docassemble
docassemble copied to clipboard
jhpyle
Locked out by self inflicted wound
Hello. I have locked myself out of my own docassemble account by not using the correct password. I successfully reset it a short while ago, leaving the email Id at “[email protected]. When I changed it a second time I must have forgotten where I noted the new password. The system has a “forgot password” feature which asks the user for their email address. I put in every email address I own but I get the response “email does not exist”. I hope someone can suggest a solution please.
Passwords are stored in SQL in a table called user_auth, in the column called password. You can follow the Troubleshooting steps on the Docker page of the documentation to get inside your server using SSH. Then you can get a psql command line for editing the SQL database by doing the following after you docker exec into the container:
root@abcdefabcdef:/# su postgres
postgres@abcdefabcdef:/$ psql docassemble
psql (11.9 (Debian 11.9-0+deb10u1))
Type "help" for help.
docassemble=# select * from user_auth order by user_id;
This will show you the contents of the user_auth table.
The user_id of the [email protected] user is 1.
The passwords are stored encrypted and the encryption process contains an ingredient that is server-specific. So if my password on my server was cat and on my server the password field was DFGSFWEFASEFARTSFAWHD, that doesn't mean you could change your password to DFGSFWEFASEFARTSFAWHD and be able to log in; it wouldn't work because the two servers encrypt passwords differently. So you will need to use your own server to get an encrypted version of a password
You can take the encrypted password of a user whose password you know and then update the [email protected] password to be the same value. If you don't know the password of anyone else on the server, hopefully your server allows for registration, because then you could register for a new account, set a password, then find that user's password by running select * from user_auth order by user_id;. Users are adding in sequential order by user ID, so whichever user has the highest-value user_id is the user who registered most recently. Once you find the encrypted version of a password you know, you can do:
docassemble=# update user_auth set password='ASDFAWEFAFSDFGSDFASEFAWEFARERGFASRFGASDRG' where user_id=1;
If you get a 404 error on the user login screen, that's because you are being put in "time out" for trying to break into the system. It is only temporary.
By the way, I set the default username to [email protected] so that it would be silly-looking precisely so that people would feel a need to change it. Alas, it seems like a lot of people keep operating with [email protected] as their username even though it inhibits the password recovery mechanism.
Thank you! The timing and comprehensiveness of your reply to questions is remarkable.
Regards, John McConchie
Sent from my iPad
On Jun 23, 2021, at 12:38 PM, jpylephilalegal @.***> wrote:
Passwords are stored in SQL in a table called user_auth, in the column called password. You can follow the Troubleshooting steps on the Docker page of the documentation to get inside your server using SSH. Then you can get a psql command line for editing the SQL database by doing the following after you docker exec into the container:
@.:/# su postgres @.:/$ psql docassemble psql (11.9 (Debian 11.9-0+deb10u1)) Type "help" for help.
docassemble=# select * from user_auth order by user_id;
This will show you the contents of the user_auth table.
The user_id of the @.*** user is 1.
The passwords are stored encrypted and the encryption process contains an ingredient that is server-specific. So if my password on my server was cat and on my server the password field was DFGSFWEFASEFARTSFAWHD, that doesn't mean you could change your password to DFGSFWEFASEFARTSFAWHD and be able to log in; it wouldn't work because the two servers encrypt passwords differently. So you will need to use your own server to get an encrypted version of a password
You can take the encrypted password of a user whose password you know and then update the @.*** password to be the same value. If you don't know the password of anyone else on the server, hopefully your server allows for registration, because then you could register for a new account, set a password, then find that user's password by running select * from user_auth order by user_id;. Users are adding in sequential order by user ID, so whichever user has the highest-value user_id is the user who registered most recently. Once you find the encrypted version of a password you know, you can do:
docassemble=# update user_auth set password='ASDFAWEFAFSDFGSDFASEFAWEFARERGFASRFGASDRG' where user_id=1;
If you get a 404 error on the user login screen, that's because you are being put in "time out" for trying to break into the system. It is only temporary.
By the way, I set the default username to @.*** so that it would be silly-looking precisely so that people would feel a need to change it. Alas, it seems like a lot of people keep operating with @.*** as their username even though it inhibits the password recovery mechanism.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/jhpyle/docassemble/issues/428#issuecomment-867106638, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AGGXIFPS2KYKYJFIWFPXV3LTUIZ3PANCNFSM47GMZO6Q.