From 776c1083929fe6bb35d8d339435628ea00eba7d9 Mon Sep 17 00:00:00 2001 From: prasket Date: Sun, 19 Jan 2020 18:35:57 -0800 Subject: [PATCH 1/6] created new file with change admin options and removed make admin file. Updated name references as well throughout the project. --- docs/registering-users.md | 6 +++--- docs/updating-users-passwords.md | 2 +- .../matrix-postgres/tasks/setup_postgres.yml | 8 ++++---- .../matrix-change-user-admin-status.j2 | 19 +++++++++++++++++++ .../usr-local-bin/matrix-make-user-admin.j2 | 17 ----------------- 5 files changed, 27 insertions(+), 25 deletions(-) create mode 100644 roles/matrix-postgres/templates/usr-local-bin/matrix-change-user-admin-status.j2 delete mode 100644 roles/matrix-postgres/templates/usr-local-bin/matrix-make-user-admin.j2 diff --git a/docs/registering-users.md b/docs/registering-users.md index 50dd92a96..d5ddc6c75 100644 --- a/docs/registering-users.md +++ b/docs/registering-users.md @@ -24,11 +24,11 @@ If you've just installed Matrix, **to finalize the installation process**, it's ----- -The script `/usr/local/bin/matrix-make-user-admin` may be used to upgrade a user's privileges: +The script `/usr/local/bin/matrix-change-user-admin-status` may be used to change a user's admin privileges: * log on to your server with ssh -* execute with the username: +* execute with the username and 0/1 (0 = non-admin | 1 = admin) ``` -/usr/local/bin/matrix-make-user-admin +/usr/local/bin/matrix-change-user-admin-status <0/1> ``` diff --git a/docs/updating-users-passwords.md b/docs/updating-users-passwords.md index 838e20003..90dfb64e9 100644 --- a/docs/updating-users-passwords.md +++ b/docs/updating-users-passwords.md @@ -34,7 +34,7 @@ where `` is the hash returned by the docker command above. Use the Synapse User Admin API as described here: https://github.com/matrix-org/synapse/blob/master/docs/admin_api/user_admin_api.rst#reset-password -This requires an access token from a server admin account. If you didn't make your account a server admin when you created it, you can use the `/usr/local/bin/matrix-make-user-admin` script as described in [registering-users.md](registering-users.md). Note this method will also log the user out of all of their clients while the other options do not. +This requires an access token from a server admin account. If you didn't make your account a server admin when you created it, you can use the `/usr/local/bin/matrix-change-user-admin-status` script as described in [registering-users.md](registering-users.md). Note this method will also log the user out of all of their clients while the other options do not. ### Example: To set @user:domain.com's password to `correct_horse_battery_staple` you could use this curl command: diff --git a/roles/matrix-postgres/tasks/setup_postgres.yml b/roles/matrix-postgres/tasks/setup_postgres.yml index 9ee09381e..c55a2e65d 100644 --- a/roles/matrix-postgres/tasks/setup_postgres.yml +++ b/roles/matrix-postgres/tasks/setup_postgres.yml @@ -73,10 +73,10 @@ mode: 0750 when: matrix_postgres_enabled|bool -- name: Ensure matrix-make-user-admin script created +- name: Ensure matrix-change-user-admin-status script created template: - src: "{{ role_path }}/templates/usr-local-bin/matrix-make-user-admin.j2" - dest: "/usr/local/bin/matrix-make-user-admin" + src: "{{ role_path }}/templates/usr-local-bin/matrix-change-user-admin-status.j2" + dest: "/usr/local/bin/matrix-change-user-admin-status" mode: 0750 when: matrix_postgres_enabled|bool @@ -146,6 +146,6 @@ state: absent with_items: - matrix-postgres-cli - - matrix-make-user-admin + - matrix-change-user-admin-status - matrix-postgres-update-user-password-hash when: "not matrix_postgres_enabled|bool" diff --git a/roles/matrix-postgres/templates/usr-local-bin/matrix-change-user-admin-status.j2 b/roles/matrix-postgres/templates/usr-local-bin/matrix-change-user-admin-status.j2 new file mode 100644 index 000000000..815a5b10f --- /dev/null +++ b/roles/matrix-postgres/templates/usr-local-bin/matrix-change-user-admin-status.j2 @@ -0,0 +1,19 @@ +#jinja2: lstrip_blocks: "True" +#!