Matthias/conduit

Fork 0

Support user password resets #198

New issue

Closed

opened 2021-12-07 14:52:38 +00:00 by _VZ_ · 20 comments

_VZ_ commented

2021-12-07 14:52:38 +00:00

(Migrated from gitlab.com)

It seems that currently if a user forgets their password, there is no way to do anything about it. It's certainly a good thing that the password can't be recovered, but it would be nice, from server administrator point of view, to be able to reset it (to allow the user to log in from another device, for example).

jfowl commented

2021-12-07 18:04:13 +00:00

(Migrated from gitlab.com)

assigned to @jfowl

jfowl commented

2021-12-07 18:21:01 +00:00

(Migrated from gitlab.com)

Currently, there is no "official" way to do this.

What you can do, is edit the database and change the password manually.
In the sqlite database file is a table called userid_password where the Value is an argon2 hash.
You can use something like https://argon2.online/ to create a hash for a temporary password, overwrite the old hash with it and then change the password from within your client again.

Currently, there is no "official" way to do this. What you can do, is edit the database and change the password manually. In the sqlite database file is a table called `userid_password` where the `Value` is an argon2 hash. You can use something like https://argon2.online/ to create a hash for a temporary password, overwrite the old hash with it and then change the password from within your client again.

jfowl commented

2021-12-07 18:21:05 +00:00

(Migrated from gitlab.com)

unassigned @jfowl

_VZ_ commented

2021-12-07 19:38:31 +00:00

(Migrated from gitlab.com)

Currently, there is no "official" way to do this.

Thanks for confirming this!

What you can do, is edit the database and change the password manually.

I wouldn't mind doing this at all, but unfortunately I don't think I'm using an SQLite database, I think the db file in my database_path directory must be a sled database (at least it's definitely not an SQLite one). Is it possible to edit this one interactively? I couldn't find any tool for doing it for sled databases (assuming this is what it is).

> Currently, there is no "official" way to do this. Thanks for confirming this! > What you can do, is edit the database and change the password manually. I wouldn't mind doing this at all, but unfortunately I don't think I'm using an SQLite database, I think the `db` file in my `database_path` directory must be a sled database (at least it's definitely not an SQLite one). Is it possible to edit this one interactively? I couldn't find any tool for doing it for sled databases (assuming this is what it is).

jfowl commented

2021-12-07 20:11:57 +00:00

(Migrated from gitlab.com)

Unless you explicitly changed something, you are using SQLite. Assuming you are running Linux, would you mind installing sqlite3 and try run sqlite3 conduit.db? You can confirm the presence of the user table with this query

SELECT * FROM userid_password;

Unless you explicitly changed something, you are using SQLite. Assuming you are running Linux, would you mind installing sqlite3 and try run `sqlite3 conduit.db`? You can confirm the presence of the user table with this query ```sql SELECT * FROM userid_password; ```

_VZ_ commented

2021-12-07 22:16:33 +00:00

(Migrated from gitlab.com)

I didn't change anything in the default config, but it's a version from a few months ago (eeb0b59b76), so maybe the defaults have changed since then?

In any case, I'm pretty sure this is not an SQLite database, I know how those look like and this is not it:

% file db
db: data
% od -c db | head -n 1
0000000 177 312 211 225 377 377 317 371 377 377 377 177 036   U 320 371
% sqlite3 db
SQLite version 3.27.2 2019-02-25 16:06:06
Enter ".help" for usage hints.
sqlite> .sch
Error: file is not a database

I didn't change anything in the default config, but it's a version from a few months ago (eeb0b59b764b896d0b7f85977f8cedb123f45fca), so maybe the defaults have changed since then? In any case, I'm pretty sure this is not an SQLite database, I know how those look like and this is not it: ``` % file db db: data % od -c db | head -n 1 0000000 177 312 211 225 377 377 317 371 377 377 377 177 036 U 320 371 % sqlite3 db SQLite version 3.27.2 2019-02-25 16:06:06 Enter ".help" for usage hints. sqlite> .sch Error: file is not a database ```

jfowl commented

2021-12-14 10:01:16 +00:00

(Migrated from gitlab.com)

So assuming you are using the sled database, maybe try to use https://github.com/ShadowJonathan/conduit_toolbox to convert it to a SQLite database, edit it and continue to use it with Conduit v0.2.0.

timokoesters commented

2021-12-14 13:29:03 +00:00

(Migrated from gitlab.com)

Some ideas:

Passwords for regular users can be reset using a command in the admin room
If admin forgets password, he can log in as the @conduit account by adding an emergency_password to Conduit.toml

When the emergency password is in the config, a warning will be sent into the admin room on each restart.

