codimd icon indicating copy to clipboard operation
codimd copied to clipboard

Published 20 hours ago verified publisher icon hackmdio

Forgotten password process?

Open hugoroy opened this issue 7 years ago • 6 comments

Hello,

I am using an instance run by @pierreozoux and I don't see any "forgotten password" process when a user has registered via email. Is this not implemented?

Sorry if this has been the subject of an issue already, I couldn't find it here.

Best, Hugo

hugoroy avatar Aug 21 '18 20:08 hugoroy

Yes, it's not implemented yet. I still consider local user accounts as not usable right now even when a lot of people want it. Simply because the whole user management is basically not existent. Yes, you can create and you can delete users, but that's it.

You can use the server-side CLI, if you run the instance yourself, to reset user passwords

https://github.com/hackmdio/codimd/blob/3a857a3ab39bd3961e70ccbb4fd5ed89a019e7c6/bin/manage_users#L19

but that's it for now, sorry that it's not more helpful right now.

If you or @pierreozoux want to run a bigger instance, please consider to use LDAP or SAML for user local user management instead of the embedded one.

But if you want to contribute and fix it, that's of course also welcome!

SISheogorath avatar Aug 21 '18 20:08 SISheogorath

Hi SISheogorath and thanks a lot for your prompt answer and for all your contributions to hackmd! It's alright if it's not implemented yet, but indeed, that's an important feature of user management. I'm not able to develop it myself. But if there's anything I can do to help, let me know. I will see what I can do in the limited time I have available.

hugoroy avatar Aug 21 '18 20:08 hugoroy

Hello,

really great tool and would love to start using it for real – I just need to start from scratch and would be happy if you could point me to how I can delete my account (associated with my email) please. Above you mention that this is possible – I just cannot find it.

many thanks for your help! sunny regards from Paris katja

katjaq avatar Oct 11 '18 13:10 katjaq

@katjaq for deleting your account, please see: https://github.com/hackmdio/codimd/issues/1008#issuecomment-428962525

SISheogorath avatar Oct 11 '18 13:10 SISheogorath

Two years and still no progress? What about even allowing a user to change their own password?

wxl avatar Feb 02 '21 22:02 wxl

I've edited raw CodiMD db values before using SQL and it worked fine, perhaps there's a query we can run in the DB to reset a user's password manually? ~~We just need to find the hashing algorithm, the salt, and the plaintext in the codebase.~~ https://github.com/hackmdio/codimd/blob/develop/lib/models/user.js#:~:text=Scrypt

// you can generate the hashed password with Scrypt
// OR create a new user with your desired password, and copy the password field from there 
var Scrypt = require('scrypt-kdf')
await Scrypt.kdf('plaintexthere', await Scrypt.pickParams(0.1))).toString('hex')

    UPDATE "Users"
        SET "password" = 'ScryptHashedPasswordGoesHere'
    WHERE email IN (
        '[email protected]',
    );

pirate avatar Feb 03 '21 01:02 pirate