/bin/bash + +if [ $# -ne 2 ]; then + echo "Usage: "$0" <0/1>" + echo "Usage: 0 = non-admin" + echo "Usage: 1 = admin" + exit 1 +fi + +docker run \ + -it \ + --rm \ + --user=991:991 \ + --cap-drop=ALL \ + --env-file=/matrix/postgres/env-postgres-psql \ + --network matrix \ + postgres:12.1-alpine \ + psql -h matrix-postgres -c "UPDATE users set admin=$2 WHERE name like '@$1:seattlematrix.org'" diff --git a/roles/matrix-postgres/templates/usr-local-bin/matrix-make-user-admin.j2 b/roles/matrix-postgres/templates/usr-local-bin/matrix-make-user-admin.j2 deleted file mode 100644 index f8daa6a76..000000000 --- a/roles/matrix-postgres/templates/usr-local-bin/matrix-make-user-admin.j2 +++ /dev/null @@ -1,17 +0,0 @@ -#jinja2: lstrip_blocks: "True" -#!/bin/bash - -if [ $# -ne 1 ]; then - echo "Usage: "$0" " - exit 1 -fi - -docker run \ - -it \ - --rm \ - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ - --cap-drop=ALL \ - --env-file={{ matrix_postgres_base_path }}/env-postgres-psql \ - --network {{ matrix_docker_network }} \ - {{ matrix_postgres_docker_image_to_use }} \ - psql -h {{ matrix_postgres_connection_hostname }} -c "UPDATE users set admin=1 WHERE name like '@$1:{{ matrix_domain }}'" From e99497bb60e3ae11c9bf04f2d06c8f7703986294 Mon Sep 17 00:00:00 2001 From: prasket Date: Sun, 19 Jan 2020 18:35:57 -0800 Subject: [PATCH 2/6] created new file with change admin options and removed make admin file. Updated name references as well throughout the project. --- docs/registering-users.md | 6 +++--- docs/updating-users-passwords.md | 2 +- .../matrix-postgres/tasks/setup_postgres.yml | 8 ++++---- .../matrix-change-user-admin-status.j2 | 19 +++++++++++++++++++ .../usr-local-bin/matrix-make-user-admin.j2 | 17 ----------------- 5 files changed, 27 insertions(+), 25 deletions(-) create mode 100644 roles/matrix-postgres/templates/usr-local-bin/matrix-change-user-admin-status.j2 delete mode 100644 roles/matrix-postgres/templates/usr-local-bin/matrix-make-user-admin.j2 diff --git a/docs/registering-users.md b/docs/registering-users.md index 50dd92a96..d5ddc6c75 100644 --- a/docs/registering-users.md +++ b/docs/registering-users.md @@ -24,11 +24,11 @@ If you've just installed Matrix, **to finalize the installation process**, it's ----- -The script `/usr/local/bin/matrix-make-user-admin` may be used to upgrade a user's privileges: +The script `/usr/local/bin/matrix-change-user-admin-status` may be used to change a user's admin privileges: * log on to your server with ssh -* execute with the username: +* execute with the username and 0/1 (0 = non-admin | 1 = admin) ``` -/usr/local/bin/matrix-make-user-admin +/usr/local/bin/matrix-change-user-admin-status <0/1> ``` diff --git a/docs/updating-users-passwords.md b/docs/updating-users-passwords.md index 838e20003..90dfb64e9 100644 --- a/docs/updating-users-passwords.md +++ b/docs/updating-users-passwords.md @@ -34,7 +34,7 @@ where `` is the hash returned by the docker command above. Use the Synapse User Admin API as described here: https://github.com/matrix-org/synapse/blob/master/docs/admin_api/user_admin_api.rst#reset-password -This requires an access token from a server admin account. If you didn't make your account a server admin when you created it, you can use the `/usr/local/bin/matrix-make-user-admin` script as described in [registering-users.md](registering-users.md). Note this method will also log the user out of all of their clients while the other options do not. +This requires an access token from a server admin account. If you didn't make your account a server admin when you created it, you can use the `/usr/local/bin/matrix-change-user-admin-status` script as described in [registering-users.md](registering-users.md). Note this method will also log the user out of all of their clients while the other options do not. ### Example: To set @user:domain.com's password to `correct_horse_battery_staple` you could use this curl command: diff --git a/roles/matrix-postgres/tasks/setup_postgres.yml b/roles/matrix-postgres/tasks/setup_postgres.yml index 9ee09381e..c55a2e65d 100644 --- a/roles/matrix-postgres/tasks/setup_postgres.yml +++ b/roles/matrix-postgres/tasks/setup_postgres.yml @@ -73,10 +73,10 @@ mode: 0750 when: matrix_postgres_enabled|bool -- name: Ensure matrix-make-user-admin script created +- name: Ensure matrix-change-user-admin-status script created template: - src: "{{ role_path }}/templates/usr-local-bin/matrix-make-user-admin.j2" - dest: "/usr/local/bin/matrix-make-user-admin" + src: "{{ role_path }}/templates/usr-local-bin/matrix-change-user-admin-status.j2" + dest: "/usr/local/bin/matrix-change-user-admin-status" mode: 0750 when: matrix_postgres_enabled|bool @@ -146,6 +146,6 @@ state: absent with_items: - matrix-postgres-cli - - matrix-make-user-admin + - matrix-change-user-admin-status - matrix-postgres-update-user-password-hash when: "not matrix_postgres_enabled|bool" diff --git a/roles/matrix-postgres/templates/usr-local-bin/matrix-change-user-admin-status.j2 b/roles/matrix-postgres/templates/usr-local-bin/matrix-change-user-admin-status.j2 new file mode 100644 index 000000000..815a5b10f --- /dev/null +++ b/roles/matrix-postgres/templates/usr-local-bin/matrix-change-user-admin-status.j2 @@ -0,0 +1,19 @@ +#jinja2: lstrip_blocks: "True" +#!/bin/bash + +if [ $# -ne 2 ]; then + echo "Usage: "$0" <0/1>" + echo "Usage: 0 = non-admin" + echo "Usage: 1 = admin" + exit 1 +fi + +docker run \ + -it \ + --rm \ + --user=991:991 \ + --cap-drop=ALL \ + --env-file=/matrix/postgres/env-postgres-psql \ + --network matrix \ + postgres:12.1-alpine \ + psql -h matrix-postgres -c "UPDATE users set admin=$2 WHERE name like '@$1:seattlematrix.org'" diff --git a/roles/matrix-postgres/templates/usr-local-bin/matrix-make-user-admin.j2 b/roles/matrix-postgres/templates/usr-local-bin/matrix-make-user-admin.j2 deleted file mode 100644 index f8daa6a76..000000000 --- a/roles/matrix-postgres/templates/usr-local-bin/matrix-make-user-admin.j2 +++ /dev/null @@ -1,17 +0,0 @@ -#jinja2: lstrip_blocks: "True" -#!/bin/bash - -if [ $# -ne 1 ]; then - echo "Usage: "$0" " - exit 1 -fi - -docker run \ - -it \ - --rm \ - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ - --cap-drop=ALL \ - --env-file={{ matrix_postgres_base_path }}/env-postgres-psql \ - --network {{ matrix_docker_network }} \ - {{ matrix_postgres_docker_image_to_use }} \ - psql -h {{ matrix_postgres_connection_hostname }} -c "UPDATE users set admin=1 WHERE name like '@$1:{{ matrix_domain }}'" From 92c6031c9f19ca609e71fe3e411752a1c4a78d91 Mon Sep 17 00:00:00 2001 From: prasket Date: Mon, 20 Jan 2020 12:59:36 -0800 Subject: [PATCH 3/6] changes to the docs for the new admin modifcation scripts --- docs/registering-users.md | 5 ++++- docs/updating-users-passwords.md | 9 ++++++--- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/docs/registering-users.md b/docs/registering-users.md index d5ddc6c75..cf0ede41b 100644 --- a/docs/registering-users.md +++ b/docs/registering-users.md @@ -24,7 +24,10 @@ If you've just installed Matrix, **to finalize the installation process**, it's ----- -The script `/usr/local/bin/matrix-change-user-admin-status` may be used to change a user's admin privileges: + +## Adding/Removing Administrator privileges to an existing user. + +The script `/usr/local/bin/matrix-change-user-admin-status` may be used to change a user's admin privileges. * log on to your server with ssh * execute with the username and 0/1 (0 = non-admin | 1 = admin) diff --git a/docs/updating-users-passwords.md b/docs/updating-users-passwords.md index 90dfb64e9..698405b41 100644 --- a/docs/updating-users-passwords.md +++ b/docs/updating-users-passwords.md @@ -2,10 +2,11 @@ ## Option 1 (if you are using the default matrix-postgres container): -You can reset a user's password via the Ansible playbook (make sure to edit the `` and `` part below): +You can reset a user's password via the Ansible playbook (make sure to edit the `` and `` part below) ``` -ansible-playbook -i inventory/hosts setup.yml --extra-vars='username= password=' --tags=update-user-password +ansible-playbook -i inventory/hosts setup.yml --extra-vars='user:w +name= password=' --tags=update-user-password ``` **Note**: `` is just a plain username (like `john`), not your full `@:` identifier. @@ -34,7 +35,9 @@ where `` is the hash returned by the docker command above. Use the Synapse User Admin API as described here: https://github.com/matrix-org/synapse/blob/master/docs/admin_api/user_admin_api.rst#reset-password -This requires an access token from a server admin account. If you didn't make your account a server admin when you created it, you can use the `/usr/local/bin/matrix-change-user-admin-status` script as described in [registering-users.md](registering-users.md). Note this method will also log the user out of all of their clients while the other options do not. +This requires an access token from a server admin account. *This method will also log the user out of all of their clients while the other options do not.