Reminder @benjito @A_Normal_Name
iām having a lot of trouble visually estimating who is ahead. one of our teams could be completely demolishing the other and iād have no idea lol
Reminder @benjito @yebellz @fuseki3 @A_Normal_Name
Does anyone know how to reset the password on the Go Variants server?
Annoying answer
- Submit PR to implement a āforgot password?ā button
- Click the āforgot password?ā button
More pragmatic answer
We have ability to kick users from games, so you could make a new account and re-join.
Annoying answer for admins, who should have added a reset password feature
Or create a new user with the new password and ask someone with database access to copy the encrypted password to your old user (and delete the new one).
Should be impossible, if the passwords are salted as they should be.
You salt with user ID?
Salting with just the user id is not advisable, but some sort of unique salt should be used. If two users with the same password get the same hash, youāre doing it wrong.
Normally isnāt the salt part of the encrypted password, so it can be copied around? Unix passwords work this way, for example.
Exactly this - assuming you havenāt permanently tied salt to a user somehow, itās very possible for an admin to do what @Jon_Ko suggested.
Iām not really in favor of doing it, just wanted to point out, it is possible even with a standard security system.
If two users can choose the same password, and the resulting password hash comes out the same for both, either there was no salt or the salt was pointless. Salt is meant to be unique per user so that the 30 people that all used password123
all still have unique hashes.
However, presumably one could copy over the salt too, not just the hash.
Aaah yeah, thatās a good point. I forgot about that then yeah as long as itās not set up in such a way that salt contains or checks itself against some other uuid such as username, then yeah copying salt and hash from one user to another should work, although definitely not advisable to make a habit of
For me the big hurdle with this feature is adding email notifications.
However implementing the following āworkaroundā would probably be doable currently:
- make it so users can change their password while logged-in
- make it so admins can set a new password for users (so they can send it to this person privately).
We could also allow admin to generate the āreset passwordā link for a user. That way, user doesnt need to reset password another time, and weāre a step closer to the legit email flow, even though we donāt have email.
Ok, I am now yebellz2 on the GoVariants server. Could someone kick yebellz and I will rejoin as yebellz.
Iāll try to remember my password this time
Done!