user_admin_api.rst 5.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217
  1. Create or modify Account
  2. ========================
  3. This API allows an administrator to create or modify a user account with a
  4. specific ``user_id``. Be aware that ``user_id`` is fully qualified: for example,
  5. ``@user:server.com``.
  6. This api is::
  7. PUT /_synapse/admin/v2/users/<user_id>
  8. with a body of:
  9. .. code:: json
  10. {
  11. "password": "user_password",
  12. "displayname": "User",
  13. "threepids": [
  14. {
  15. "medium": "email",
  16. "address": "<user_mail_1>"
  17. },
  18. {
  19. "medium": "email",
  20. "address": "<user_mail_2>"
  21. }
  22. ],
  23. "avatar_url": "<avatar_url>",
  24. "admin": false,
  25. "deactivated": false
  26. }
  27. including an ``access_token`` of a server admin.
  28. The parameter ``displayname`` is optional and defaults to ``user_id``.
  29. The parameter ``threepids`` is optional.
  30. The parameter ``avatar_url`` is optional.
  31. The parameter ``admin`` is optional and defaults to 'false'.
  32. The parameter ``deactivated`` is optional and defaults to 'false'.
  33. The parameter ``password`` is optional. If provided the user's password is updated and all devices are logged out.
  34. If the user already exists then optional parameters default to the current value.
  35. List Accounts
  36. =============
  37. This API returns all local user accounts.
  38. The api is::
  39. GET /_synapse/admin/v2/users?from=0&limit=10&guests=false
  40. including an ``access_token`` of a server admin.
  41. The parameters ``from`` and ``limit`` are required only for pagination.
  42. By default, a ``limit`` of 100 is used.
  43. The parameter ``user_id`` can be used to select only users with user ids that
  44. contain this value.
  45. The parameter ``guests=false`` can be used to exclude guest users,
  46. default is to include guest users.
  47. The parameter ``deactivated=true`` can be used to include deactivated users,
  48. default is to exclude deactivated users.
  49. If the endpoint does not return a ``next_token`` then there are no more users left.
  50. It returns a JSON body like the following:
  51. .. code:: json
  52. {
  53. "users": [
  54. {
  55. "name": "<user_id1>",
  56. "password_hash": "<password_hash1>",
  57. "is_guest": 0,
  58. "admin": 0,
  59. "user_type": null,
  60. "deactivated": 0
  61. }, {
  62. "name": "<user_id2>",
  63. "password_hash": "<password_hash2>",
  64. "is_guest": 0,
  65. "admin": 1,
  66. "user_type": null,
  67. "deactivated": 0
  68. }
  69. ],
  70. "next_token": "100"
  71. }
  72. Query Account
  73. =============
  74. This API returns information about a specific user account.
  75. The api is::
  76. GET /_synapse/admin/v1/whois/<user_id> (deprecated)
  77. GET /_synapse/admin/v2/users/<user_id>
  78. including an ``access_token`` of a server admin.
  79. It returns a JSON body like the following:
  80. .. code:: json
  81. {
  82. "user_id": "<user_id>",
  83. "devices": {
  84. "": {
  85. "sessions": [
  86. {
  87. "connections": [
  88. {
  89. "ip": "1.2.3.4",
  90. "last_seen": 1417222374433,
  91. "user_agent": "Mozilla/5.0 ..."
  92. },
  93. {
  94. "ip": "1.2.3.10",
  95. "last_seen": 1417222374500,
  96. "user_agent": "Dalvik/2.1.0 ..."
  97. }
  98. ]
  99. }
  100. ]
  101. }
  102. }
  103. }
  104. ``last_seen`` is measured in milliseconds since the Unix epoch.
  105. Deactivate Account
  106. ==================
  107. This API deactivates an account. It removes active access tokens, resets the
  108. password, and deletes third-party IDs (to prevent the user requesting a
  109. password reset). It can also mark the user as GDPR-erased (stopping their data
  110. from distributed further, and deleting it entirely if there are no other
  111. references to it).
  112. The api is::
  113. POST /_synapse/admin/v1/deactivate/<user_id>
  114. with a body of:
  115. .. code:: json
  116. {
  117. "erase": true
  118. }
  119. including an ``access_token`` of a server admin.
  120. The erase parameter is optional and defaults to 'false'.
  121. An empty body may be passed for backwards compatibility.
  122. Reset password
  123. ==============
  124. Changes the password of another user. This will automatically log the user out of all their devices.
  125. The api is::
  126. POST /_synapse/admin/v1/reset_password/<user_id>
  127. with a body of:
  128. .. code:: json
  129. {
  130. "new_password": "<secret>",
  131. "logout_devices": true,
  132. }
  133. including an ``access_token`` of a server admin.
  134. The parameter ``new_password`` is required.
  135. The parameter ``logout_devices`` is optional and defaults to ``true``.
  136. Get whether a user is a server administrator or not
  137. ===================================================
  138. The api is::
  139. GET /_synapse/admin/v1/users/<user_id>/admin
  140. including an ``access_token`` of a server admin.
  141. A response body like the following is returned:
  142. .. code:: json
  143. {
  144. "admin": true
  145. }
  146. Change whether a user is a server administrator or not
  147. ======================================================
  148. Note that you cannot demote yourself.
  149. The api is::
  150. PUT /_synapse/admin/v1/users/<user_id>/admin
  151. with a body of:
  152. .. code:: json
  153. {
  154. "admin": true
  155. }
  156. including an ``access_token`` of a server admin.