diff --git a/docs/register-user.md b/docs/register-user.md new file mode 100644 index 0000000..0e6b024 --- /dev/null +++ b/docs/register-user.md @@ -0,0 +1,29 @@ +# Registering users manually + +You might want to disable registration in your [instance config](/configuration), but still have a quick way to manually register users upon request. To do so, first set up a separate instance that only listens on localhost, has registration enabled, +and captchas as well as background jobs disabled. Make sure you have a way to start it easily with just one or a few commands, e.g. via a systemd service. Then, use something like the script below (in the example, the instance is started via a systemd +service called `podman-invidious_register`, and it listens on localhost port 21742. **Warning**: This script is vulnerable to SQL injections. Only use trusted inputs; if you want to make a custom signup form and use this as a backend, be sure to +sanitize inputs. +```sh +#!/usr/bin/env bash +set -e + +systemctl start podman-invidious_register + +CONTINUE='y' +while [ "$CONTINUE" = 'y' ]; do + read -rp 'User ID: ' ID + if [ "$(su postgres -c "psql invidious -c \"SELECT email FROM users WHERE email = '\"'$ID'\"';\"" | tail -n 2 | head -n 1)" != '(0 rows)' ]; then + echo 'Error: User ID is already taken' + continue + fi + + read -rsp 'Password: ' PASSWORD + + curl -L 'http://localhost:21742/login' --form-string "email=$ID" --form-string "password=$PASSWORD" -F 'action=signin' >/dev/null + + read -rp 'Register more accounts? [y/N] ' CONTINUE +done + +systemctl stop podman-invidious_register +``` diff --git a/docs/reset-password.md b/docs/reset-password.md index 8147677..3cd30c8 100644 --- a/docs/reset-password.md +++ b/docs/reset-password.md @@ -4,10 +4,11 @@ Resetting a user's invidious password needs you to edit the database. Firstly, generate a bcrypt-encrypted hash for the new password you want to set for the user. -This can be done with the `bcrypt` python module, though there are other ways of doing the same. +This can, for example, be done with the `bcrypt` python module or the `mkpasswd` shell utility (the latter should be preinstalled on most systems): ``` -python3 -c 'import bcrypt; print(bcrypt.hashpw(b"", bcrypt.gensalt(rounds=10)).decode("ascii"))' +python3 -c 'import bcrypt; print(bcrypt.hashpw(b"", bcrypt.gensalt(rounds=10)).decode("ascii"))' # python +mkpasswd --method=bcrypt-a -R 10 # mkpasswd ``` To do so, first attach to the database: @@ -23,3 +24,19 @@ UPDATE users SET password = 'HASH' WHERE email = 'USERNAME'; ``` After that, the password should be reset. + +This script bundles all needed commands so you don't have to enter everything manually every time, and also checks that the username exists before writing to the database: +```sh +#!/bin/sh +set -e + +printf 'User ID: ' +read -r ID +if [ "$(su postgres -c "psql invidious -c \"SELECT email FROM users WHERE email = '$ID';\"" | tail -n 2 | head -n 1)" != '(1 row)' ]; then + echo 'Error: User ID does not exist' + exit 1 +fi + +HASH="$(mkpasswd --method=bcrypt-a -R 10)" +su postgres -c "psql invidious -c \"UPDATE users SET password = '\"'$HASH'\"' WHERE email = '\"'$ID'\"';\"" +```