Reset User Password In Synapse, Matrix Reference Homeserver

I have been running an instance of Matrix homeserver for over a year now in a desperate effor to move away from apps like Whatsapp, Telegram, Skype, et al. If not my extendend family or friends, at-least my family and girlfriend have been using it rather extensively now without any major issues (Yay!) until recently when my girlfriend had to login to her account on her work laptop when she realized she forgot her password.

Forgotten password?! That’s easy right? 99.99% of service providers/apps/software out there carry an option to Reset Password. No biggie, so should Matrix, in some form or other. Right? Wrong. I use Riot as the front-end for Matrix, both on the web and mobile. Although it provides an option of Forgot your password? but that’s only valid if the user has setup an email address. In this case though, there wasn’t any email tied to her account. So, a no go.

Next option was to directly edit Matrix database, a quick google search landed me on Password reset section in Synapse’s repo. Seemed pretty straight forward but it wasn’t really. Since I didn’t use Python’s virtual env (but used the repo for debian), the steps didn’t really apply in my case. Instead here’s what I did (after logging in to the server),

  1. Generate hash for new password using (globally registered) hash_password

  2. A hash will be generated for the given password, something like $2b$12$3UmfToQigSLQpEjdzeAnJuryAvzDMth0M2i5q9Ka6RuMeAc3THviS. Copy the generated hash, somewhere safe. Matrix Homeserver Password Hashing

  3. Open sqlite database (*.db) located at /var/lib/matrix-synapse as user matrix-synapse by typing in sudo -u matrix-synapse sqlite3 <DB_NAME>.db.

  4. Once in database shell, update the user’s password hash to one we generated earlier like so,

    UPDATE users 
    SET password_hash='$2b$12$ED4NT7N6tI4Mbq/IKZES6.oilx0k2iK4DN3a6wPWIEpXSAsIOWe3e' 
    WHERE name='<MATRIX_USERNAME>';
  5. Quit from shell .quit; and test the updated password!

Note that it’s a good idea to cross check the username before attempting to update password hash, you can get a list of all user by running the following user in database shell,

SELECT * FROM users;