Password reset docs and script

Replace the bash/perl gen_password script with a python one, and write a note on how to use it.
2016-03-16 09:45:37 +00:00 · 2016-03-16 09:45:37 +00:00 · a877209c8b
parent 91779b49c4
commit a877209c8b
3 changed files with 59 additions and 1 deletions
--- a/README.rst
+++ b/README.rst
@ -525,6 +525,26 @@ Logging In To An Existing Account
 Just enter the ``@localpart:my.domain.here`` Matrix user ID and password into
 the form and click the Login button.

+Password reset
+==============
+
+Synapse does not yet support a password-reset function (see
+https://matrix.org/jira/browse/SYN-11). In the meantime, it is possible to
+manually reset a user's password via direct database access.
+
+First calculate the hash of the new password:
+
+    $ source ~/.synapse/bin/activate
+    $ ./scripts/hash_password
+    Password: 
+    Confirm password: 
+    $2a$12$xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+
+Then update the `users` table in the database:
+
+    UPDATE users SET password_hash='$2a$12$xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
+        WHERE name='@test:test.com';
+

 Identity Servers
 ================
--- a/scripts/gen_password
+++ b/scripts/gen_password
@ -1 +0,0 @@
-perl -MCrypt::Random -MCrypt::Eksblowfish::Bcrypt -e 'print Crypt::Eksblowfish::Bcrypt::bcrypt("secret", "\$2\$12\$" . Crypt::Eksblowfish::Bcrypt::en_base64(Crypt::Random::makerandom_octet(Length=>16)))."\n"'
--- a/scripts/hash_password
+++ b/scripts/hash_password
@ -0,0 +1,39 @@
+#!/usr/bin/env python
+
+import argparse
+import bcrypt
+import getpass
+
+bcrypt_rounds=12
+
+def prompt_for_pass():
+    password = getpass.getpass("Password: ")
+
+    if not password:
+        raise Exception("Password cannot be blank.")
+
+    confirm_password = getpass.getpass("Confirm password: ")
+
+    if password != confirm_password:
+        raise Exception("Passwords do not match.")
+
+    return password
+
+if __name__ == "__main__":
+    parser = argparse.ArgumentParser(
+        description="Calculate the hash of a new password, so that passwords"
+                    " can be reset")
+    parser.add_argument(
+        "-p", "--password",
+        default=None,
+        help="New password for user. Will prompt if omitted.",
+    )
+
+    args = parser.parse_args()
+    password = args.password
+
+    if not password:
+        password = prompt_for_pass()
+
+    print bcrypt.hashpw(password, bcrypt.gensalt(bcrypt_rounds))
+
				`@ -1 +0,0 @@`
				`perl -MCrypt::Random -MCrypt::Eksblowfish::Bcrypt -e 'print Crypt::Eksblowfish::Bcrypt::bcrypt("secret", "\$2\$12\$" . Crypt::Eksblowfish::Bcrypt::en_base64(Crypt::Random::makerandom_octet(Length=>16)))."\n"'`