search

oauth-io / oauthd

oauthd - The OAuth Daemon is the open source version of the OAuth.io core
Apache License 2.0
1.53k stars 208 forks source link

Reset admin password? #207

Open youradds opened 6 years ago

youradds commented 6 years ago

Hi,

Howe do you reset the admin password? I found a post from back in 2013, but it talks about a non existent script :/

Cheers

Andy

xewonder commented 4 years ago

ever gound a solution?

Thanks...

youradds commented 4 years ago

Honestly, I can't remember. It was so long ago. Sorry I can't be of more help :(

jons commented 2 years ago

connect directly to the redis instance that you've configured for oauthd in config.local.js and run command KEYS adm:* to confirm you have adm:name, adm:pass set, and optionally adm:salt or something like it. make a copy of these values. use the following node.js script or something like it to either confirm the stored hash is correct for the expected password, or, to generate a new adm:pass value to write back to redis:

const crypto = require('crypto');
const staticsalt = '<same-as-your-config.local.js-staticsalt>';
const generateHash = (data) => {
  const shasum = crypto.createHash('sha1');
  shasum.update(staticsalt + data);
  return shasum.digest('base64');
}
const admsalt = '<read-this-value-from-redis-if-it-exists>';
const h = generateHash('<your-password-here>' + admsalt);
console.log(h);

this function is copied/derived from env.data.generateHash which can be found in bin/data/db.js -- note that the per-user salt stored in adm:salt is specific to my organization's private fork, and also that oauthd might change their hash generation at any time in the future.