sql-sanitize to generate random user password (fixes #3086)

src/Drupal/Commands/sql/SanitizeUserTableCommands.php

@@ -5,6 +5,7 @@
 use Drupal\Core\Database\Database;
 use Drush\Commands\DrushCommands;
 use Drush\Sql\SqlBase;
+use Drush\Utils\StringUtils;
 use Symfony\Component\Console\Input\InputInterface;
 
 /**
@@ -39,8 +40,13 @@ public function sanitize($result, CommandData $commandData)
 
         // Sanitize passwords.
         if ($this->isEnabled($options['sanitize-password'])) {
+            $password = $options['sanitize-password'];
+            if (is_null($password)) {
+                $password = StringUtils::generatePassword();
+            }
+
             // Mimic Drupal's /scripts/password-hash.sh
-            $hash = $this->passwordHasher->hash($options['sanitize-password']);
+            $hash = $this->passwordHasher->hash($password);
             $query->fields(['pass' => $hash]);
             $messages[] = dt('User passwords sanitized.');
         }
@@ -86,7 +92,7 @@ public function sanitize($result, CommandData $commandData)
      * @option sanitize-password The password to assign to all accounts in the
      *   sanitization operation, or "no" to keep passwords unchanged.
      */
-    public function options($options = ['sanitize-email' => 'user+%[email protected]', 'sanitize-password' => 'password'])
+    public function options($options = ['sanitize-email' => 'user+%[email protected]', 'sanitize-password' => NULL])
     {
     }