Users and User Accounts
Stump has two user account types:
- Server Owner: The owner of the server. This user has full control over the server, and can add and remove users.
- Server Member: A user that is granted access to the server. This user has majority read-only access to the server, with opt-out options
An 'unclaimed' Stump server, or a server that has no user with the
server owner role, will prompt for an initialization step, and will automatically assign the first registered user the Server Owner role.
To create a new user, click the
Create user button in the
Users section of the settings page. This will open a modal with the following fields:
Username: The username of the user. This is used to log in to the server.
Password: The password of the user. This is used to log in to the server. You can click the
Generatebutton to generate a random password, or manually enter one.
Age restriction: The optional age restriction of the user. This is used to determine which books the user can access. You may enter a number corresponding to the maximum age rating the user can access. For example, if you enter
13then the user will be able to access books with an age rating of
13or lower. See the age restrictions section of the Access Control guide for more information.
Note: If you check the
Enforce restrictions for missing metadatacheckbox, then the user will only be able to access books that:
- Explicitly have an age rating set
- The age rating is less than or equal to the user's age restriction.
Otherwise, the user will be able to access books that do not have an age rating set.
Such empty! Will be filled in the future.
To delete a user, navigate to
/settings/users in your browser. Locate the
Users table and click the action menu button (three dots) for the user you wish to delete. Click the
Delete button in the action menu. This will open a modal asking you to confirm the deletion. Click the
Delete button in the modal to confirm the deletion.
Stump currently does not enforce any password complexity requirements. This can change if there is enough demand for it. In general, Stump follows a fairly standard security model:
- Stored passwords are hashed and salted
- All ASCII/Unicode characters are allowed
- There are no knowledge-based authentication (KBA) recovery options, such as “What was the name of your first pet?”
- Users are allowed 10 failed password attempts before being locked out completely (until an administrator unlocks the account)
If a user has been locked out of their account, it is up to the server owner to unlock the account to restore access. This can be done using either of the following methods:
/settings/usersin your browser. Locate the
Userstable and click the action menu button (three dots) for the user you wish to unlock. Click the
Unlockbutton in the action menu. This will open a modal asking you to confirm the unlock. Click the
Unlockbutton in the modal to confirm the unlock.
Use the embedded CLI in the Stump server to unlock the user account. See the CLI guide for more information. In general, the command will look like this:
./stump account unlock --username <username>
Similarly, you can lock a user account using the following command:
./stump account lock --username <username>
In the event the server owner account becomes locked, you will only be able to unlock it using the CLI.
If a user has forgotten their password, you will have to use the embedded CLI in the Stump server to reset the user's password. See the CLI guide for more information. In general, the command will look like this:
./stump account reset-password --username <username>
It will prompt you for a new password with confirmation. Once the password has been reset, the user will be able to log in with the new password.