mirror of
https://mau.dev/maunium/synapse.git
synced 2024-12-20 23:43:51 +01:00
Merge pull request #648 from matrix-org/rav/password_reset
Password reset docs and script
This commit is contained in:
commit
467c1599c9
3 changed files with 59 additions and 2 deletions
21
README.rst
21
README.rst
|
@ -525,7 +525,6 @@ Logging In To An Existing Account
|
||||||
Just enter the ``@localpart:my.domain.here`` Matrix user ID and password into
|
Just enter the ``@localpart:my.domain.here`` Matrix user ID and password into
|
||||||
the form and click the Login button.
|
the form and click the Login button.
|
||||||
|
|
||||||
|
|
||||||
Identity Servers
|
Identity Servers
|
||||||
================
|
================
|
||||||
|
|
||||||
|
@ -545,6 +544,26 @@ as the primary means of identity and E2E encryption is not complete. As such,
|
||||||
we are running a single identity server (https://matrix.org) at the current
|
we are running a single identity server (https://matrix.org) at the current
|
||||||
time.
|
time.
|
||||||
|
|
||||||
|
Password reset
|
||||||
|
==============
|
||||||
|
|
||||||
|
If a user has registered an email address to their account using an identity
|
||||||
|
server, they can request a password-reset token via clients such as Vector.
|
||||||
|
|
||||||
|
A manual password reset can be done via direct database access as follows.
|
||||||
|
|
||||||
|
First calculate the hash of the new password:
|
||||||
|
|
||||||
|
$ source ~/.synapse/bin/activate
|
||||||
|
$ ./scripts/hash_password
|
||||||
|
Password:
|
||||||
|
Confirm password:
|
||||||
|
$2a$12$xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
|
||||||
|
|
||||||
|
Then update the `users` table in the database:
|
||||||
|
|
||||||
|
UPDATE users SET password_hash='$2a$12$xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
|
||||||
|
WHERE name='@test:test.com';
|
||||||
|
|
||||||
Where's the spec?!
|
Where's the spec?!
|
||||||
==================
|
==================
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
perl -MCrypt::Random -MCrypt::Eksblowfish::Bcrypt -e 'print Crypt::Eksblowfish::Bcrypt::bcrypt("secret", "\$2\$12\$" . Crypt::Eksblowfish::Bcrypt::en_base64(Crypt::Random::makerandom_octet(Length=>16)))."\n"'
|
|
39
scripts/hash_password
Executable file
39
scripts/hash_password
Executable file
|
@ -0,0 +1,39 @@
|
||||||
|
#!/usr/bin/env python
|
||||||
|
|
||||||
|
import argparse
|
||||||
|
import bcrypt
|
||||||
|
import getpass
|
||||||
|
|
||||||
|
bcrypt_rounds=12
|
||||||
|
|
||||||
|
def prompt_for_pass():
|
||||||
|
password = getpass.getpass("Password: ")
|
||||||
|
|
||||||
|
if not password:
|
||||||
|
raise Exception("Password cannot be blank.")
|
||||||
|
|
||||||
|
confirm_password = getpass.getpass("Confirm password: ")
|
||||||
|
|
||||||
|
if password != confirm_password:
|
||||||
|
raise Exception("Passwords do not match.")
|
||||||
|
|
||||||
|
return password
|
||||||
|
|
||||||
|
if __name__ == "__main__":
|
||||||
|
parser = argparse.ArgumentParser(
|
||||||
|
description="Calculate the hash of a new password, so that passwords"
|
||||||
|
" can be reset")
|
||||||
|
parser.add_argument(
|
||||||
|
"-p", "--password",
|
||||||
|
default=None,
|
||||||
|
help="New password for user. Will prompt if omitted.",
|
||||||
|
)
|
||||||
|
|
||||||
|
args = parser.parse_args()
|
||||||
|
password = args.password
|
||||||
|
|
||||||
|
if not password:
|
||||||
|
password = prompt_for_pass()
|
||||||
|
|
||||||
|
print bcrypt.hashpw(password, bcrypt.gensalt(bcrypt_rounds))
|
||||||
|
|
Loading…
Reference in a new issue