synadm user modify has no option to reset a user's password without logging them out

[TheArcaneBrony]

I just ran into this while dealing with a user password reset request :/
This behavior is the default and needs to be opted out of on the synapse admin api: https://matrix-org.github.io/synapse/latest/admin_api/user_admin_api.html#reset-password

[JacksonChen666]

If you're using synadm user password, then synadm user password --no-logout is probably what you're looking for

[JacksonChen666]

As to disable that by default (at least in synadm), I'm not sure. That would deviate from the Synapse admin API and would probably be unexpected as well.

[JacksonChen666]

Ah, there's some context to this at https://matrix.to/#/!mLATeUxylgHiofUzHJ:peek-a-boo.at/$O2xG5tHVJiprCRho4t5PWBIDCDsYkWB-GWxc16ewftk?via=jacksonchen666.com&via=matrix.org&via=envs.net

Edit by @JOJ0, copy over message from Matrix room:

hi all, just wanted to raise this issue ^ cause i just accidentally wiped a user's E2EE keys during a pwd reset request

[JacksonChen666]

My idea is an interactive prompt on whether to log out (with flags on command line to answer), with warnings about potential issues (encryption etc.)

(Sorry for so many separate comments 🙃)

[JOJ0]

If you're using synadm user password, then synadm user password --no-logout is probably what you're looking for

@TheArcaneBrony could please clarify which synadm command you used?. Was it synadm user password? And only an oversight of the option @JacksonChen666 mentioned? (No worries! Happens!)

I'm open to discuss new defaults or interactive sanity checks!

[TheArcaneBrony]

Command was synadm user modify -p

[JOJ0]

@TheArcaneBrony I changed the title of this issue to better fit what you might want to report.

Also I'd like to note: The link to the matrix docs you posted:

This behavior is the default and needs to be opted out of on the synapse admin api: https://matrix-org.github.io/synapse/latest/admin_api/user_admin_api.html#reset-password

is not used by synamd user modify,

but - as was mentioned above - is already implemented as synadm user password (including the logout_devices option).

So back to synadm user modify I see that there is a similar logout_devices possibility in the API, which synadm does not currently support: https://element-hq.github.io/synapse/latest/admin_api/user_admin_api.html#create-or-modify-account We should definitely implement it!