Ghost blog account recovery

Problem:

Naturally I'd never be so silly to forget my own password....however Billy is not so sensible and forgot his password.

For some reason (I've not even bothered to look) the forgot password button isn't doing it's job right, so now I've had to go in manually to fix it.

Solution:

  1. Install the sqlite3 client (naturally I'm running ghost on docker so I actually did this on the docker host and as I have containers using shared volumes I can access these from the host).
apt-get install sqlite3
  1. Open the database file. If you're running on docker you're likely running in development mode because you're too lazy to change the defaults, but normally your DB would be in the following location:
cd /my/blog/folder/data
sqlite3 ghost.db
  1. Just check the account you want is there:
sqlite> pragma table_info(users);
sqlite> select * from users;

Sample output:

sqlite> pragma table_info(users);
0|id|integer|1||1
1|uuid|varchar(36)|1||0
2|name|varchar(150)|1||0
3|slug|varchar(150)|1||0
4|password|varchar(60)|1||0
5|email|varchar(254)|1||0
6|image|text|0||0
7|cover|text|0||0
8|bio|varchar(200)|0||0
9|website|text|0||0
10|location|text|0||0
11|facebook|text|0||0
12|twitter|text|0||0
13|accessibility|text|0||0
14|status|varchar(150)|1|'active'|0
15|language|varchar(6)|1|'en_US'|0
16|visibility|varchar(150)|1|'public'|0
17|meta_title|varchar(150)|0||0
18|meta_description|varchar(200)|0||0
19|tour|text|0||0
20|last_login|datetime|0||0
21|created_at|datetime|1||0
22|created_by|integer|1||0
23|updated_at|datetime|0||0
24|updated_by|integer|0||0
sqlite>
sqlite> 
sqlite> 
sqlite> select * from users;
1|b07ecf88-8f17-4c25-b986-21c287a820cf|Billy Grant|billy|$2a$06$BClnnawTL0AO4cwEV.iaKbLEhFzC8x68NgJdYEYPLjnBK|[email protected]|||||||||active|en_US|public||||2017-06-27 17:17:57|2017-05-20 17:05:15|1|2017-06-27 17:17:57|1
sqlite>

As we can see we have a single user entry in here.

  1. Use a BCrypt hash generator to generate a new password. A good one is here: http://bcrypthashgenerator.apphb.com/

  2. Unlock the account if it's locked:

sqlite> update users set status = 'active' where id=1;
  1. Update the password to the new value from the hash generator:
sqlite> update users set password='$2a$Clnna.LpcwTL0AV.iaKbLEhzbsWNgJdYEYPLjnBK' where id=1;

Done!