You are here: Home / Matrix.org Homeserver Synapse User Lost Password Manual Reset Through Database

Matrix.org Homeserver Synapse User Lost Password Manual Reset Through Database

If a user doesn't include an email with their matrix account, it is impossible to reset the lost password.

If a user doesn't include an email with their matrix account, it is impossible to reset the lost password. An admin, who can't actually see the original pasword, will have to manually reset the account for a new password.We are using a PostGreSQL install not a nosql setup. In the process it is also recommended once logged into to ADD an email to the account so they can self-service in the future. It is a bit of a pain for the Synapse-homeserver administrator to reset the user password manually.

 

 

Through the Database Approach

 

 

 


manually change matrix homeserver password for a user locked out:
https://paritoshbh.me/blog/reset-user-password-synapse-matrix-homeserver
echo -n yournewpassword | sha256sum
Example: echo -n <yourpasswordhashhere> | sha256sum
output: 76a2355f07d700020ac36825ad03c4e623423140124d2afbddbd941ed7461461 -

 

cd /opt/vencs/matrix-synapse
source bin/activate
/usr/bin/hash_password
Password:
Confirm Password:
copy this output: $2b$12$zAQyaqF223452V3fzyJ9O.BFfwBLWG324534nPtl.pad02Y.M4OO
su postgres
psql
\connect synapse
UPDATE users SET password_hash='$2b$12$zAQyaqF223452V3fzyJ9O.BFfwBLWG324534nPtl.pad02Y.M4OOn' WHERE name='@foouser:rpgsn.net';

Be sure to put the single quotes '  and '  around the actual hash as well as the @username sections.

 

 

Note this has changed slightly due to changes in hash_password, note this is a matrix.org Debian specific implementation, not the Ubuntu generic implementation. 

 

 

Error: 

(matrix-synapse) root@rpgsn:/opt/vencs/matrix-synapse# /usr/bin/hash_password
usage: hash_password [-h] [-p PASSWORD] -c CONFIG
hash_password: error: the following arguments are required: -c/--config

 

Referencing the man pages, there is an example given for a config file you can quickly create (and tweak as desired):

"sample YAML file accepted by hash_password is described below:

bcrypt_rounds: 17 password_config: pepper: "random hashing pepper"

Replace the content inside of the quotes with something else.

 

Example hash_password_config.yaml file:

bcrypt_rounds: 17
password_config:
pepper: "lkmqwermsdferimiaemlksmflsal"

 

Now it will work as expected:

(matrix-synapse) root@rpgsn:/opt/venvs/matrix-synapse# /usr/bin/hash_password -c hash_password_config.yaml
Password:
Confirm password:

$2b$17$4p6VDkcw6MyZzvd7EiyGvwlmerkms0XsM8VC9dFy342rnkjNKJ5Ggm.9tTCN5.

Copy the output of that result, and use that to put into the user's password field in the database.

 

 

 

 

Through the Admin API Approach

 

 

 

 

 

References

 

https://manpages.debian.org/testing/matrix-synapse/hash_password.1.en.html

https://paritoshbh.me/blog/reset-user-password-synapse-matrix-homeserver

https://matrix-org.github.io/synapse/latest/admin_api/user_admin_api.html#reset-password

 

Optional add-ons (we're not currently using):

https://matrix.org/docs/projects/other/synapse-password-reset

 

 

 

 

Navigation