diff options
| author | Richard van der Hoff <github@rvanderhoff.org.uk> | 2016-03-16 10:47:33 +0000 |
|---|---|---|
| committer | Richard van der Hoff <github@rvanderhoff.org.uk> | 2016-03-16 10:47:33 +0000 |
| commit | 467c1599c97a104210844963562abab234843c77 (patch) | |
| tree | c23c5064c4ffe2d5690923b4c799c5482c459e1b | |
| parent | Merge pull request #646 from matrix-org/erikj/reject_invite_federation (diff) | |
| parent | Clarify that we do have reset functionality via the IS (diff) | |
| download | synapse-467c1599c97a104210844963562abab234843c77.tar.xz | |
Merge pull request #648 from matrix-org/rav/password_reset
Password reset docs and script
| -rw-r--r-- | README.rst | 21 | ||||
| -rw-r--r-- | scripts/gen_password | 1 | ||||
| -rwxr-xr-x | scripts/hash_password | 39 |
3 files changed, 59 insertions, 2 deletions
diff --git a/README.rst b/README.rst index 8a745259bf..285fc5aa8a 100644 --- a/README.rst +++ b/README.rst @@ -525,7 +525,6 @@ Logging In To An Existing Account Just enter the ``@localpart:my.domain.here`` Matrix user ID and password into the form and click the Login button. - Identity Servers ================ @@ -545,6 +544,26 @@ as the primary means of identity and E2E encryption is not complete. As such, we are running a single identity server (https://matrix.org) at the current time. +Password reset +============== + +If a user has registered an email address to their account using an identity +server, they can request a password-reset token via clients such as Vector. + +A manual password reset can be done via direct database access as follows. + +First calculate the hash of the new password: + + $ source ~/.synapse/bin/activate + $ ./scripts/hash_password + Password: + Confirm password: + $2a$12$xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx + +Then update the `users` table in the database: + + UPDATE users SET password_hash='$2a$12$xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' + WHERE name='@test:test.com'; Where's the spec?! ================== diff --git a/scripts/gen_password b/scripts/gen_password deleted file mode 100644 index 7afd3a5dfd..0000000000 --- a/scripts/gen_password +++ /dev/null @@ -1 +0,0 @@ -perl -MCrypt::Random -MCrypt::Eksblowfish::Bcrypt -e 'print Crypt::Eksblowfish::Bcrypt::bcrypt("secret", "\$2\$12\$" . Crypt::Eksblowfish::Bcrypt::en_base64(Crypt::Random::makerandom_octet(Length=>16)))."\n"' diff --git a/scripts/hash_password b/scripts/hash_password new file mode 100755 index 0000000000..e784600989 --- /dev/null +++ b/scripts/hash_password @@ -0,0 +1,39 @@ +#!/usr/bin/env python + +import argparse +import bcrypt +import getpass + +bcrypt_rounds=12 + +def prompt_for_pass(): + password = getpass.getpass("Password: ") + + if not password: + raise Exception("Password cannot be blank.") + + confirm_password = getpass.getpass("Confirm password: ") + + if password != confirm_password: + raise Exception("Passwords do not match.") + + return password + +if __name__ == "__main__": + parser = argparse.ArgumentParser( + description="Calculate the hash of a new password, so that passwords" + " can be reset") + parser.add_argument( + "-p", "--password", + default=None, + help="New password for user. Will prompt if omitted.", + ) + + args = parser.parse_args() + password = args.password + + if not password: + password = prompt_for_pass() + + print bcrypt.hashpw(password, bcrypt.gensalt(bcrypt_rounds)) + |