Deprecate the -reset-password flag, document the new API

2026-01-09 07:03:10 -06:00 · 2022-08-12 11:01:02 +01:00 · 2022-08-12 11:01:02 +01:00 · 05b9da29f6
parent a562a40293
commit 05b9da29f6
2 changed files with 20 additions and 43 deletions
--- a/cmd/create-account/main.go
+++ b/cmd/create-account/main.go
@ -83,6 +83,10 @@ func main() {
 	}
 	cfg := setup.ParseFlags(true)

+	if *resetPassword {
+		logrus.Fatalf("The reset-password flag has been replaced by the POST /_dendrite/admin/resetPassword/{localpart} admin API.")
+	}
+
 	if *username == "" {
 		flag.Usage()
 		os.Exit(1)
@ -102,13 +106,6 @@ func main() {
 		logrus.Fatalln(err)
 	}

-	if *resetPassword {
-		if err = passwordReset(*serverURL, *username, pass); err != nil {
-			logrus.Fatalln("Failed to reset the password:", err.Error())
-		}
-		return
-	}
-
 	accessToken, err := sharedSecretRegister(cfg.ClientAPI.RegistrationSharedSecret, *serverURL, *username, pass, *isAdmin)
 	if err != nil {
 		logrus.Fatalln("Failed to create the account:", err.Error())
@ -117,39 +114,6 @@ func main() {
 	logrus.Infof("Created account: %s (AccessToken: %s)", *username, accessToken)
 }

-func passwordReset(serverURL, localpart, password string) error {
-	resetURL := fmt.Sprintf("%s/_dendrite/admin/resetPassword/%s", serverURL, localpart)
-	request := struct {
-		Password string `json:"password"`
-	}{
-		Password: password,
-	}
-	response := struct {
-		Updated bool `json:"password_updated"`
-	}{}
-	js, err := json.Marshal(request)
-	if err != nil {
-		return fmt.Errorf("unable to marshal json: %w", err)
-	}
-	registerReq, err := http.NewRequest(http.MethodPost, resetURL, bytes.NewBuffer(js))
-	if err != nil {
-		return fmt.Errorf("unable to create http request: %w", err)
-	}
-	httpResp, err := cl.Do(registerReq)
-	if err != nil {
-		return fmt.Errorf("unable to create account: %w", err)
-	}
-	if err := json.NewDecoder(httpResp.Body).Decode(&response); err != nil {
-		return fmt.Errorf("unable to decode response: %w", err)
-	}
-	if response.Updated {
-		logrus.Infof("Reset password for user %q and invalidated all user sessions", localpart)
-	} else {
-		logrus.Infof("Failed to reset password for user %q", localpart)
-	}
-	return nil
-}
-
 type sharedSecretRegistrationRequest struct {
 	User     string `json:"username"`
 	Password string `json:"password"`
--- a/docs/administration/4_adminapi.md
+++ b/docs/administration/4_adminapi.md
@ -13,19 +13,32 @@ without warning.

 More endpoints will be added in the future.

-## `/_dendrite/admin/evacuateRoom/{roomID}`
+## GET `/_dendrite/admin/evacuateRoom/{roomID}`

 This endpoint will instruct Dendrite to part all local users from the given `roomID`
 in the URL. It may take some time to complete. A JSON body will be returned containing
 the user IDs of all affected users.

-## `/_dendrite/admin/evacuateUser/{userID}`
+## GET `/_dendrite/admin/evacuateUser/{userID}`

 This endpoint will instruct Dendrite to part the given local `userID` in the URL from
 all rooms which they are currently joined. A JSON body will be returned containing
 the room IDs of all affected rooms.

-## `/_synapse/admin/v1/register`
+## POST `/_dendrite/admin/resetPassword/{localpart}`
+
+Request body format:
+
+```
+{
+    "password": "new_password_here"
+}
+```
+
+Reset the password of a local user. The `localpart` is the username only, i.e. if
+the full user ID is `@alice:domain.com` then the local part is `alice`.
+
+## GET `/_synapse/admin/v1/register`

 Shared secret registration — please see the [user creation page](createusers) for
 guidance on configuring and using this endpoint.