Deprecate the -reset-password flag, document the new API

cmd/create-account/main.go

@@ -83,6 +83,10 @@ func main() {
 	}
 	cfg := setup.ParseFlags(true)
 
+	if *resetPassword {
+		logrus.Fatalf("The reset-password flag has been replaced by the POST /_dendrite/admin/resetPassword/{localpart} admin API.")
+	}
+
 	if *username == "" {
 		flag.Usage()
 		os.Exit(1)
@@ -102,13 +106,6 @@ func main() {
 		logrus.Fatalln(err)
 	}
 
-	if *resetPassword {
-		if err = passwordReset(*serverURL, *username, pass); err != nil {
-			logrus.Fatalln("Failed to reset the password:", err.Error())
-		}
-		return
-	}
-
 	accessToken, err := sharedSecretRegister(cfg.ClientAPI.RegistrationSharedSecret, *serverURL, *username, pass, *isAdmin)
 	if err != nil {
 		logrus.Fatalln("Failed to create the account:", err.Error())
@@ -117,39 +114,6 @@ func main() {
 	logrus.Infof("Created account: %s (AccessToken: %s)", *username, accessToken)
 }
 
-func passwordReset(serverURL, localpart, password string) error {
-	resetURL := fmt.Sprintf("%s/_dendrite/admin/resetPassword/%s", serverURL, localpart)
-	request := struct {
-		Password string `json:"password"`
-	}{
-		Password: password,
-	}
-	response := struct {
-		Updated bool `json:"password_updated"`
-	}{}
-	js, err := json.Marshal(request)
-	if err != nil {
-		return fmt.Errorf("unable to marshal json: %w", err)
-	}
-	registerReq, err := http.NewRequest(http.MethodPost, resetURL, bytes.NewBuffer(js))
-	if err != nil {
-		return fmt.Errorf("unable to create http request: %w", err)
-	}
-	httpResp, err := cl.Do(registerReq)
-	if err != nil {
-		return fmt.Errorf("unable to create account: %w", err)
-	}
-	if err := json.NewDecoder(httpResp.Body).Decode(&response); err != nil {
-		return fmt.Errorf("unable to decode response: %w", err)
-	}
-	if response.Updated {
-		logrus.Infof("Reset password for user %q and invalidated all user sessions", localpart)
-	} else {
-		logrus.Infof("Failed to reset password for user %q", localpart)
-	}
-	return nil
-}
-
 type sharedSecretRegistrationRequest struct {
 	User     string `json:"username"`
 	Password string `json:"password"`

docs/administration/4_adminapi.md

@@ -13,19 +13,32 @@ without warning.
 
 More endpoints will be added in the future.
 
-## `/_dendrite/admin/evacuateRoom/{roomID}`
+## GET `/_dendrite/admin/evacuateRoom/{roomID}`
 
 This endpoint will instruct Dendrite to part all local users from the given `roomID`
 in the URL. It may take some time to complete. A JSON body will be returned containing
 the user IDs of all affected users.
 
-## `/_dendrite/admin/evacuateUser/{userID}`
+## GET `/_dendrite/admin/evacuateUser/{userID}`
 
 This endpoint will instruct Dendrite to part the given local `userID` in the URL from
 all rooms which they are currently joined. A JSON body will be returned containing
 the room IDs of all affected rooms.
 
-## `/_synapse/admin/v1/register`
+## POST `/_dendrite/admin/resetPassword/{localpart}`
+
+Request body format:
+
+```
+{
+    "password": "new_password_here"
+}
+```
+
+Reset the password of a local user. The `localpart` is the username only, i.e. if
+the full user ID is `@alice:domain.com` then the local part is `alice`.
+
+## GET `/_synapse/admin/v1/register`
 
 Shared secret registration — please see the [user creation page](createusers) for
 guidance on configuring and using this endpoint.