From 3dec7efadb418bc065f6aa856e7196cd5a12b65d Mon Sep 17 00:00:00 2001
From: Kenix <kenixwhisperwind@gmail.com>
Date: Wed, 15 Jun 2022 11:42:22 -0400
Subject: [PATCH 1/6] Add user now supports reading password from an env var.

---
 cmd/user.go | 46 ++++++++++++++++++++++++++++++++++------------
 1 file changed, 34 insertions(+), 12 deletions(-)

diff --git a/cmd/user.go b/cmd/user.go
index acc06d4..5a5b1f9 100644
--- a/cmd/user.go
+++ b/cmd/user.go
@@ -6,11 +6,12 @@ import (
 	"crypto/subtle"
 	"errors"
 	"fmt"
+	"strings"
+
 	"github.com/urfave/cli/v2"
 	"github.com/urfave/cli/v2/altsrc"
 	"heckel.io/ntfy/auth"
 	"heckel.io/ntfy/util"
-	"strings"
 )
 
 func init() {
@@ -40,6 +41,7 @@ var cmdUser = &cli.Command{
 			Action:    execUserAdd,
 			Flags: []cli.Flag{
 				&cli.StringFlag{Name: "role", Aliases: []string{"r"}, Value: string(auth.RoleUser), Usage: "user role"},
+				&cli.StringFlag{Name: "user", Aliases: []string{"u"}, EnvVars: []string{"NTFY_USER"}, Usage: "username[:password] used to auth against the server"},
 			},
 			Description: `Add a new user to the ntfy user database.
 
@@ -135,14 +137,38 @@ Examples:
 }
 
 func execUserAdd(c *cli.Context) error {
-	username := c.Args().Get(0)
+	var username string
+	var password string
+	userAndPass := c.String("user")
 	role := auth.Role(c.String("role"))
-	if username == "" {
-		return errors.New("username expected, type 'ntfy user add --help' for help")
-	} else if username == userEveryone {
-		return errors.New("username not allowed")
-	} else if !auth.AllowedRole(role) {
-		return errors.New("role must be either 'user' or 'admin'")
+	if userAndPass != "" {
+		parts := strings.SplitN(userAndPass, ":", 2)
+		if len(parts) == 2 {
+			username = parts[0]
+			password = parts[1]
+		} else {
+			p, err := readPasswordAndConfirm(c)
+			if err != nil {
+				return err
+			}
+			username = userAndPass
+			password = p
+		}
+	} else {
+		username = c.Args().Get(0)
+		if username == "" {
+			return errors.New("username expected, type 'ntfy user add --help' for help")
+		} else if username == userEveryone {
+			return errors.New("username not allowed")
+		} else if !auth.AllowedRole(role) {
+			return errors.New("role must be either 'user' or 'admin'")
+		}
+
+		p, err := readPasswordAndConfirm(c)
+		if err != nil {
+			return err
+		}
+		password = p
 	}
 	manager, err := createAuthManager(c)
 	if err != nil {
@@ -151,10 +177,6 @@ func execUserAdd(c *cli.Context) error {
 	if user, _ := manager.User(username); user != nil {
 		return fmt.Errorf("user %s already exists", username)
 	}
-	password, err := readPasswordAndConfirm(c)
-	if err != nil {
-		return err
-	}
 	if err := manager.AddUser(username, password, role); err != nil {
 		return err
 	}

From 1265e69eee40818e96a89fe4d5011ffb442cb089 Mon Sep 17 00:00:00 2001
From: Kenix <kenixwhisperwind@gmail.com>
Date: Mon, 20 Jun 2022 13:19:54 -0400
Subject: [PATCH 2/6] Changes user add to use a NTFY_PASSWORD env var rather
 than NTFY_USER.

---
 cmd/user.go | 40 ++++++++++++++--------------------------
 1 file changed, 14 insertions(+), 26 deletions(-)

diff --git a/cmd/user.go b/cmd/user.go
index 5a5b1f9..0860519 100644
--- a/cmd/user.go
+++ b/cmd/user.go
@@ -41,7 +41,7 @@ var cmdUser = &cli.Command{
 			Action:    execUserAdd,
 			Flags: []cli.Flag{
 				&cli.StringFlag{Name: "role", Aliases: []string{"r"}, Value: string(auth.RoleUser), Usage: "user role"},
-				&cli.StringFlag{Name: "user", Aliases: []string{"u"}, EnvVars: []string{"NTFY_USER"}, Usage: "username[:password] used to auth against the server"},
+				&cli.StringFlag{Name: "password", Aliases: []string{"p"}, EnvVars: []string{"NTFY_PASSWORD"}, Usage: "user password"},
 			},
 			Description: `Add a new user to the ntfy user database.
 
