librelad 07b3e7896d refactor(de-sudo): drop pointless sudo on htpasswd hash computation
htpasswd -bnBC just computes a bcrypt hash to stdout (no file/root access), so
the sudo was unnecessary — drop it in the adguard/focalboard/invidious auth
helpers and password_hash. (App-config file edits owned by container UIDs —
owncloud config.php/adguard yaml — are deferred as category-3 cross-owner work
for the root-owned ownership helper.)

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Signed-off-by: librelad <librelad@digitalangels.vip>
2026-05-24 17:06:46 +01:00

45 lines
1.6 KiB
Bash

#!/bin/bash
authAdapter_adguard_setPassword() {
local user="$1" password="$2"
user="${user:-${CFG_ADGUARD_ADMIN_USER:-admin}}"
[[ -z "$password" ]] && password=$(generateRandomPassword)
local yaml="${containers_dir}adguard/conf/AdGuardHome.yaml"
[[ ! -f "$yaml" ]] && { isError "AdGuardHome.yaml not found at $yaml."; return 1; }
if ! command -v htpasswd >/dev/null 2>&1; then
isError "htpasswd is required to bcrypt the new password."
return 1
fi
local bcrypt
bcrypt=$(htpasswd -bnBC 10 "" "$password" | tr -d ':\n')
[[ -z "$bcrypt" ]] && { isError "bcrypt failed."; return 1; }
local tmp
tmp=$(sudo mktemp)
if ! sudo awk -v u="$user" -v pw="$bcrypt" '
/^users:/ { in_users=1; print; next }
in_users && /^[^[:space:]-]/ { in_users=0 }
in_users && /^[[:space:]]+name:/ && !done_user {
match($0, /^[[:space:]]+/); print substr($0, RSTART, RLENGTH) "name: " u; done_user=1; next
}
in_users && /^[[:space:]]+password:/ && !done_pw {
match($0, /^[[:space:]]+/); print substr($0, RSTART, RLENGTH) "password: " pw; done_pw=1; next
}
{ print }
END { exit (done_pw ? 0 : 1) }
' "$yaml" | sudo tee "$tmp" >/dev/null; then
sudo rm -f "$tmp"
isError "AdGuardHome.yaml does not contain a 'users:' password line."
return 1
fi
sudo cp "$tmp" "$yaml"
sudo rm -f "$tmp"
authPersistCfg adguard ADMIN_USER "$user"
authPersistCfg adguard ADMIN_PASSWORD "$password"
dockerComposeRestart adguard
isSuccessful "AdGuard admin set. User: $user — Password: $password"
}