From b71f3b042f6bcd5896dd0ee27fc3d8682b6f919d Mon Sep 17 00:00:00 2001
From: Bruno Michel <bmichel@menfin.info>
Date: Mon, 20 Nov 2023 18:15:11 +0100
Subject: [PATCH 1/2] Use COZY_ADMIN_PASSPHRASE for every commands

---
 cmd/root.go                    | 5 ++++-
 debian/uninstall-onboarding.sh | 2 +-
 docs/config.md                 | 4 ++--
 3 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/cmd/root.go b/cmd/root.go
index 8373334c235..73a22784a96 100644
--- a/cmd/root.go
+++ b/cmd/root.go
@@ -96,7 +96,10 @@ func newClient(domain string, scopes ...string) *client.Client {
 }
 
 func newAdminClient() *client.AdminClient {
-	pass := []byte(os.Getenv("COZY_ADMIN_PASSWORD"))
+	pass := []byte(os.Getenv("COZY_ADMIN_PASSPHRASE"))
+	if len(pass) == 0 {
+		pass = []byte(os.Getenv("COZY_ADMIN_PASSWORD"))
+	}
 	if !build.IsDevRelease() {
 		if len(pass) == 0 {
 			var err error
diff --git a/debian/uninstall-onboarding.sh b/debian/uninstall-onboarding.sh
index 5e73cf3247a..f12eea2df7d 100755
--- a/debian/uninstall-onboarding.sh
+++ b/debian/uninstall-onboarding.sh
@@ -1,5 +1,5 @@
 #!/usr/bin/env bash
-export COZY_ADMIN_PASSWORD="$(cat /etc/cozy/.cozy-admin-passphrase)"
+export COZY_ADMIN_PASSPHRASE="$(cat /etc/cozy/.cozy-admin-passphrase)"
 
 function app_installed {
 	DOMAIN="${1}"
diff --git a/docs/config.md b/docs/config.md
index edca730d382..e10d2459803 100644
--- a/docs/config.md
+++ b/docs/config.md
@@ -79,8 +79,8 @@ generate this file, you can use the `cozy-stack config passwd [filepath]`
 command. This command will ask you for a passphrase and will create the
 `cozy-admin-passphrase` at the specified path.
 
-You can use the `COZY_ADMIN_PASSWORD` env variable if you do not want to type
-the passphrase each time you call `cozy-stack`.
+You can use the `COZY_ADMIN_PASSPHRASE` (or `COZY_ADMIN_PASSWORD`) env variable
+if you do not want to type the passphrase each time you call `cozy-stack`.
 
 ### Example
 

From 0213d182c612468ebf4a136efc77cfc12364892c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9bastien=20Blaisot?= <sebastien.blaisot@cozycloud.cc>
Date: Thu, 23 Nov 2023 08:35:54 +0100
Subject: [PATCH 2/2] Forbid empty admin password

---
 cmd/config.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/cmd/config.go b/cmd/config.go
index 74121f982ca..be8caea5f6c 100644
--- a/cmd/config.go
+++ b/cmd/config.go
@@ -74,6 +74,9 @@ passphrase if needed.
 			if !bytes.Equal(pass1, pass2) {
 				return fmt.Errorf("Passphrase missmatch")
 			}
+			if len(pass1) == 0 {
+				return fmt.Errorf("Empty password is forbidden")
+			}
 
 			passphrase = pass1
 		}