@@ -137,39 +137,27 @@ Examples:
 }
 
 func execUserAdd(c *cli.Context) error {
-	var username string
-	var password string
-	userAndPass := c.String("user")
+	password := c.String("user")
 	role := auth.Role(c.String("role"))
-	if userAndPass != "" {
-		parts := strings.SplitN(userAndPass, ":", 2)
-		if len(parts) == 2 {
-			username = parts[0]
-			password = parts[1]
-		} else {
-			p, err := readPasswordAndConfirm(c)
-			if err != nil {
-				return err
-			}
-			username = userAndPass
-			password = p
-		}
-	} else {
-		username = c.Args().Get(0)
-		if username == "" {
-			return errors.New("username expected, type 'ntfy user add --help' for help")
-		} else if username == userEveryone {
-			return errors.New("username not allowed")
-		} else if !auth.AllowedRole(role) {
-			return errors.New("role must be either 'user' or 'admin'")
-		}
+	username = c.Args().Get(0)
+	if username == "" {
+		return errors.New("username expected, type 'ntfy user add --help' for help")
+	} else if username == userEveryone {
+		return errors.New("username not allowed")
+	} else if !auth.AllowedRole(role) {
+		return errors.New("role must be either 'user' or 'admin'")
+	}
 
+	// If the password env var was not set, read it from stdin
+	if password == "" {
 		p, err := readPasswordAndConfirm(c)
 		if err != nil {
 			return err
 		}
+
 		password = p
 	}
+
 	manager, err := createAuthManager(c)
 	if err != nil {
 		return err

From 50cd50cfdf1857596cdb9d23ba703695966a0c84 Mon Sep 17 00:00:00 2001
From: Kenix <kenixwhisperwind@gmail.com>
Date: Mon, 20 Jun 2022 13:24:42 -0400
Subject: [PATCH 3/6] Moves password stdin down to the original location.

---
 cmd/user.go | 16 +++++++---------
 1 file changed, 7 insertions(+), 9 deletions(-)

diff --git a/cmd/user.go b/cmd/user.go
index 0860519..e9bc7b2 100644
--- a/cmd/user.go
+++ b/cmd/user.go
@@ -147,7 +147,13 @@ func execUserAdd(c *cli.Context) error {
 	} else if !auth.AllowedRole(role) {
 		return errors.New("role must be either 'user' or 'admin'")
 	}
-
+	manager, err := createAuthManager(c)
+	if err != nil {
+		return err
+	}
+	if user, _ := manager.User(username); user != nil {
+		return fmt.Errorf("user %s already exists", username)
+	}
 	// If the password env var was not set, read it from stdin
 	if password == "" {
 		p, err := readPasswordAndConfirm(c)
@@ -157,14 +163,6 @@ func execUserAdd(c *cli.Context) error {
 
 		password = p
 	}
-
-	manager, err := createAuthManager(c)
-	if err != nil {
-		return err
-	}
-	if user, _ := manager.User(username); user != nil {
-		return fmt.Errorf("user %s already exists", username)
-	}
 	if err := manager.AddUser(username, password, role); err != nil {
 		return err
 	}

From 727c6268b91a3deaf20c284a55701b9fedb312e6 Mon Sep 17 00:00:00 2001
From: Kenix <kenixwhisperwind@gmail.com>
Date: Mon, 20 Jun 2022 13:25:31 -0400
Subject: [PATCH 4/6] Updating order of variables ntfy user add command.

---
 cmd/user.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/cmd/user.go b/cmd/user.go
index e9bc7b2..07970fd 100644
--- a/cmd/user.go
+++ b/cmd/user.go
@@ -137,9 +137,9 @@ Examples:
 }
 
 func execUserAdd(c *cli.Context) error {
-	password := c.String("user")
-	role := auth.Role(c.String("role"))
 	username = c.Args().Get(0)
+	role := auth.Role(c.String("role"))
+	password := c.String("user")
 	if username == "" {
 		return errors.New("username expected, type 'ntfy user add --help' for help")
 	} else if username == userEveryone {

From 7de7e0de1246752d421c977a57147ea1f3f9e474 Mon Sep 17 00:00:00 2001
From: Kenix <kenixwhisperwind@gmail.com>
Date: Mon, 20 Jun 2022 13:26:13 -0400
Subject: [PATCH 5/6] Adds missing colon assignment for username variable in
 ntfy user add command.

---
 cmd/user.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cmd/user.go b/cmd/user.go
index 07970fd..d4d543f 100644
--- a/cmd/user.go
+++ b/cmd/user.go
@@ -137,7 +137,7 @@ Examples:
 }
 
 func execUserAdd(c *cli.Context) error {
-	username = c.Args().Get(0)
+	username := c.Args().Get(0)
 	role := auth.Role(c.String("role"))
 	password := c.String("user")
 	if username == "" {

From f3e59618921e02ad35e046e2ac86e1561dd85564 Mon Sep 17 00:00:00 2001
From: Kenix3 <kenixwhisperwind@gmail.com>
Date: Mon, 20 Jun 2022 14:21:30 -0400
Subject: [PATCH 6/6] Fixes envvar fetch in ntfy user add for password

---
 cmd/user.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cmd/user.go b/cmd/user.go
index d4d543f..f94f625 100644
--- a/cmd/user.go
+++ b/cmd/user.go
@@ -139,7 +139,7 @@ Examples:
 func execUserAdd(c *cli.Context) error {
 	username := c.Args().Get(0)
 	role := auth.Role(c.String("role"))
-	password := c.String("user")
+	password := c.String("password")
 	if username == "" {
 		return errors.New("username expected, type 'ntfy user add --help' for help")
 	} else if username == userEveryone {