From a75250e51205d65253105dac84a052683f81c2c3 Mon Sep 17 00:00:00 2001
From: GeorgianaElena <georgiana.dolocan@gmail.com>
Date: Wed, 10 Jul 2019 15:07:40 +0300
Subject: [PATCH] Add the option to set admin passwords during install

---
 setup.py          |  1 +
 tljh/installer.py | 27 +++++++++++++++++++++++++--
 2 files changed, 26 insertions(+), 2 deletions(-)

diff --git a/setup.py b/setup.py
index c794859..36bcfc1 100644
--- a/setup.py
+++ b/setup.py
@@ -17,6 +17,7 @@ setup(
         'passlib',
         'backoff',
         'requests',
+        'bcrypt',
         'jupyterhub-traefik-proxy==0.1.*'
     ],
     entry_points={
diff --git a/tljh/installer.py b/tljh/installer.py
index 01057db..b53f221 100644
--- a/tljh/installer.py
+++ b/tljh/installer.py
@@ -1,6 +1,7 @@
 """Installation logic for TLJH"""
 
 import argparse
+import dbm
 import itertools
 import logging
 import os
@@ -10,9 +11,11 @@ import sys
 import time
 import warnings
 
+import bcrypt
 import pluggy
 import requests
 from requests.packages.urllib3.exceptions import InsecureRequestWarning
+from getpass import getpass
 
 from tljh import (
     apt,
@@ -271,7 +274,7 @@ def ensure_user_environment(user_requirements_txt_file):
         conda.ensure_pip_requirements(USER_ENV_PREFIX, user_requirements_txt_file)
 
 
-def ensure_admins(admins):
+def ensure_admins(admins, passwords):
     """
     Setup given list of users as admins.
     """
@@ -290,6 +293,13 @@ def ensure_admins(admins):
     config['users']['admin'] = [admin for admin_sublist in admins
         for admin in admin_sublist]
 
+    if passwords:
+        for i in range(len(passwords)):
+            passwords[i] = bcrypt.hashpw(passwords[i].encode(), bcrypt.gensalt())
+            db_passw = os.path.join(STATE_DIR, 'passwords.dbm')
+            with dbm.open(db_passw, 'c', 0o600) as db:
+                db[admins[i]] = passwords[i]
+
     with open(config_path, 'w+') as f:
         yaml.dump(config, f)
 
@@ -454,13 +464,26 @@ def main():
         nargs='*',
         help='Plugin pip-specs to install'
     )
+    argparser.add_argument(
+        '--password',
+        action='store_true',
+        help='List of admin passwords'
+    )
 
     args = argparser.parse_args()
 
     pm = setup_plugins(args.plugin)
 
     ensure_config_yaml(pm)
-    ensure_admins(args.admin)
+
+    # Set a password for each admin user
+    passwords = []
+    if args.password:
+        for admin_user in args.admin:
+            passw = getpass(prompt='Set password for %s: ' % admin_user)
+            passwords.append(passw)
+    ensure_admins(args.admin, passwords)
+
     ensure_usergroups()
     ensure_user_environment(args.user_requirements_txt_url)