Port hash_password to Python 3 (#4161)

* port hash_password * changelog

Port hash_password to Python 3 (#4161)
264cb144 · Amber Brown · GitHub · b3708830 · 264cb144 · 264cb144
Unverified Commit 264cb144 authored 6 years ago by Amber Brown Committed by GitHub 6 years ago
--- a/changelog.d/4161.bugfix
+++ b/changelog.d/4161.bugfix
+The hash_password script now works on Python 3.
--- a/scripts/hash_password
+++ b/scripts/hash_password
@@ -3,13 +3,15 @@
 import argparse
 import getpass
 import sys
+import unicodedata
 import bcrypt
 import yaml
-bcrypt_rounds=12
+bcrypt_rounds = 12
 password_pepper = ""
 def prompt_for_pass():
    password = getpass.getpass("Password: ")
@@ -23,19 +25,27 @@ def prompt_for_pass():
    return password
 if __name__ == "__main__":
    parser = argparse.ArgumentParser(
-        description="Calculate the hash of a new password, so that passwords"
+        description=(
-                    " can be reset")
+            "Calculate the hash of a new password, so that passwords can be reset"
+        )
+    )
    parser.add_argument(
-        "-p", "--password",
+        "-p",
+        "--password",
        default=None,
        help="New password for user. Will prompt if omitted.",
    )
    parser.add_argument(
-        "-c", "--config",
+        "-c",
+        "--config",
        type=argparse.FileType('r'),
-        help="Path to server config file. Used to read in bcrypt_rounds and password_pepper.",
+        help=(
+            "Path to server config file. "
+            "Used to read in bcrypt_rounds and password_pepper."
+        ),
    )
    args = parser.parse_args()
@@ -49,4 +59,21 @@ if __name__ == "__main__":
    if not password:
        password = prompt_for_pass()
-    print bcrypt.hashpw(password + password_pepper, bcrypt.gensalt(bcrypt_rounds))
+    # On Python 2, make sure we decode it to Unicode before we normalise it
+    if isinstance(password, bytes):
+        try:
+            password = password.decode(sys.stdin.encoding)
+        except UnicodeDecodeError:
+            print(
+                "ERROR! Your password is not decodable using your terminal encoding (%s)."
+                % (sys.stdin.encoding,)
+            )
+    pw = unicodedata.normalize("NFKC", password)
+    hashed = bcrypt.hashpw(
+        pw.encode('utf8') + password_pepper.encode("utf8"),
+        bcrypt.gensalt(bcrypt_rounds),
+    ).decode('ascii')
+    print(hashed)
--- a/tox.ini
+++ b/tox.ini
@@ -122,7 +122,7 @@ skip_install = True
 basepython = python3.6
 deps =
    flake8
-commands = /bin/sh -c "flake8 synapse tests scripts scripts-dev scripts/register_new_matrix_user scripts/synapse_port_db synctl {env:PEP8SUFFIX:}"
+commands = /bin/sh -c "flake8 synapse tests scripts scripts-dev scripts/hash_password scripts/register_new_matrix_user scripts/synapse_port_db synctl {env:PEP8SUFFIX:}"
 [testenv:check_isort]
 skip_install = True