_parser.add_argument("-q", "--quiet", action="store_true", help="Don't show invalidation note")
    cmd_set_parser.set_defaults(cmd=_cmd_set)

    cmd_delete_parser = subparsers.add_parser("del", help="Delete user")
    cmd_delete_parser.add_argument("user", type=valid_user)
+    cmd_delete_parser.add_argument("-q", "--quiet", action="store_true", help="Don't show invalidation note")
    cmd_delete_parser.set_defaults(cmd=_cmd_delete)

    options = parser.parse_args(argv[1:])