When using Cloudron user management non-cloudron users cannot reset password
-
-
@staff be great to have some input on this - if I'm going to have to start a fresh install to resolve this, the sooner I know that, the better...
But hopefully possible to resolve without having to do that?
@jdaviescoates well besides maybe upstream or app package fixes, I am not sure what further input is required. Generally the package would aim for either leaving the user management to the app or integrate with Cloudron usermanagement, the latter should lock down user registration, so that password reset issue is a non-issue in that case. Still for completeness I am investigating whats missing there.
-
@jdaviescoates well besides maybe upstream or app package fixes, I am not sure what further input is required. Generally the package would aim for either leaving the user management to the app or integrate with Cloudron usermanagement, the latter should lock down user registration, so that password reset issue is a non-issue in that case. Still for completeness I am investigating whats missing there.
@nebulon said in When using Cloudron user management non-cloudron users cannot reset password:
integrate with Cloudron usermanagement, the latter should lock down user registration,
It did not lock down registration (this is also the case with lots of other apps BTW, e.g. Rocket.Chat).
The input I'm asking for: is it possible for me to change the user management settings of an already installed instance of Mastodon?
Or asked another way: are there any changes that can be made to existing package so that when using Cloudron user management non-Cloudron users can still reset their passwords? (at this point wouldn't even care if this would break things for Cloudron users)
Basically: is there anything I can do to get my existing instance of Mastodon I've installed working correctly so that my non-Cloudron users can reset their passwords, or do I need to throw the whole thing away and start again from scratch? (which would no doubt be very annoying for my users who I guess will then loose everything they've done
) -
@nebulon said in When using Cloudron user management non-cloudron users cannot reset password:
integrate with Cloudron usermanagement, the latter should lock down user registration,
It did not lock down registration (this is also the case with lots of other apps BTW, e.g. Rocket.Chat).
The input I'm asking for: is it possible for me to change the user management settings of an already installed instance of Mastodon?
Or asked another way: are there any changes that can be made to existing package so that when using Cloudron user management non-Cloudron users can still reset their passwords? (at this point wouldn't even care if this would break things for Cloudron users)
Basically: is there anything I can do to get my existing instance of Mastodon I've installed working correctly so that my non-Cloudron users can reset their passwords, or do I need to throw the whole thing away and start again from scratch? (which would no doubt be very annoying for my users who I guess will then loose everything they've done
)@jdaviescoates as with any other app on Cloudron, it is not supported to change the usermanagement option later. We have thought of adding that, but it also creates various edge-cases to be dealt with and generally the demand for this was not very high in the past.
For the password reset issue, I so far suspect that this is an upstream bug or simply an unhandled case, but I still need to further debug the app for this, those app internals are not really our expertise of course.
-
@jdaviescoates as with any other app on Cloudron, it is not supported to change the usermanagement option later. We have thought of adding that, but it also creates various edge-cases to be dealt with and generally the demand for this was not very high in the past.
For the password reset issue, I so far suspect that this is an upstream bug or simply an unhandled case, but I still need to further debug the app for this, those app internals are not really our expertise of course.
@nebulon said in When using Cloudron user management non-cloudron users cannot reset password:
For the password reset issue, I so far suspect that this is an upstream bug
I don't get why you think that when it's obviously caused by a change you make to the package when Cloudron user management is enabled, no?
-
@nebulon said in When using Cloudron user management non-cloudron users cannot reset password:
For the password reset issue, I so far suspect that this is an upstream bug
I don't get why you think that when it's obviously caused by a change you make to the package when Cloudron user management is enabled, no?
@jdaviescoates it is far from obvious, as we do not make any special changes besides enabling LDAP and set one other setting to disable external account creation, which apparently is not supported upstream or the setting has changed.
In our experience changing auth handlers, often has unexpected side-effects in apps, which are not easy to understand or pinpoint unless one is an expert of the app itself.
-
@jdaviescoates as with any other app on Cloudron, it is not supported to change the usermanagement option later. We have thought of adding that, but it also creates various edge-cases to be dealt with and generally the demand for this was not very high in the past.
For the password reset issue, I so far suspect that this is an upstream bug or simply an unhandled case, but I still need to further debug the app for this, those app internals are not really our expertise of course.
@nebulon said in When using Cloudron user management non-cloudron users cannot reset password:
is not supported to change the usermanagement option later. We have thought of adding that, but it also creates various edge-cases to be dealt with and generally the demand for this was not very high in the past.
That's what I thought
I've seen lots of people hit issues due to this though, so I think there is probably a fair bit of demand.
So, sounds like I'm going to have to start again with https://safejust.space and lose the 237 followers @DoughnutEconomics already has on there
-
@jdaviescoates it is far from obvious, as we do not make any special changes besides enabling LDAP and set one other setting to disable external account creation, which apparently is not supported upstream or the setting has changed.
