fix(autobrrctl): prevent empty password (#1468)

* fix(autobrrctl): prevent empty password

* fix(autobrrctl): prevent empty password for create-user aswell
fix(autobrrctl): stringify password in checks

* feat(autobrrctl): validate password length

---------

Co-authored-by: ze0s <ze0s@riseup.net>

cmd/autobrrctl/main.go

@@ -286,32 +286,32 @@ func main() {
 	}
 }
 
-func readPassword() ([]byte, error) {
+func readPassword() (password []byte, err error) {
-	var password []byte
-	var err error
 	fd := int(os.Stdin.Fd())
 
 	if term.IsTerminal(fd) {
 		fmt.Printf("Password: ")
 		password, err = term.ReadPassword(int(os.Stdin.Fd()))
-		if err != nil {
-			return nil, err
-		}
 		fmt.Printf("\n")
+		if err != nil {
+			return nil, errors.Wrap(err, "failed to read password from terminal")
+		}
 	} else {
-		//fmt.Fprintf(os.Stderr, "warning: Reading password from stdin.\n")
 		scanner := bufio.NewScanner(os.Stdin)
 		if !scanner.Scan() {
 			if err := scanner.Err(); err != nil {
-				log.Fatalf("failed to read password from stdin: %v", err)
+				return nil, errors.Wrap(err, "failed to read password from stdin")
 			}
-			log.Fatalf("failed to read password from stdin: stdin is empty %v", err)
-		}
-		password = scanner.Bytes()
 
-		if len(password) == 0 {
+			return nil, errors.New("password input is empty")
-			return nil, errors.New("zero length password")
 		}
+
+		password = scanner.Bytes()
+	}
+
+	// make sure the password is not empty
+	if len(password) == 0 {
+		return nil, errors.New("zero length password")
 	}
 
 	return password, nil

internal/auth/service.go

@@ -154,5 +154,9 @@ func (s *service) ComparePasswordAndHash(password string, hash string) (match bo
 }
 
 func (s *service) CreateHash(password string) (hash string, err error) {
+	if password == "" {
+		return "", errors.New("must supply non empty password to CreateHash")
+	}
+
 	return argon2id.CreateHash(password, argon2id.DefaultParams)
 }