Updated migration script v3

now sets unix permissions to 600 for the generated password file
This commit is contained in:
Rohan Sircar 2020-08-11 15:05:40 +05:30
parent 474d014f09
commit ced84a05a6

View File

@ -2,6 +2,9 @@ package db.migration;
import java.io.BufferedWriter; import java.io.BufferedWriter;
import java.io.FileWriter; import java.io.FileWriter;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.nio.file.attribute.PosixFilePermission;
import java.security.SecureRandom; import java.security.SecureRandom;
import java.sql.PreparedStatement; import java.sql.PreparedStatement;
@ -43,10 +46,32 @@ public class V3__add_default_admin extends BaseJavaMigration {
try (final PreparedStatement ps = context.getConnection() try (final PreparedStatement ps = context.getConnection()
.prepareStatement("insert into users (user_id, name, password) values (0,?,?)")) { .prepareStatement("insert into users (user_id, name, password) values (0,?,?)")) {
final String generatedPassword = generatePassword(60, ALPHA_CAPS + ALPHA + SPECIAL_CHARS); final String generatedPassword = generatePassword(60, ALPHA_CAPS + ALPHA + SPECIAL_CHARS);
final BufferedWriter bw = new BufferedWriter(new FileWriter("gen-password.txt")); final BufferedWriter bw = new BufferedWriter(
new FileWriter("gen-password.txt"));
bw.write(generatedPassword); bw.write(generatedPassword);
bw.write("\nPlease delete this file"); bw.write("\nPlease delete this file");
bw.close(); bw.close();
final var perms = Files.getPosixFilePermissions(Paths.get(
"gen-password.txt"));
//add owners permission
perms.add(PosixFilePermission.OWNER_READ);
perms.add(PosixFilePermission.OWNER_WRITE);
perms.remove(PosixFilePermission.OWNER_EXECUTE);
//add group permissions
perms.remove(PosixFilePermission.GROUP_READ);
perms.remove(PosixFilePermission.GROUP_WRITE);
perms.remove(PosixFilePermission.GROUP_EXECUTE);
//add others permissions
perms.remove(PosixFilePermission.OTHERS_READ);
perms.remove(PosixFilePermission.OTHERS_WRITE);
perms.remove(PosixFilePermission.OTHERS_EXECUTE);
Files.setPosixFilePermissions(Paths.get("gen-password.txt"), perms);
ps.setString(1, "admin"); ps.setString(1, "admin");
ps.setString(2, passwordEncoder.encode(generatedPassword)); ps.setString(2, passwordEncoder.encode(generatedPassword));
ps.execute(); ps.execute();