From dd8400b66cf7ed5b895eb92b32a3980389a2561c Mon Sep 17 00:00:00 2001
From: Ted Unangst <tedu@tedunangst.com>
Date: Sat, 12 Oct 2019 19:21:29 -0400
Subject: [PATCH] add chpass command

---
 docs/changelog.txt |  2 ++
 docs/honk.8        |  5 ++++
 go.mod             |  2 +-
 go.sum             |  6 ++---
 honk.go            |  2 ++
 util.go            | 67 +++++++++++++++++++++++++++++++++++++++-------
 6 files changed, 70 insertions(+), 14 deletions(-)

diff --git a/docs/changelog.txt b/docs/changelog.txt
index 0168f61..a021a3a 100644
--- a/docs/changelog.txt
+++ b/docs/changelog.txt
@@ -2,6 +2,8 @@ changelog
 
 -- next
 
++ Add chpass command.
+
 + Improved honker management.
 
 + Better markdown output.
diff --git a/docs/honk.8 b/docs/honk.8
index 47da956..4d45fde 100644
--- a/docs/honk.8
+++ b/docs/honk.8
@@ -95,6 +95,11 @@ New users can be added with the
 command.
 This is discouraged.
 .Dl ./honk adduser
+.Pp
+Passwords may be reset with the
+.Ic chpass
+command.
+.Dl ./honk chpass username
 .Ss MAINTENANCE
 The database may grow large over time.
 The
diff --git a/go.mod b/go.mod
index 28de336..e776dda 100644
--- a/go.mod
+++ b/go.mod
@@ -7,5 +7,5 @@ require (
 	golang.org/x/crypto v0.0.0-20190621222207-cc06ce4a13d4
 	golang.org/x/net v0.0.0-20190620200207-3b0461eec859
 	humungus.tedunangst.com/r/go-sqlite3 v1.1.3
-	humungus.tedunangst.com/r/webs v0.6.9
+	humungus.tedunangst.com/r/webs v0.6.10
 )
diff --git a/go.sum b/go.sum
index 478c65d..0e48476 100644
--- a/go.sum
+++ b/go.sum
@@ -21,7 +21,5 @@ golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 humungus.tedunangst.com/r/go-sqlite3 v1.1.3 h1:G2N4wzDS0NbuvrZtQJhh4F+3X+s7BF8b9ga8k38geUI=
 humungus.tedunangst.com/r/go-sqlite3 v1.1.3/go.mod h1:FtEEmQM7U2Ey1TuEEOyY1BmphTZnmiEjPsNLEAkpf/M=
-humungus.tedunangst.com/r/webs v0.6.8 h1:0Xn6+iHZO8F4R3jhkql0qBR8nh5v9D59xG2vWQJzoa8=
-humungus.tedunangst.com/r/webs v0.6.8/go.mod h1:Ho+nmafD/aUWF7LnH+Yl2/b0ob7f2pCkXm4onteWvLE=
-humungus.tedunangst.com/r/webs v0.6.9 h1:bW2rBRZTBgov2yNUCvQ09dAK9oLfQ9A84QkMRLwaXZM=
-humungus.tedunangst.com/r/webs v0.6.9/go.mod h1:Ho+nmafD/aUWF7LnH+Yl2/b0ob7f2pCkXm4onteWvLE=
+humungus.tedunangst.com/r/webs v0.6.10 h1:Qe4QW/7us8szAwL68zoIihfkaqsy/7Ys00bfdSPH5/g=
+humungus.tedunangst.com/r/webs v0.6.10/go.mod h1:Ho+nmafD/aUWF7LnH+Yl2/b0ob7f2pCkXm4onteWvLE=
diff --git a/honk.go b/honk.go
index b8e335a..f74bf6f 100644
--- a/honk.go
+++ b/honk.go
@@ -174,6 +174,8 @@ func main() {
 	switch cmd {
 	case "adduser":
 		adduser()
+	case "chpass":
+		chpass()
 	case "cleanup":
 		arg := "30"
 		if len(os.Args) > 2 {
diff --git a/util.go b/util.go
index b0e4c1d..feed1d0 100644
--- a/util.go
+++ b/util.go
@@ -49,6 +49,7 @@ import (
 	"golang.org/x/crypto/bcrypt"
 	_ "humungus.tedunangst.com/r/go-sqlite3"
 	"humungus.tedunangst.com/r/webs/httpsig"
+	"humungus.tedunangst.com/r/webs/login"
 )
 
 var savedassetparams = make(map[string]string)
@@ -221,6 +222,62 @@ func adduser() {
 	os.Exit(0)
 }
 
+func chpass() {
+	if len(os.Args) < 3 {
+		fmt.Printf("need a username\n")
+		os.Exit(1)
+	}
+	user, err := butwhatabout(os.Args[2])
+	if err != nil {
+		log.Fatal(err)
+	}
+	defer func() {
+		os.Exit(1)
+	}()
+	c := make(chan os.Signal)
+	signal.Notify(c, os.Interrupt)
+	go func() {
+		<-c
+		C.termecho(1)
+		fmt.Printf("\n")
+		os.Exit(1)
+	}()
+
+	db := opendatabase()
+	login.Init(db)
+
+	r := bufio.NewReader(os.Stdin)
+
+	pass, err := askpassword(r)
+	if err != nil {
+		log.Print(err)
+		return
+	}
+	err = login.SetPassword(user.ID, pass)
+	if err != nil {
+		log.Print(err)
+		return
+	}
+	fmt.Printf("done\n")
+	os.Exit(0)
+}
+
+func askpassword(r *bufio.Reader) (string, error) {
+	C.termecho(0)
+	fmt.Printf("password: ")
+	pass, err := r.ReadString('\n')
+	C.termecho(1)
+	fmt.Printf("\n")
+	if err != nil {
+		return "", err
+	}
+	pass = pass[:len(pass)-1]
+	if len(pass) < 6 {
+		return "", fmt.Errorf("that's way too short")
+	}
+	return pass, nil
+}
+
 func createuser(db *sql.DB, r *bufio.Reader) error {
 	fmt.Printf("username: ")
 	name, err := r.ReadString('\n')
@@ -231,18 +288,10 @@ func createuser(db *sql.DB, r *bufio.Reader) error {
 	if len(name) < 1 {
 		return fmt.Errorf("that's way too short")
 	}
-	C.termecho(0)
-	fmt.Printf("password: ")
-	pass, err := r.ReadString('\n')
-	C.termecho(1)
-	fmt.Printf("\n")
+	pass, err := askpassword(r)
 	if err != nil {
 		return err
 	}
-	pass = pass[:len(pass)-1]
-	if len(pass) < 6 {
-		return fmt.Errorf("that's way too short")
-	}
 	hash, err := bcrypt.GenerateFromPassword([]byte(pass), 12)
 	if err != nil {
 		return err