Admin API docs: Please add warning about expiring sessions when resetting password

matrix-org / dendrite

Dendrite is a second-generation Matrix homeserver written in Go!

https://matrix-org.github.io/dendrite/

Apache License 2.0

5.65k stars 664 forks source link

Admin API docs: Please add warning about expiring sessions when resetting password #3050

Closed z411 closed 1 year ago

z411 commented 1 year ago

Description:

Hi,

Recently today I reset the password of a user in my homeserver through the admin API but I later learned it had expired all her sessions and she didn't back up her keys, therefore losing all her encrypted messages.

It'd be nice to have a warning under the /resetPassword endpoint about this. If I had known about this, I could've avoided the situation by telling her to make sure to back up encryption keys before I proceeded with the password reset process.

Thanks.

S7evinK commented 1 year ago

Fixed with https://github.com/matrix-org/dendrite/pull/2953, adds a new parameter to specify if other devices should be signed out.