From 291d951ee1428955179a5f3ed4435c1538045651 Mon Sep 17 00:00:00 2001
From: Xavier Del Campo Romero <xavi.dcr@tutanota.com>
Date: Sun, 30 Apr 2023 23:25:43 +0200
Subject: [PATCH] usergen: Fix wrong password and username usage

Due to the lack of double quotes, passwords with whitespaces were not
passed correctly to printf(1), thus making users not able to log into
their account.

OTOH, for some reason usernames containing whitespaces made jq(1)
complain, so it has been decided not to support them.
---
 usergen | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/usergen b/usergen
index 42c18fe..b0ec43f 100755
--- a/usergen
+++ b/usergen
@@ -15,7 +15,13 @@ fi
 DIR=$1
 
 echo Username: >&2
-read -r USER
+IFS= read -r USER
+
+if printf '%s' "$USER" | grep -qe '[[:space:]]'
+then
+    echo Username cannot contain whitespaces >&2
+    exit 1
+fi
 
 DB="$DIR/db.json"
 
@@ -26,21 +32,21 @@ then
 fi
 
 echo Password: >&2
-read -r PWD
+IFS= read -r PWD
 echo "Quota, in MiB (leave empty for unlimited quota):" >&2
 read -r QUOTA
 
-PWD=$(printf '%s' $PWD | xxd -p | tr -d '\n')
+PWD=$(printf '%s' "$PWD" | xxd -p | tr -d '\n')
 SALT=$(openssl rand 32 | xxd -p | tr -d '\n')
 KEY=$(openssl rand 32 | xxd -p | tr -d '\n')
-PWD=$(printf '%s%s' $SALT $PWD)
+PWD=$(printf '%s%s' $SALT "$PWD")
 
 ROUNDS=1000
 
 for i in $(seq $ROUNDS)
 do
     printf "\r%d/$ROUNDS" $i >&2
-    PWD=$(printf '%s' $PWD | xxd -p -r | sha256sum | cut -d' ' -f1)
+    PWD=$(printf '%s' "$PWD" | xxd -p -r | sha256sum | cut -d' ' -f1)
 done
 
 echo >&2
@@ -56,7 +62,7 @@ trap cleanup EXIT
 jq ".users += [
 {
     \"name\": \"$USER\",
-    \"password\": \"$PWD\",
+    \"password\": \""$PWD"\",
     \"salt\": \"$SALT\",
     \"key\": \"$KEY\",
     \"quota\": \"$QUOTA\"