From bdea0216e9712d57ca555d5f877bdac230b7d41f Mon Sep 17 00:00:00 2001
From: Cash Williams <CashWilliams@gmail.com>
Date: Fri, 2 Feb 2018 12:02:22 -0600
Subject: [PATCH] sql-sanitize to generate random user password (3086)

---
 src/Drupal/Commands/sql/SanitizeUserTableCommands.php | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/Drupal/Commands/sql/SanitizeUserTableCommands.php b/src/Drupal/Commands/sql/SanitizeUserTableCommands.php
index 9f005f9ffa..cdb0a0c9b9 100644
--- a/src/Drupal/Commands/sql/SanitizeUserTableCommands.php
+++ b/src/Drupal/Commands/sql/SanitizeUserTableCommands.php
@@ -5,6 +5,7 @@
 use Drupal\Core\Database\Database;
 use Drush\Commands\DrushCommands;
 use Drush\Sql\SqlBase;
+use Drush\Utils\StringUtils;
 use Symfony\Component\Console\Input\InputInterface;
 
 /**
@@ -39,8 +40,13 @@ public function sanitize($result, CommandData $commandData)
 
         // Sanitize passwords.
         if ($this->isEnabled($options['sanitize-password'])) {
+            $password = $options['sanitize-password'];
+            if (is_null($password)) {
+                $password = StringUtils::generatePassword();
+            }
+
             // Mimic Drupal's /scripts/password-hash.sh
-            $hash = $this->passwordHasher->hash($options['sanitize-password']);
+            $hash = $this->passwordHasher->hash($password);
             $query->fields(['pass' => $hash]);
             $messages[] = dt('User passwords sanitized.');
         }
@@ -86,7 +92,7 @@ public function sanitize($result, CommandData $commandData)
      * @option sanitize-password The password to assign to all accounts in the
      *   sanitization operation, or "no" to keep passwords unchanged.
      */
-    public function options($options = ['sanitize-email' => 'user+%uid@localhost.localdomain', 'sanitize-password' => 'password'])
+    public function options($options = ['sanitize-email' => 'user+%uid@localhost.localdomain', 'sanitize-password' => NULL])
     {
     }