#!/usr/bin/perl -w

######################################################################
#
#
######################################################################

=pod

=head1 NAME

B<bcrypt_rehash_user_password> - Rehash a user's password hash originally generate using C<EP_CRYPT_SHA512> to use C<Crypt::Eksblowfish>.

=head1 SYNOPSIS

B<bcrypt_rehash_user_password> I<repository_id> I<username>

=head1 DESCRIPTION

C<EP_CRYPT_SHA512> is relatively not as secure as when it was implemented.  C<Crypt::Eksblowfish> provides much more secure password hashing.  
To save users having to change their password to use the new hashing method.  Existing hashes can be rehashed to incorporate C<Crypt::Eksblowfish>.

=head1 ARGUMENTS

=over 8

=item B<repository_id> 

The ID of the eprint repository to use.

=item B<username> 

The username of the user to have their password hash rehased.

=back

=head1 OPTIONS

=over 8

=item B<--help>

Print a brief help message and exit.

=item B<--man>

Print the full manual page and then exit.

=item B<--quiet>

Be vewwy vewwy quiet. This option will suppress all output unless an error occurs.

=item B<--verbose>

Explain in detail what is going on.
May be repeated for greater effect.

=item B<--version>

Output version information and exit.

=back   


=cut



use Getopt::Long;
use Pod::Usage;
use strict;

use FindBin;
use lib "$FindBin::Bin/../perl_lib";

use EPrints;

my $version = 0;
my $verbose = 0;
my $quiet = 0;
my $help = 0;
my $man = 0;

GetOptions(
    'help|?' => \$help,
    'man' => \$man,
    'version' => \$version,
    'verbose+' => \$verbose,
    'silent' => \$quiet,
    'quiet' => \$quiet,
) || pod2usage( 2 );
EPrints::Utils::cmd_version( "bcrypt_rehash_user_password" ) if $version;
pod2usage( 1 ) if $help;
pod2usage( -exitstatus => 0, -verbose => 2 ) if $man;
pod2usage( 2 ) if( scalar @ARGV != 2 );

my $noise = 1;
$noise = 0 if( $quiet );
$noise = 1+$verbose if( $verbose );

my $session = new EPrints::Session( 1, $ARGV[0], $noise );
my $db = $session->get_database(); 

my $username = $ARGV[1];

my $Q_password = $db->quote_identifier( "password" );
my $Q_table = $db->quote_identifier( "user" );
my $Q_username = $db->quote_identifier( "username" );

my $sql = "SELECT $Q_username, $Q_password FROM $Q_table WHERE $Q_username=".$db->quote_value($username);

my $sth = $db->prepare( $sql );
$db->execute( $sth , $sql );
my( $real_username, $crypt ) = $sth->fetchrow_array;
$sth->finish;


unless ( defined  $real_username )
{
	print STDERR "ERROR: No user with username: $username\n";
	exit 1;
}

unless ( defined $crypt )
{
	print STDERR "ERROR: Password for user: $username not locally managed.\n";
    exit 1;
}
my %q = URI->new( $crypt )->query_form;
( my $method, my $salt, $crypt ) = @q{ qw( method salt digest ) };

my $new_crypt = EPrints::Utils::bcrypt_rehash( $method, $salt, $crypt );

my $user = EPrints::DataObj::User::user_with_username( $session, $real_username );
$user->set_value( 'password', $new_crypt );
$user->commit;

print "User with username: $real_username have had their password successfully rehashed.\n";

$session->terminate;


=head1 COPYRIGHT

=for COPYRIGHT BEGIN

Copyright 2023 University of Southampton.
EPrints 3.4 is supplied by EPrints Services.

http://www.eprints.org/eprints-3.4/

=for COPYRIGHT END

=for LICENSE BEGIN

This file is part of EPrints 3.4 L<http://www.eprints.org/>.

EPrints 3.4 and this file are released under the terms of the
GNU Lesser General Public License version 3 as published by
the Free Software Foundation unless otherwise stated.

EPrints 3.4 is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the GNU Lesser General Public License for more details.

You should have received a copy of the GNU Lesser General Public
License along with EPrints 3.4.
If not, see L<http://www.gnu.org/licenses/>.

=for LICENSE END