synadm icon indicating copy to clipboard operation
synadm copied to clipboard
verified publisher icon JOJ0

synadm user modify has no option to reset a user's password without logging them out

Open TheArcaneBrony opened this issue 1 year ago • 7 comments

I just ran into this while dealing with a user password reset request :/ This behavior is the default and needs to be opted out of on the synapse admin api: https://matrix-org.github.io/synapse/latest/admin_api/user_admin_api.html#reset-password

TheArcaneBrony avatar Sep 09 '24 04:09 TheArcaneBrony

If you're using synadm user password, then synadm user password --no-logout is probably what you're looking for

JacksonChen666 avatar Sep 09 '24 06:09 JacksonChen666

As to disable that by default (at least in synadm), I'm not sure. That would deviate from the Synapse admin API and would probably be unexpected as well.

JacksonChen666 avatar Sep 09 '24 06:09 JacksonChen666

Ah, there's some context to this at https://matrix.to/#/!mLATeUxylgHiofUzHJ:peek-a-boo.at/$O2xG5tHVJiprCRho4t5PWBIDCDsYkWB-GWxc16ewftk?via=jacksonchen666.com&via=matrix.org&via=envs.net

Edit by @JOJ0, copy over message from Matrix room:

hi all, just wanted to raise this issue ^ cause i just accidentally wiped a user's E2EE keys during a pwd reset request

JacksonChen666 avatar Sep 09 '24 07:09 JacksonChen666

My idea is an interactive prompt on whether to log out (with flags on command line to answer), with warnings about potential issues (encryption etc.)

(Sorry for so many separate comments 🙃)

JacksonChen666 avatar Sep 09 '24 07:09 JacksonChen666

If you're using synadm user password, then synadm user password --no-logout is probably what you're looking for

@TheArcaneBrony could please clarify which synadm command you used?. Was it synadm user password? And only an oversight of the option @JacksonChen666 mentioned? (No worries! Happens!)

I'm open to discuss new defaults or interactive sanity checks!

JOJ0 avatar Sep 10 '24 08:09 JOJ0

Command was synadm user modify -p

TheArcaneBrony avatar Sep 12 '24 00:09 TheArcaneBrony

@TheArcaneBrony I changed the title of this issue to better fit what you might want to report.

Also I'd like to note: The link to the matrix docs you posted:

This behavior is the default and needs to be opted out of on the synapse admin api: https://matrix-org.github.io/synapse/latest/admin_api/user_admin_api.html#reset-password

is not used by synamd user modify,

but - as was mentioned above - is already implemented as synadm user password (including the logout_devices option).

So back to synadm user modify I see that there is a similar logout_devices possibility in the API, which synadm does not currently support: https://element-hq.github.io/synapse/latest/admin_api/user_admin_api.html#create-or-modify-account We should definitely implement it!

JOJ0 avatar Sep 14 '24 07:09 JOJ0