* + +If you didn't make your account a server admin when you created it, you can use the `/usr/local/bin/matrix-change-user-admin-status` script as described in [registering-users.md](registering-users.md). ### Example: To set @user:domain.com's password to `correct_horse_battery_staple` you could use this curl command: From a23455b697362abf16a9b96783066f670c579228 Mon Sep 17 00:00:00 2001 From: prasket Date: Mon, 20 Jan 2020 13:02:02 -0800 Subject: [PATCH 4/6] accidentaly removed a : --- docs/updating-users-passwords.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/updating-users-passwords.md b/docs/updating-users-passwords.md index 698405b41..e0f6e3ded 100644 --- a/docs/updating-users-passwords.md +++ b/docs/updating-users-passwords.md @@ -2,7 +2,7 @@ ## Option 1 (if you are using the default matrix-postgres container): -You can reset a user's password via the Ansible playbook (make sure to edit the `` and `` part below) +You can reset a user's password via the Ansible playbook (make sure to edit the `` and `` part below): ``` ansible-playbook -i inventory/hosts setup.yml --extra-vars='user:w From 80dd5f0b4697c57fc4d56f0d914dd6b68dd6259c Mon Sep 17 00:00:00 2001 From: prasket Date: Mon, 20 Jan 2020 13:05:46 -0800 Subject: [PATCH 5/6] reversing another accident, forgot vim mode wasnt enabled at the time --- docs/updating-users-passwords.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/docs/updating-users-passwords.md b/docs/updating-users-passwords.md index e0f6e3ded..f2fac643b 100644 --- a/docs/updating-users-passwords.md +++ b/docs/updating-users-passwords.md @@ -5,8 +5,7 @@ You can reset a user's password via the Ansible playbook (make sure to edit the `` and `` part below): ``` -ansible-playbook -i inventory/hosts setup.yml --extra-vars='user:w -name= password=' --tags=update-user-password +ansible-playbook -i inventory/hosts setup.yml --extra-vars='username= password=' --tags=update-user-password ``` **Note**: `` is just a plain username (like `john`), not your full `@:` identifier. From 83e7a8d9e6173ad1919dd9fa5e8edf602be05459 Mon Sep 17 00:00:00 2001 From: prasket Date: Tue, 21 Jan 2020 18:29:17 -0800 Subject: [PATCH 6/6] corrected hardcoded matrix domain and added code to remove old matrix-make-user-admin script per suggestion. --- roles/matrix-postgres/tasks/setup_postgres.yml | 6 ++++++ .../usr-local-bin/matrix-change-user-admin-status.j2 | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/roles/matrix-postgres/tasks/setup_postgres.yml b/roles/matrix-postgres/tasks/setup_postgres.yml index c55a2e65d..16c276770 100644 --- a/roles/matrix-postgres/tasks/setup_postgres.yml +++ b/roles/matrix-postgres/tasks/setup_postgres.yml @@ -80,6 +80,12 @@ mode: 0750 when: matrix_postgres_enabled|bool +- name: (Migration) Ensure old matrix-make-user-admin script deleted + file: + path: "/usr/local/bin/matrix-make-user-admin" + state: absent + when: matrix_postgres_enabled|bool + - name: Ensure matrix-postgres-update-user-password-hash script created template: src: "{{ role_path }}/templates/usr-local-bin/matrix-postgres-update-user-password-hash.j2" diff --git a/roles/matrix-postgres/templates/usr-local-bin/matrix-change-user-admin-status.j2 b/roles/matrix-postgres/templates/usr-local-bin/matrix-change-user-admin-status.j2 index 815a5b10f..5f66ca6cd 100644 --- a/roles/matrix-postgres/templates/usr-local-bin/matrix-change-user-admin-status.j2 +++ b/roles/matrix-postgres/templates/usr-local-bin/matrix-change-user-admin-status.j2 @@ -16,4 +16,4 @@ docker run \ --env-file=/matrix/postgres/env-postgres-psql \ --network matrix \ postgres:12.1-alpine \ - psql -h matrix-postgres -c "UPDATE users set admin=$2 WHERE name like '@$1:seattlematrix.org'" + psql -h matrix-postgres -c "UPDATE users set admin=$2 WHERE name like '@$1:{{ matrix_domain }}'" \ No newline at end of file