Compare commits

...

6 commits

Author SHA1 Message Date
Artemis
ebcb252c66
Merge 26b6c6e883 into ee58285ebd 2024-04-24 07:48:01 +04:00
artemislena
26b6c6e883
T.: Add newline 2024-04-19 20:26:51 +02:00
artemislena
ac8e0b9fef
T.: Don't change this file 2024-04-19 20:26:37 +02:00
artemislena
4adc95224b
T.: Improved string escapes in our scripts 2023-12-16 17:42:15 +01:00
artemislena
676a6800f7
T.: Document manual user registration 2023-10-24 19:33:28 +02:00
artemislena
d9a641f6d7
T.: Document ways for resetting passwords just w standard shell utils 2023-10-24 19:33:08 +02:00
2 changed files with 48 additions and 2 deletions

29
docs/register-user.md Normal file
View file

@ -0,0 +1,29 @@
# Registering users manually
You might want to disable registration in your [instance config](/configuration), but still have a quick way to manually register users upon request. To do so, first set up a separate instance that only listens on localhost, has registration enabled,
and captchas as well as background jobs disabled. Make sure you have a way to start it easily with just one or a few commands, e.g. via a systemd service. Then, use something like the script below (in the example, the instance is started via a systemd
service called `podman-invidious_register`, and it listens on localhost port 21742. **Warning**: This script is vulnerable to SQL injections. Only use trusted inputs; if you want to make a custom signup form and use this as a backend, be sure to
sanitize inputs.
```sh
#!/usr/bin/env bash
set -e
systemctl start podman-invidious_register
CONTINUE='y'
while [ "$CONTINUE" = 'y' ]; do
read -rp 'User ID: ' ID
if [ "$(su postgres -c "psql invidious -c \"SELECT email FROM users WHERE email = '\"'$ID'\"';\"" | tail -n 2 | head -n 1)" != '(0 rows)' ]; then
echo 'Error: User ID is already taken'
continue
fi
read -rsp 'Password: ' PASSWORD
curl -L 'http://localhost:21742/login' --form-string "email=$ID" --form-string "password=$PASSWORD" -F 'action=signin' >/dev/null
read -rp 'Register more accounts? [y/N] ' CONTINUE
done
systemctl stop podman-invidious_register
```

View file

@ -4,10 +4,11 @@ Resetting a user's invidious password needs you to edit the database.
Firstly, generate a bcrypt-encrypted hash for the new password you want to set for the user.
This can be done with the `bcrypt` python module, though there are other ways of doing the same.
This can, for example, be done with the `bcrypt` python module or the `mkpasswd` shell utility (the latter should be preinstalled on most systems):
```
python3 -c 'import bcrypt; print(bcrypt.hashpw(b"<INSERT PASSWORD HERE>", bcrypt.gensalt(rounds=10)).decode("ascii"))'
python3 -c 'import bcrypt; print(bcrypt.hashpw(b"<INSERT PASSWORD HERE>", bcrypt.gensalt(rounds=10)).decode("ascii"))' # python
mkpasswd --method=bcrypt-a -R 10 # mkpasswd
```
To do so, first attach to the database:
@ -23,3 +24,19 @@ UPDATE users SET password = 'HASH' WHERE email = 'USERNAME';
```
After that, the password should be reset.
This script bundles all needed commands so you don't have to enter everything manually every time, and also checks that the username exists before writing to the database:
```sh
#!/bin/sh
set -e
printf 'User ID: '
read -r ID
if [ "$(su postgres -c "psql invidious -c \"SELECT email FROM users WHERE email = '$ID';\"" | tail -n 2 | head -n 1)" != '(1 row)' ]; then
echo 'Error: User ID does not exist'
exit 1
fi
HASH="$(mkpasswd --method=bcrypt-a -R 10)"
su postgres -c "psql invidious -c \"UPDATE users SET password = '\"'$HASH'\"' WHERE email = '\"'$ID'\"';\""
```