mirrors/gotosocial
1
0
Fork 0
mirror of https://github.com/superseriousbusiness/gotosocial.git synced 2025-10-29 17:02:25 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

[docs] Add user settings panel docs, other small updates (#768)

Browse source 
* add more links to markdown section

* update password management

* add user settings panel documentation

* move the user guide higher up in the docs
This commit is contained in:
tobi 2022-08-26 17:40:54 +02:00 committed by GitHub
commit 4c60a142f8
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 94 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

20
docs/user_guide/password_management.md
View file

@ -1,5 +1,15 @@
# Password Management
## Change Your Password
You can use the [User Settings Panel](./user_panel.md) to change your password. Just log in to the user panel, scroll to the bottom of the page, and input your old password and desired new password.
If the new password you provide is not long/complicated enough, you will see an error and be prompted to try again with a different password.
If your instance uses OIDC (ie., you log in via Google or some other external provider), you will have to change your password via your OIDC provider, not through the user settings panel.
## Password Storage
GoToSocial stores hashes of user passwords in its database using the secure [bcrypt](https://en.wikipedia.org/wiki/Bcrypt) function in the [Go standard libraries](https://pkg.go.dev/golang.org/x/crypto/bcrypt).
This means that the plaintext value of your password is safe even if the database of your GoToSocial instance is compromised. It also means that your instance admin does not have access to your password.
@ -7,13 +17,3 @@ This means that the plaintext value of your password is safe even if the databas
To check whether a password is sufficiently secure before accepting it, GoToSocial uses [this library](https://github.com/wagslane/go-password-validator) with entropy set to 60. This means that passwords like `password` are rejected, but something like `verylongandsecurepasswordhahaha` would be accepted, even without special characters/upper+lowercase etc.
We recommend following the EFF's guidelines on [creating strong passwords](https://ssd.eff.org/en/module/creating-strong-passwords).
## Change Your Password
### API method
If you are logged in (ie., you have a valid oauth token), you can change your password by making a POST request to `/api/v1/user/password_change`, using your token as authentication, and giving your old password and desired new password as parameters. Check the [API documentation](../api/swagger.md) for more details.
## Reset Your Password
todo