Clear password feature

containers/types.go

@@ -242,6 +242,23 @@ func (c *Container) SetPassword(password string) error {
 	return err
 }
 
+// ClearPassword removes password for system user app in the container
+func (c *Container) ClearPassword() error {
+	driver := c.getDriver()
+
+	_, err := driver.Exec(c.App.Name, []string{"passwd", "-d", "app"}, "", []string{}, false)
+	if err != nil {
+		return err
+	}
+
+	_, err = driver.Exec(c.App.Name, []string{"rm", "-f", passwordFile}, "", []string{}, false)
+	if err != nil {
+		return err
+	}
+
+	return err
+}
+
 // Generate SSH keys and copies it into authorized keys
 // Returns true if the key was generated in this call and error if there is any.
 // The container has to run for this to work.

glue/main.go

@@ -591,6 +591,26 @@ func (p *Processor) SetPassword(password string) error {
 	return nil
 }
 
+// ClearPassword removes password from the SSH user
+func (p *Processor) ClearPassword() error {
+	err := p.waitForApp()
+	if err != nil {
+		return err
+	}
+
+	container, err := p.getContainer()
+	if err != nil {
+		return err
+	}
+
+	err = container.ClearPassword()
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
 // Generate SSH key and adds it into authorized_keys
 // These pair of keys is used for deployment.
 // Returns private key, pubkey and error.

handlers.go

@@ -212,6 +212,26 @@ func setPasswordHandler(c echo.Context) error {
 	return c.JSON(http.StatusOK, Message{Message: "ok"})
 }
 
+// Clear password for the app user in the container
+func clearPasswordHandler(c echo.Context) error {
+	name := c.Param("name")
+
+	processor := glue.Processor{
+		AppName:    name,
+		DB:         common.GetDBConnection(),
+		DockerSock: config.DockerSocket,
+		BindIPHTTP: config.AppsBindIPHTTP,
+		BindIPSSH:  config.AppsBindIPSSH,
+		AppsPath:   config.AppsPath,
+	}
+	err := processor.ClearPassword()
+	if err != nil {
+		return c.JSONPretty(http.StatusInternalServerError, Message{Message: err.Error()}, JSONIndent)
+	}
+
+	return c.JSON(http.StatusOK, Message{Message: "ok"})
+}
+
 // Copies body of the request into /srv/.ssh/authorized_keys
 func setKeysHandler(c echo.Context) error {
 	name := c.Param("name")

handlers_nats.go

@@ -57,6 +57,7 @@ func _messageHandler(m *nats.Msg) error {
 		"get_active_tech":            getActiveTechHandler,
 		"update_keys":                updateKeysEventHandler,
 		"set_password":               setPasswordEventHandler,
+		"clear_password":             clearPasswordEventHandler,
 		"processes":                  processesEventHandler,
 		"enable_tech":                enableTechEventHandler,
 		"rebuild":                    rebuildEventHandler,
@@ -538,6 +539,30 @@ func setPasswordEventHandler(m *nats.Msg, message *RequestMessage) error {
 	return nil
 }
 
+// Clear password for the app user in the container
+func clearPasswordEventHandler(m *nats.Msg, message *RequestMessage) error {
+	processor := glue.Processor{
+		AppName:           message.AppName,
+		DB:                common.GetDBConnection(),
+		SnapshotProcessor: &snapshotProcessor,
+		DockerSock:        config.DockerSocket,
+		BindIPHTTP:        config.AppsBindIPHTTP,
+		BindIPSSH:         config.AppsBindIPSSH,
+		AppsPath:          config.AppsPath,
+	}
+	err := processor.ClearPassword()
+
+	if err != nil {
+		log.Println("ERROR password clearing problem: " + err.Error())
+		publish(message.AppName, "backend problem", true)
+		return err
+	}
+
+	publish(message.AppName, "password deleted", false)
+
+	return nil
+}
+
 // Application processes
 func processesEventHandler(m *nats.Msg, message *RequestMessage) error {
 	processor := glue.Processor{

main.go

@@ -174,6 +174,9 @@ func main() {
 	// Set password for the app user in the container
 	e.PUT("/v1/apps/:name/password", setPasswordHandler)
 
+	// Clear password for the app user in the container
+	e.DELETE("/v1/apps/:name/password", clearPasswordHandler)
+
 	// Copies body of the request into /srv/.ssh/authorized_keys
 	e.PUT("/v1/apps/:name/keys", setKeysHandler)