Some ideas: 1. Passwords for regular users can be reset using a command in the admin room 2. If admin forgets password, he can log in as the @conduit account by adding an `emergency_password` to Conduit.toml When the emergency password is in the config, a warning will be sent into the admin room on each restart.

_VZ_ commented

2021-12-14 14:06:33 +00:00

(Migrated from gitlab.com)

Thanks, (1) seems like exactly what I've been looking for but, and sorry if I'm missing something obvious, what exactly is the command to use? I don't see anything relevant in /help output except, potentially, /verify, but I don't really know how to use it. Thanks again!

P.S. Also thanks for the conduit toolbox link, Jonas, this will surely be useful when I finally migrate the server to a newer version. But the fact is that it has been working so well without any intervention on my part so far that I have almost no motivation to touch it. Job too well done, guys :-)

Thanks, (1) seems like exactly what I've been looking for but, and sorry if I'm missing something obvious, what exactly is the command to use? I don't see anything relevant in `/help` output except, potentially, `/verify`, but I don't really know how to use it. Thanks again! P.S. Also thanks for the conduit toolbox link, Jonas, this will surely be useful when I finally migrate the server to a newer version. But the fact is that it has been working so well without any intervention on my part so far that I have almost no motivation to touch it. Job too well done, guys :-)

jfowl commented

2021-12-14 14:59:43 +00:00

(Migrated from gitlab.com)

There might have been a misunderstanding: These are only ideas, nothing that is currently implemented.

_VZ_ commented

2021-12-14 15:01:50 +00:00

(Migrated from gitlab.com)

Oops, sorry, I've indeed misunderstood, thanks for clearing this up. All I can say is that a new admin command for doing this would seem to be a useful addition.

jfowl commented

2022-02-20 09:28:46 +00:00

(Migrated from gitlab.com)

changed title from {-Possibility to reset a password for the user?-} to {+Support user password resets+}

changed title from **{-Possibility to reset a password for the user?-}** to **{+Support user password resets+}**

jpds commented

2022-03-03 23:38:02 +00:00

(Migrated from gitlab.com)

edit the database and change the password manually. In the sqlite database file is a table called userid_password where the Value is an argon2 hash

I did this, and ended up with a panic the next time conduit started (as it seems to have not stored the UPDATE as BLOB) - filed as #250:

thread 'main' panicked at 'called `Result::unwrap()` on an `Err` value: InvalidColumnType(1, "value", Text)', /cargo/registry/src/github.com-1ecc6299db9ec823/rusqlite-0.25.4/src/row.rs:256:23

> edit the database and change the password manually. In the sqlite database file is a table called `userid_password` where the `Value` is an argon2 hash I did this, and ended up with a panic the next time conduit started (as it seems to have not stored the `UPDATE` as `BLOB`) - filed as #250: ``` thread 'main' panicked at 'called `Result::unwrap()` on an `Err` value: InvalidColumnType(1, "value", Text)', /cargo/registry/src/github.com-1ecc6299db9ec823/rusqlite-0.25.4/src/row.rs:256:23 ```

M0dEx commented

2022-04-03 19:12:49 +00:00

(Migrated from gitlab.com)

assigned to @M0dEx

M0dEx commented

2022-04-03 19:20:26 +00:00

(Migrated from gitlab.com)

So how would we do 1)?

Have a command for the administrator where they could set the password and then send it to the user?
Perhaps have a switch to automatically generate it, so the administrator does not have to?

So how would we do 1)? Have a command for the administrator where they could set the password and then send it to the user? Perhaps have a switch to automatically generate it, so the administrator does not have to?

M0dEx commented

2022-04-03 19:20:55 +00:00

(Migrated from gitlab.com)

created branch 198-support-user-password-resets to address this issue

created branch [`198-support-user-password-resets`](/famedly/conduit/-/compare/next...198-support-user-password-resets) to address this issue

M0dEx commented

2022-04-03 19:23:26 +00:00

(Migrated from gitlab.com)

mentioned in merge request !339