From f420487e5e9d6374b2481addd90f067fed343542 Mon Sep 17 00:00:00 2001
From: Luke Bakken <luke@bakken.io>
Date: Sun, 26 Feb 2023 15:09:04 -0800
Subject: [PATCH 1/2] Add documentation for hashing passwords

Fixes #7432

Adds HTTP API documentation as well as `rabbitmqctl hash_password` docs.

Add `rabbitmqctl` docs
---
 deps/rabbit/docs/rabbitmqctl.8                         |  9 +++++++++
 .../rabbitmq/cli/ctl/commands/hash_password_command.ex |  6 +++++-
 deps/rabbitmq_management/priv/www/api/index.html       | 10 ++++++++++
 3 files changed, 24 insertions(+), 1 deletion(-)

diff --git a/deps/rabbit/docs/rabbitmqctl.8 b/deps/rabbit/docs/rabbitmqctl.8
index 4265ce6f21d9..08414d916ce9 100644
--- a/deps/rabbit/docs/rabbitmqctl.8
+++ b/deps/rabbit/docs/rabbitmqctl.8
@@ -2222,6 +2222,15 @@ The name of the queue to purge.
 .Pp
 Purges a queue (removes all messages in it).
 .El
+.\" ------------------------------------------------------------------
+.It Cm hash_password Ar plaintext
+.Bl -tag -width Ds
+.It Ar plaintext
+The plaintext password to hash
+.El
+.Pp
+Hashes a plaintext password according to the currently configured password hashing algorithm
+.El
 .\" ------------------------------------------------------------------------------------------------
 .Sh PLUGIN COMMANDS
 .\" ------------------------------------------------------------------------------------------------
diff --git a/deps/rabbitmq_cli/lib/rabbitmq/cli/ctl/commands/hash_password_command.ex b/deps/rabbitmq_cli/lib/rabbitmq/cli/ctl/commands/hash_password_command.ex
index 5e64e9514eae..b71dcef34d8c 100644
--- a/deps/rabbitmq_cli/lib/rabbitmq/cli/ctl/commands/hash_password_command.ex
+++ b/deps/rabbitmq_cli/lib/rabbitmq/cli/ctl/commands/hash_password_command.ex
@@ -9,7 +9,6 @@ defmodule RabbitMQ.CLI.Ctl.Commands.HashPasswordCommand do
 
   @behaviour RabbitMQ.CLI.CommandBehaviour
   use RabbitMQ.CLI.Core.MergesNoDefaults
-  use RabbitMQ.CLI.DefaultOutput
 
   def run([cleartextpassword], _opts) do
     hash_password(cleartextpassword)
@@ -46,6 +45,9 @@ defmodule RabbitMQ.CLI.Ctl.Commands.HashPasswordCommand do
     :ok
   end
 
+  ## Use default output for all non-special case outputs
+  use RabbitMQ.CLI.DefaultOutput
+
   def usage, do: "hash_password <cleartext_password>"
 
   def banner([arg], _options),
@@ -53,4 +55,6 @@ defmodule RabbitMQ.CLI.Ctl.Commands.HashPasswordCommand do
 
   def banner([], _options),
     do: "Will hash provided password"
+
+  def description(), do: "Hashes a plaintext password"
 end
diff --git a/deps/rabbitmq_management/priv/www/api/index.html b/deps/rabbitmq_management/priv/www/api/index.html
index 561e74c66346..3de7a792831c 100644
--- a/deps/rabbitmq_management/priv/www/api/index.html
+++ b/deps/rabbitmq_management/priv/www/api/index.html
@@ -1157,6 +1157,16 @@ <h2>Reference</h2>
           A list of authentication attempts by remote address and username.
         </td>
       </tr>
+      <tr>
+        <td>X</td>
+        <td></td>
+        <td></td>
+        <td></td>
+        <td class="path">/api/auth/hash_password/<i>plaintext-password</i></td>
+        <td>
+          Hashes <code>plaintext-password</code> according to the currently configured password hashing algorithm.
+        </td>
+      </tr>
     </table>
 
 

From dd90d64a770ab553f82dbcc12c9eefe29a948cee Mon Sep 17 00:00:00 2001
From: Michael Klishin <klishinm@vmware.com>
Date: Mon, 27 Feb 2023 16:19:56 +0400
Subject: [PATCH 2/2] rabbitmqctl(8): move hash_password next to clear_password

---
 deps/rabbit/docs/rabbitmqctl.8 | 17 ++++++++---------
 1 file changed, 8 insertions(+), 9 deletions(-)

diff --git a/deps/rabbit/docs/rabbitmqctl.8 b/deps/rabbit/docs/rabbitmqctl.8
index 08414d916ce9..f99c18efe77f 100644
--- a/deps/rabbit/docs/rabbitmqctl.8
+++ b/deps/rabbit/docs/rabbitmqctl.8
@@ -683,6 +683,14 @@ password for the user named
 This user now cannot log in with a password (but may be able to through
 e.g. SASL EXTERNAL if configured).
 .\" ------------------------------------------------------------------
+.It Cm hash_password Ar plaintext
+.Bl -tag -width Ds
+.It Ar plaintext
+The plaintext password to hash
+.El
+.Pp
+Hashes a plaintext password according to the currently configured password hashing algorithm
+.\" ------------------------------------------------------------------
 .It Cm delete_user Ar username
 .Bl -tag -width Ds
 .It Ar username
@@ -2222,15 +2230,6 @@ The name of the queue to purge.
 .Pp
 Purges a queue (removes all messages in it).
 .El
-.\" ------------------------------------------------------------------
-.It Cm hash_password Ar plaintext
-.Bl -tag -width Ds
-.It Ar plaintext
-The plaintext password to hash
-.El
-.Pp
-Hashes a plaintext password according to the currently configured password hashing algorithm
-.El
 .\" ------------------------------------------------------------------------------------------------
 .Sh PLUGIN COMMANDS
 .\" ------------------------------------------------------------------------------------------------