(ctx context.Context)
| 342 | } |
| 343 | |
| 344 | func (c *commandServerStart) getAuthenticator(ctx context.Context) (auth.Authenticator, error) { |
| 345 | var authenticators []auth.Authenticator |
| 346 | |
| 347 | // handle passwords (UI and remote) from htpasswd file. |
| 348 | if c.serverStartHtpasswdFile != "" { |
| 349 | f, err := htpasswd.New(c.serverStartHtpasswdFile, htpasswd.DefaultSystems, nil) |
| 350 | if err != nil { |
| 351 | return nil, errors.Wrap(err, "error initializing htpasswd") |
| 352 | } |
| 353 | |
| 354 | authenticators = append(authenticators, auth.AuthenticateHtpasswdFile(f)) |
| 355 | } |
| 356 | |
| 357 | // handle UI password (--without-password, --password or --random-password) |
| 358 | switch { |
| 359 | case c.serverStartWithoutPassword: |
| 360 | if !c.serverStartInsecure { |
| 361 | return nil, errors.New("--without-password specified without --insecure, refusing to start server") |
| 362 | } |
| 363 | |
| 364 | return nil, nil |
| 365 | |
| 366 | case c.sf.serverPassword != "": |
| 367 | authenticators = append(authenticators, auth.AuthenticateSingleUser(c.sf.serverUsername, c.sf.serverPassword)) |
| 368 | |
| 369 | case c.serverStartRandomPassword: |
| 370 | // generate very long random one-time password |
| 371 | b := make([]byte, serverRandomPasswordLength) |
| 372 | io.ReadFull(rand.Reader, b) //nolint:errcheck |
| 373 | |
| 374 | randomPassword := hex.EncodeToString(b) |
| 375 | |
| 376 | // print it to the stderr bypassing any log file so that the user or calling process can connect |
| 377 | fmt.Fprintln(c.out.stderr(), "SERVER PASSWORD:", randomPassword) //nolint:errcheck |
| 378 | |
| 379 | authenticators = append(authenticators, auth.AuthenticateSingleUser(c.sf.serverUsername, randomPassword)) |
| 380 | } |
| 381 | |
| 382 | // handle server control password |
| 383 | switch { |
| 384 | case c.serverControlPassword != "": |
| 385 | authenticators = append(authenticators, auth.AuthenticateSingleUser(c.serverControlUsername, c.serverControlPassword)) |
| 386 | |
| 387 | case c.randomServerControlPassword: |
| 388 | // generate very long random one-time password |
| 389 | b := make([]byte, serverRandomPasswordLength) |
| 390 | io.ReadFull(rand.Reader, b) //nolint:errcheck |
| 391 | |
| 392 | randomPassword := hex.EncodeToString(b) |
| 393 | |
| 394 | // print it to the stderr bypassing any log file so that the user or calling process can connect |
| 395 | fmt.Fprintln(c.out.stderr(), "SERVER CONTROL PASSWORD:", randomPassword) //nolint:errcheck |
| 396 | |
| 397 | authenticators = append(authenticators, auth.AuthenticateSingleUser(c.serverControlUsername, randomPassword)) |
| 398 | } |
| 399 | |
| 400 | log(ctx).Infof(` |
| 401 | Server will allow connections from users whose accounts are stored in the repository. |
no test coverage detected