In our experience changing auth handlers, often has unexpected side-effects in apps, which are not easy to understand or pinpoint unless one is an expert of the app itself.
@nebulon said in When using Cloudron user management non-cloudron users cannot reset password:
we do not make any special changes besides enabling LDAP
OK, in which case, what I mean is evidently just enabling LDAP is what is causes this issue.
I wonder if there is anyway I can un-enable LDAP in an app initially installed with Cloudron user management enabled?
-
Just for good measure I've created an issue about this over on Mastodon too
-
@jdaviescoates it is far from obvious, as we do not make any special changes besides enabling LDAP and set one other setting to disable external account creation, which apparently is not supported upstream or the setting has changed.
In our experience changing auth handlers, often has unexpected side-effects in apps, which are not easy to understand or pinpoint unless one is an expert of the app itself.
@nebulon said in When using Cloudron user management non-cloudron users cannot reset password:
we do not make any special changes besides enabling LDAP and set one other setting to disable external account creation, which apparently is not supported upstream or the setting has changed.
There is definitely an option within Mastondon to close registrations. I can't remember for sure (would have to reinstall to double check), but I'm pretty sure even though I chose Cloudron user management registrations were open already.
-
@nebulon said in When using Cloudron user management non-cloudron users cannot reset password:
is not supported to change the usermanagement option later. We have thought of adding that, but it also creates various edge-cases to be dealt with and generally the demand for this was not very high in the past.
That's what I thought
I've seen lots of people hit issues due to this though, so I think there is probably a fair bit of demand.
So, sounds like I'm going to have to start again with https://safejust.space and lose the 237 followers @DoughnutEconomics already has on there
-
@jdaviescoates Sounds like I'm going to need to do the same thing, i.e. reinstall without integrated LDAP. Re: losing followers, wonder if you can migrate your account to another server, re-build your Mastodon app, then migrate back?
@ericyu00 said in When using Cloudron user management non-cloudron users cannot reset password:
wonder if you can migrate your account to another server, re-build your Mastodon app, then migrate back?
yeah, thanks, I'd thought about that too and may try it.. shall investigate...
-
@ericyu00 said in When using Cloudron user management non-cloudron users cannot reset password:
wonder if you can migrate your account to another server, re-build your Mastodon app, then migrate back?
yeah, thanks, I'd thought about that too and may try it.. shall investigate...
@jdaviescoates said in When using Cloudron user management non-cloudron users cannot reset password:
@ericyu00 said in When using Cloudron user management non-cloudron users cannot reset password:
wonder if you can migrate your account to another server, re-build your Mastodon app, then migrate back?
yeah, thanks, I'd thought about that too and may try it.. shall investigate...
Ah, I'm not sure that'd work because:
"There is also a very heavy cooldown period in which you cannot migrate again, so be very careful before using this option!"
From https://docs.joinmastodon.org/user/moving/
Frustratingly doesn't say how long that period is though.
-
@jdaviescoates said in When using Cloudron user management non-cloudron users cannot reset password:
@ericyu00 said in When using Cloudron user management non-cloudron users cannot reset password:
wonder if you can migrate your account to another server, re-build your Mastodon app, then migrate back?
yeah, thanks, I'd thought about that too and may try it.. shall investigate...
Ah, I'm not sure that'd work because:
"There is also a very heavy cooldown period in which you cannot migrate again, so be very careful before using this option!"
From https://docs.joinmastodon.org/user/moving/
Frustratingly doesn't say how long that period is though.
@jdaviescoates Hmmm, yeah you're right, that's not ideal. Looks like some places indicate it's a 7-day cooldown period, so would not really work too well unless you want to stay in the new home for a week, then migrate back... Also indicates "Your toots will not be moved, due to technical limitations." - not sure if that's a blocker as well. Wonder if you can export your entire account, rebuild the Cloudron app, then restore the account with the new user management setting applied? I'm about to nuke and rebuild my app, but it was a fresh instance so not losing anything of value... Good luck mate!
-
This one took a bit of time to narrow. It seems there are two things: password recovery and confirmation instructions. The former works. The latter doesn't work after sign up. Maybe that's expected.
Notice there are two separate links below:
-
G girish referenced this topic on
-
@ericyu00 @jdaviescoates I left a note in the github issue. It seems that LDAP login (and other login methods like pam login) are incompatible with external registration.
I will put this in Cloudron's post install message as well.
-
@girish can you preselect the non-cloudron user management as default for these apps that people likely just click through to install and end up in trouble later?
@robi mm, I guess it depends on the use case. For our instance, we actually want user management. Don't want external users to register (under @cloudron.io namespace).
But I do agree. Ideally, we can put some subtext that provides the implications. Maybe upstream will fix the issue though and we don't need to anything as well.
