Strapi.io is a Headless CMS system that offers robust user and permissions out of the box including: user registration, user login, user password reset and user roles. The user password reset works by using a generator that generates a one time code to send to the user’s email and in which you can use to reset the password. But what if you are developing locally and you do not have a Strapi email service setup, and thus you cannot use the default password reset feature provided by the user-permissions plugin?

In this tutorial we will discuss how to manually change the password for an admin user in a MongoDB database. First, we can explore the strapi-plugin-users-permissions plugin to see how they generate the hashed password for Strapi users. In your strapi installation you can open: ./node_modules/strapi-plugin-users-permissions/services/User.js and we can explore the method:

  hashPassword(user = {}) {
    return new Promise(resolve => {
      if (!user.password || this.isHashed(user.password)) {
        resolve(null);
      } else {
        bcrypt.hash(`${user.password}`, 10, (err, hash) => {
          resolve(hash);
        });
      }
    });
  },

You will see that the strapi-plugin-users-permissions is using the bcryptjs library to generate the user’s password. We can also use this library to replicate the password reset functionality. Let’s create a new folder in our home directory called: strapi-password-reset and we can cd strapi-password-reset and run the command: npm init -y to create an empty npm project. Now we can install two dependencies for our project:

npm i bcryptjs yargs

Now that we have those installed we can create an index file strapi-password-reset/index.js and edit the file to add our password generator:

const bcrypt = require("bcryptjs")
const argv = require("yargs").argv

const password = argv.password || "password"
bcrypt.hash(password, 10, (err, hash) => {
  console.log("Your hashed password:")
  console.log(hash)
})

We are using the yargs library to get command line arguments (which we will use in a little bit). We are also utilizing the bcrypt.hash function to generate our password and logging out the hashed result. Now in our strapi-password-reset folder we can run the command:

node index.js --password "somelongpass"

This will log our hashed password to the console which we can copy:

Your hashed password:
$2a$10$MeCkt3/uZnh0tZh6NDTO5uvxiSw1z3TbuNPkTPRIO1r6Agq1Ak/SS

Now we can login to our mongodb shell using the mongo command line utility. We will need to use our strapi database that you setup during installation:

mongo
use strapi-database
db.strapi_administrator.find()

Find the mongo document that contains the username that you want to reset the password for. Now we can run the mongo update() function to update our user’s passowrd:

db.strapi_administrator.update({ username: 'admin' }, { $set: { password: '$2a$10$MeCkt3/uZnh0tZh6NDTO5uvxiSw1z3TbuNPkTPRIO1r6Agq1Ak/SS' } })

Make sure you replace the username with your user’s username and the password with the password you generated in strapi-password-reset command.

Finally, you should be able to navigate to http://localhost:1337/admin/auth/login and use your username and new password combination to login to your strapi admin dashboard!