#!/usr/bin/env python3
"""
Generate a bcrypt hash for a password. Use this to set or reset an admin user's
password in the database when you can't log in.

  python3 scripts/set_admin_password.py 'your_new_password'

Then on the server (or any client with DB access):

  psql -U postgres -d portal_auth -c "UPDATE users SET password_hash = '<paste hash here>' WHERE username = 'admin';"

Or from the Auth LXC:
  sudo -u postgres psql -d portal_auth -c "UPDATE users SET password_hash = '<hash>', role = 'admin', is_active = TRUE WHERE username = 'admin';"
"""
import sys
import bcrypt

def main():
    if len(sys.argv) < 2:
        print(__doc__, file=sys.stderr)
        sys.exit(1)
    password = sys.argv[1]
    if len(password) < 8:
        print("Password must be at least 8 characters.", file=sys.stderr)
        sys.exit(1)
    h = bcrypt.hashpw(password.encode("utf-8"), bcrypt.gensalt()).decode("utf-8")
    print(h)


if __name__ == "__main__":
    main()