Published on Oct 2 2014 in Java Tomcat

If you lost your Cyclos 4 admin password you may be in troubles. To recover (by reset) access to your Cyclos 4 administration panel follow the tutorial.

The instructions that can be found in the Net refer to Cyclos 3 and they will not work with Cyclos 4 that has been rewritten quite substantially. Here are steps for Cyclos 4.1 and above:

grep -E 'datasource.(jdbc|user|pass)' WEB-INF/classes/cyclos.properties 
cyclos.datasource.jdbcUrl = jdbc:postgresql://localhost/cyclos4_cyclosdb
cyclos.datasource.user = cyclos4_cyclosdbuser
cyclos.datasource.password = secret
echo "select user_id, u.username, p.salt, p.status from passwords p, users u where u.id=p.user_id and u.username = 'admin'" | psql -U cyclos4_cyclosu -d cyclos4_cyclos
Password for user cyclos4_cyclosu: 
user_id | username | salt | status 
---------+----------+----------------------------------+--------
 1 | admin | gCimTuCV1Fw7J2AsefoXDRfMy47vxzAB | ACTIVE
(1 row)
cat > GenerateCyclos4PasswordHash.java <<EOF
import org.cyclos.impl.utils.HashHelper;

public class GenerateCyclos4PasswordHash {
 public static void main(String[] args) {
  if (args.length < 2) {
   System.err.println("2 parameters required: existing_salt and new_password");
   System.exit(1);
  } else {
   String h = HashHelper.hash(args[0], args[1]);
   System.out.println("You may now set the new password by accessing your Cyclos 4 (PostgreSQL) database and running:");
   System.out.println("update passwords set value = '"+h+"' where username='admin' and status='ACTIVE';");
  }
 }
}
EOF

javac -classpath WEB-INF/lib/cyclos-impl.jar GenerateCyclos4PasswordHash.java 

This will create class file in current directory.


java -classpath WEB-INF/lib/cyclos-impl.jar:. GenerateCyclos4PasswordHash gCimTuCV1Fw7J2AsefoXDRfMy47vxzAB newsecret

You may now set the new password by running below command against your Cyclos 4 (PostgreSQL) database (use the value produced by the generator):

echo "update passwords set value = '5F89C071A59DBAC17AA59F49D9473226947D900491B48DD57B18E2B37EBD0101' where username='admin' and status='ACTIVE';" | psql -U cyclos4_cyclosu -d cyclos4_cyclos

You should now be able to login as admin with new secret password.

Note for older Cyclos versions like 4.0.1
1) The jar may be called cyclos-impl-4.0.1.jar - use proper jar name in javac and java calls
2) The HashHelper class is named i and the hash function is named e so in the Java code use:

import org.cyclos.impl.utils.i;
String h = i.e(args[0], args[1]);

Newer cyclos versions like 4.6.x do not use salt field and use bcrypt hashing so you can generate a hash with:

htpasswd -nbBC 10 "" ToPsEcReT | cut -d: -f2 | head -1

Then run SQL:

update passwords p, users u set p.value ='$2y$10$MFvEpMhO3m3dMQJbi2fkFez4NnqXfq6gscL9jeH68b5CEzqns3O4C' where u.username = 'admin and u.user_id = p.id;