user modify: Warn on activating passwordless users

- Log a warning when 'user modify --activate' is issued without setting a password (but don't quit synadm). - This fixes allowing silently activating passwordless users, instroduced in PR #39. - In batch mode though, the warning is not logged and the command still is silently accepted!
JOJ0 · Nov 7, 2021 · 333166d · 333166d
1 parent 6c9723f
commit 333166d
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/synadm/cli/user.py b/synadm/cli/user.py
@@ -282,6 +282,14 @@ def modify(ctx, helper, user_id, password, password_prompt, display_name,
     if password_prompt and password:
         click.echo("Use either '-p' or '-P secret', not both.")
         raise SystemExit(1)
+    if deactivation == "activate" and not (password_prompt or password):
+        if not helper.batch:
+            helper.log.warning(
+                "You have not set a password. In SSO (Single sign-on) "
+                "environments this is a valid use-case. If you do want to set "
+                "a password, either reissue the 'user modify' command using "
+                "option '-p' or '-P secret' or use the 'user password'."
+            )
     if deactivation == "deactivate" and (password_prompt or password):
         click.echo(
             "Deactivating a user and setting a password doesn't make sense.")