From ff943704c4a8e9c83e9d52e9a337a32d353f59d4 Mon Sep 17 00:00:00 2001
From: Tim Van Baak <tim.vanbaak@gmail.com>
Date: Tue, 4 Feb 2025 20:22:50 -0800
Subject: [PATCH] Add passwd --stdin

---
 cmd/passwd.go | 38 ++++++++++++++++++++++++++++----------
 1 file changed, 28 insertions(+), 10 deletions(-)

diff --git a/cmd/passwd.go b/cmd/passwd.go
index d24aa02..13349df 100644
--- a/cmd/passwd.go
+++ b/cmd/passwd.go
@@ -1,6 +1,7 @@
 package cmd
 
 import (
+	"bufio"
 	"fmt"
 	"os"
 
@@ -16,9 +17,12 @@ var passwdCmd = &cobra.Command{
 
 Access through the command line should be controlled by standard filesystem
 permissions.
+
+passwd expects to be run from a tty. If you want to pipe the password in, use
+the --stdin flag.
 `,
 	Run: func(cmd *cobra.Command, args []string) {
-		passwd(boolArg(cmd, "verify"))
+		passwd(boolArg(cmd, "verify"), boolArg(cmd, "stdin"))
 	},
 }
 
@@ -26,19 +30,33 @@ func init() {
 	rootCmd.AddCommand(passwdCmd)
 
 	passwdCmd.Flags().Bool("verify", false, "Compare the input password instead of setting it.")
+	passwdCmd.Flags().Bool("stdin", false, "Read the password from stdin. Terminal whitespace is stripped.")
 }
 
-func passwd(verify bool) {
+func passwd(verify bool, stdin bool) {
 	db := openAndMigrateDb()
 
-	fmt.Print("Enter your password: ")
-	bytes, err := term.ReadPassword(int(os.Stdin.Fd()))
-	if err != nil {
-		fmt.Printf("error: failed to read password: %v\n", err)
-		os.Exit(1)
+	var password string
+	if stdin {
+		scanner := bufio.NewScanner(os.Stdin)
+		for scanner.Scan() {
+			password = scanner.Text()
+			break
+		}
+		if scanner.Err() != nil {
+			fmt.Printf("error: failed to read password: %v", scanner.Err())
+			os.Exit(1)
+		}
+	} else {
+		fmt.Print("Enter your password: ")
+		bytes, err := term.ReadPassword(int(os.Stdin.Fd()))
+		if err != nil {
+			fmt.Printf("error: failed to read password: %v\n", err)
+			os.Exit(1)
+		}
+		password = string(bytes)
+		fmt.Println()
 	}
-	password := string(bytes)
-	fmt.Println()
 
 	if verify {
 		match, err := core.CheckPassword(db, password)
@@ -55,7 +73,7 @@ func passwd(verify bool) {
 		}
 	}
 
-	err = core.SetPassword(db, password)
+	err := core.SetPassword(db, password)
 	if err != nil {
 		fmt.Printf("failed to set password: %v\n", err)
 	}