Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
7 changed files
with
152 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,50 @@ | ||
--- | ||
title: "Password Resets" | ||
date: 2023-09-09T13:32:35+01:00 | ||
draft: false | ||
--- | ||
|
||
## Password Reset Methods | ||
There are 4 main methods for facilitating password resets. They are ordered from (in my opinion, at least) worst to best, although your choice will depend on your situation.. They are described below: | ||
1) **Through Jellyfin (PIN Reset)**: The user clicks "Forgot Password" on the Jellyfin login screen, and enters their username. Jellyfin generates a file with a PIN code. Jfa-go reads this file, and sends the PIN to any contact methods associated with the user (Email, Discord, Matrix or Telegram). The user then types this PIN when Jellyfin asks for it. | ||
2) **Partially through Jellyfin (Link Reset)**: Similarly to above, the user clicks "Forgot Password" and enters their username. Jfa-go reads the file with the PIN, but instead sends the user a link that will automatically set their password to the PIN, as Jellyfin would if they typed it in. | ||
3) **Partially through Jellyfin (Internal Reset)**: Same as above, but the link sent to the user takes them to a special jfa-go password reset page. | ||
4) **Through Jfa-go (User Page/"My Account" Reset)**: The user visits the "My Account" page (`your-jfa-go.site/my/account`), and presses the "Forgot Password" button. They enter their Jellyfin username, or address/ID of a contact method (email address or discord/telegram/matrix username). A message with a link is sent, which links to the same password reset page described in method 2. | ||
|
||
## Pros/Cons | ||
|
||
{{< include-html "content/docs/pwr/pwr-pros-cons.html" >}} | ||
|
||
## Setting them up | ||
|
||
### Prerequisite for Methods 1-3 | ||
jfa-go will need access to your Jellyfin config directory, as this is where it places the files containing PINs. | ||
* General Advice: When initiating a password reset in Jellyfin, a message will pop up telling you the location the PIN file was created in. This is the easisest way to find the directory. However, this feature was [broken in older versions](https://github.com/jellyfin/jellyfin/issues/6093) and still is for some. | ||
|
||
![PWR Directory Screenshot](/pwr-directory.png) | ||
|
||
|
||
* Docker: The directory you mounted to `/config` in the container, e.g. for `docker create ... -v /opt/jellyfin:/config`, the config directory would be `/opt/jellyfin`. | ||
* If you're also running jfa-go in docker, make sure to mount it to `/jf` within the container; jfa-go should default to that path. | ||
* Windows: The directory should be `C:\ProgramData\Jellyfin\Server` or similar. | ||
* Ubuntu/Debian: Should be `/var/lib/jellyfin`, or one of it's sub-directories. initiate a Password Reset and look for a file beginning with `passwordreset` to confirm. | ||
|
||
### Method 1 (PIN Reset) | ||
|
||
* Enable Password Resets in settings, that's all. | ||
|
||
### Method 2 (Link Reset) | ||
|
||
* Enable Password Resets, and in the same section, enable *"Use reset link instead of PIN"*. | ||
|
||
### Method 3 (Internal Reset) | ||
|
||
* Enable both the settings for the above 2 methods, and also enable *"Set password through link"*. | ||
|
||
### Method 4 ("My Account" Reset) | ||
|
||
* Enable all of the settings listed above. | ||
* Enable the *User Page* feature. | ||
* Ensure *Use Jellyfin for Authentication* in *General* is enabled. | ||
|
||
* **Note**: Despite enabling the above features, jfa-go **does not need access** to the Jellyfin config directory if you only want this method to be used. You can point the directory to wherever, it doesn't matter. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,95 @@ | ||
<table> | ||
<tbody> | ||
<tr> | ||
<th>Methods</th> | ||
<th>Pros</th> | ||
<th>Cons</th> | ||
</tr> | ||
<tr> | ||
<td>PIN Reset</td> | ||
<td> | ||
<ul> | ||
<li>Initiated through Jellyfin</li> | ||
</ul> | ||
</td> | ||
<td> | ||
<ul> | ||
<li> | ||
Can confuse user | ||
<ul> | ||
<li>Jellyfin doesn't tell you to check email/discord/telegram/matrix for a message with a PIN.</li> | ||
</ul> | ||
</li> | ||
<li> | ||
No way to enforce password requirements | ||
<ul> | ||
<li>User's password is set to the PIN, user must set their new password through Jellyfin.</li> | ||
</ul> | ||
</li> | ||
<li>Ombi Password will not change (if enabled)</li> | ||
</ul> | ||
</td> | ||
</tr> | ||
<tr> | ||
<td>Link Reset</td> | ||
<td> | ||
<ul> | ||
<li>User doesn't have to keep Jellyfin's Password Reset page open</li> | ||
<li>User doesn't have to type anything</li> | ||
<li>Reminds user to change their password after it resets to the PIN code</li> | ||
<li>Automatically changes password to PIN on Ombi</li> | ||
</ul> | ||
</td> | ||
<td> | ||
<ul> | ||
<li>Same as above</li> | ||
<li>User will also have to manually change their Ombi password from the PIN</li> | ||
</ul> | ||
</td> | ||
</tr> | ||
<tr> | ||
<td>Internal Reset</td> | ||
<td> | ||
<ul> | ||
<li> | ||
Enforces password requirements | ||
<ul> | ||
<li>Users are shown a page similar to the "Create Account" form</li> | ||
</ul> | ||
</li> | ||
<li>New password is also applied to Ombi</li> | ||
</ul> | ||
</td> | ||
<td> | ||
<ul> | ||
<li>Can confuse user in the same way as the above</li> | ||
</ul> | ||
</td> | ||
</tr> | ||
<tr> | ||
<td>"My Account" Reset</td> | ||
<td> | ||
<ul> | ||
<li>Performed in the same place as other account management tasks</li> | ||
<li> | ||
Explains itself better than other methods | ||
<ul> | ||
<li>The page tells the user to check their inbox for a link</lu> | ||
</ul> | ||
</li> | ||
</ul> | ||
</td> | ||
<td> | ||
<ul> | ||
<li> | ||
"My Account" page may not be familiar to user | ||
<ul> | ||
<li>For this feature to be used, users must know the "My Account" page exists</li> | ||
<li>The page is already referenced on the signup form, but mentioning it on your Jellyfin instance or app portal might be a good idea.</li> | ||
</ul> | ||
</li> | ||
</ul> | ||
</td> | ||
</tr> | ||
</tbody> | ||
</table> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
{{ $file := .Get 0 }} | ||
{{ $file | readFile | safeHTML }} |
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.