Doc: scripts for manual registration + improve reset password (#459)

* T.: Document ways for resetting passwords just w standard shell utils

* T.: Document manual user registration

* T.: Improved string escapes in our scripts

* T.: Don't change this file

* T.: Add newline
This commit is contained in:
Artemis 2024-06-26 10:13:24 +02:00 committed by GitHub
parent bd5c262fb1
commit d147ff55db
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 48 additions and 2 deletions

29
docs/register-user.md Normal file
View File

@ -0,0 +1,29 @@
# Registering users manually
You might want to disable registration in your [instance config](/configuration), but still have a quick way to manually register users upon request. To do so, first set up a separate instance that only listens on localhost, has registration enabled,
and captchas as well as background jobs disabled. Make sure you have a way to start it easily with just one or a few commands, e.g. via a systemd service. Then, use something like the script below (in the example, the instance is started via a systemd
service called `podman-invidious_register`, and it listens on localhost port 21742. **Warning**: This script is vulnerable to SQL injections. Only use trusted inputs; if you want to make a custom signup form and use this as a backend, be sure to
sanitize inputs.
```sh
#!/usr/bin/env bash
set -e
systemctl start podman-invidious_register
CONTINUE='y'
while [ "$CONTINUE" = 'y' ]; do
read -rp 'User ID: ' ID
if [ "$(su postgres -c "psql invidious -c \"SELECT email FROM users WHERE email = '\"'$ID'\"';\"" | tail -n 2 | head -n 1)" != '(0 rows)' ]; then
echo 'Error: User ID is already taken'
continue
fi
read -rsp 'Password: ' PASSWORD
curl -L 'http://localhost:21742/login' --form-string "email=$ID" --form-string "password=$PASSWORD" -F 'action=signin' >/dev/null
read -rp 'Register more accounts? [y/N] ' CONTINUE
done
systemctl stop podman-invidious_register
```

View File

@ -4,10 +4,11 @@ Resetting a user's invidious password needs you to edit the database.
Firstly, generate a bcrypt-encrypted hash for the new password you want to set for the user.
This can be done with the `bcrypt` python module, though there are other ways of doing the same.
This can, for example, be done with the `bcrypt` python module or the `mkpasswd` shell utility (the latter should be preinstalled on most systems):
```
python3 -c 'import bcrypt; print(bcrypt.hashpw(b"<INSERT PASSWORD HERE>", bcrypt.gensalt(rounds=10)).decode("ascii"))'
python3 -c 'import bcrypt; print(bcrypt.hashpw(b"<INSERT PASSWORD HERE>", bcrypt.gensalt(rounds=10)).decode("ascii"))' # python
mkpasswd --method=bcrypt-a -R 10 # mkpasswd
```
To do so, first attach to the database:
@ -23,3 +24,19 @@ UPDATE users SET password = 'HASH' WHERE email = 'USERNAME';
```
After that, the password should be reset.
This script bundles all needed commands so you don't have to enter everything manually every time, and also checks that the username exists before writing to the database:
```sh
#!/bin/sh
set -e
printf 'User ID: '
read -r ID
if [ "$(su postgres -c "psql invidious -c \"SELECT email FROM users WHERE email = '$ID';\"" | tail -n 2 | head -n 1)" != '(1 row)' ]; then
echo 'Error: User ID does not exist'
exit 1
fi
HASH="$(mkpasswd --method=bcrypt-a -R 10)"
su postgres -c "psql invidious -c \"UPDATE users SET password = '\"'$HASH'\"' WHERE email = '\"'$ID'\"';\""
```