Change Cloudron user management to Mastodon (app) user management on existed app
-
For now, we have a huge issue with user password reset in the case when using Cloudron user management, and as far as I understood there is no anyway for solving this issue now.
My question: is it possible move non-Cloudrone users to Mastodon user management system in existed app?
-
ah right, so I tried to at least find out how mastodon stores the user account state (which backend to be used) in the db, but it seems they don't, which makes it even harder to migrate. Can you maybe ask with the upstream project on how users can be migrated between the user backends?
-
@nebulon thx for you suggestion!
After small research of my two instances (with Cloudron user management and with Mastodon user management) I notice that in bose instances inside postgres DB existed "public.users" table that contains "encrypted_password" values. So I assume that if I'll be able manually disable SSO through .env.production, then users will be able to log in and recover passwords. Am I right? -
So, how switch your currently existing Mastodon app from Cloudron user management to Mastodon user management?
Short answer - it is impossible, but... You can save settings and create DB dump, then delete the old app, create a new one and apply old settings and dump of DB!
This approach works only if your Mastodone app use external file storage for files (like S3 or else). If you store user files inside Cloudron - you need to download them to your computer before switching!Prerequisite:
- You need dump of app postgress DB. It can be done through app console and command
PGPASSWORD=${CLOUDRON_POSTGRESQL_PASSWORD} pg_dump --no-owner --no-privileges --username=${CLOUDRON_POSTGRESQL_USERNAME} --host=${CLOUDRON_POSTGRESQL_HOST} ${CLOUDRON_POSTGRESQL_DATABASE} > /tmp/pgdump.sql
Your dump will be waiting for you attmp/pgdump.sql
. Just upload it to your local machine by pressing "Upload" button in app terminal (PC, laptop, whatever) - You need to save your custom settings from
.env.production
file. File placed inapp/code
folder - just typels -a
to see it and then use vim to copy file content. - In app settings save to notes your notification email-address (if you change it after installation).
Steps to switching:
0. Turn on RecoveryMode of your old instance- Save all settings and DB dump (see info above)
- Delete old app
- Install new Mastodon app from Cloudrone AppStore
- !IMPORTANT: during the installation process choice "Leave user management to the app" option!
- After app installation you need just update
.env.production
, re-set email address for notification, and import DB (more info about importing process here https://docs.cloudron.io/guides/import-postgresql/)- IMPORTANT: Do all of the updates in RecoveryMode of app
- Upload old files (if you do not use an external file store like Amazon S3 etc.)
That is it! After these short manipulations (it takes 20-30mins) Mastadon user management will be turned on and your users will be able to reset their passwords without any troubles.
- You need dump of app postgress DB. It can be done through app console and command
-
-
-
@nebulon IMPORTANT!
After migration to Mastadon user management, we found the small (or not) issue: 2FA authentication keys based on one-time-password were broken for users who used them. Looks like those keys were related to the environment, but the environment was changed (because we create new Mastodon App while migrating the process).As a result we decided to disable 2FA for all our users who used it before migration.
How it can be fixed:
- Find all users in DB who use 2FA (look into table
public.users
, columnotp_required_for_login
with value 't') - Reset for those users next columns values to default:
otp_required_for_login
,otp_backup_codes
,encrypted_otp_secret
,encrypted_otp_secret_iv
,encrypted_otp_secret_salt
- Send an email to those users asking them to re-setting-up 2FA.
What the interesting - disable 2FA through admin panel does not works for users from old app, so we did it right through DB
- Find all users in DB who use 2FA (look into table
-
@redegelde looks the same. You need to transfer only files, Mastodon config, and Postgre DB (Reddis DB also can be transferred but is not necessary). But be sure that your version of Mastodon exactly the same as on Cloudron (4.0.2 for now). There can be an incompatibility between DB schemes of two different versions of Mastodon.
-
-
@redegelde an idea is to do a "dry run" first. Just clone the app and play around with the commands to see how well it works.
-
-
-
-
been a while, and still on the Cloudron But more and more now not able to changer there email or password getting the the line "your are logged in external"
so i thing going to run your steps @itbeard or does Cloudron have the solution now
regards
Eric