From 515235163c935c5e9f45513028f1e83444010015 Mon Sep 17 00:00:00 2001
From: Christoph Wurst <christoph@winzerhof-wurst.at>
Date: Wed, 23 Mar 2022 18:44:16 +0100
Subject: Allow app passwords without login password for occ
 user:add-app-password

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
---
 core/Command/User/AddAppPassword.php | 22 ++++++++++++----------
 1 file changed, 12 insertions(+), 10 deletions(-)

(limited to 'core')

diff --git a/core/Command/User/AddAppPassword.php b/core/Command/User/AddAppPassword.php
index 7a2270e20b1..65b572533f5 100644
--- a/core/Command/User/AddAppPassword.php
+++ b/core/Command/User/AddAppPassword.php
@@ -1,4 +1,7 @@
 <?php
+
+declare(strict_types=1);
+
 /**
  * @copyright Copyright (c) 2020, NextCloud, Inc.
  *
@@ -41,10 +44,13 @@ class AddAppPassword extends Command {
 
 	/** @var IUserManager */
 	protected $userManager;
+
 	/** @var IProvider */
 	protected $tokenProvider;
+
 	/** @var ISecureRandom */
 	private $random;
+
 	/** @var IEventDispatcher */
 	private $eventDispatcher;
 
@@ -72,13 +78,14 @@ class AddAppPassword extends Command {
 				'password-from-env',
 				null,
 				InputOption::VALUE_NONE,
-				'read password from environment variable NC_PASS/OC_PASS'
+				'Read password from environment variable NC_PASS/OC_PASS. Alternatively it will be asked for interactively or an app password without the login password will be created.'
 			)
 		;
 	}
 
 	protected function execute(InputInterface $input, OutputInterface $output): int {
 		$username = $input->getArgument('user');
+		$password = null;
 
 		$user = $this->userManager->get($username);
 		if (is_null($user)) {
@@ -98,18 +105,13 @@ class AddAppPassword extends Command {
 
 			$question = new Question('Enter the user password: ');
 			$question->setHidden(true);
+			/** @var null|string $password */
 			$password = $helper->ask($input, $output, $question);
-
-			if ($password === null) {
-				$output->writeln("<error>Password cannot be empty!</error>");
-				return 1;
-			}
-		} else {
-			$output->writeln("<error>Interactive input or --password-from-env is needed for entering a new password!</error>");
-			return 1;
 		}
 
-		$output->writeln('<comment>The password has not been validated, some features might not work as intended.</comment>');
+		if ($password === null) {
+			$output->writeln('<info>No password provided. The generated app password will therefore have limited capabilities. Any operation that requires the login password will fail.</info>');
+		}
 
 		$token = $this->random->generate(72, ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_DIGITS);
 		$generatedToken = $this->tokenProvider->generateToken(
-- 
cgit v1.2.3