Restoring an Admin User

In the management of any digital platform, there may be instances where access to an admin user is lost and needs to be restored. Rocket.Chat provides a comprehensive process for restoring an admin user without requiring another admin user. This document will provide a detailed overview of how to restore an admin user in Rocket.Chat by accessing the database.

Access the database: Restoring an admin user in Rocket.Chat involves accessing the database, which can be done in various ways depending on how the Rocket.Chat server was installed. For Docker-based installations, the Mongo shell within the Mongo container can be accessed, and for Ubuntu Snaps installations, MongoDB can be connected directly.

Docker-based installations:
To open the Mongo shell within the Mongo container,
- Change into the docker-compose directory (where your docker-compose.yml is located) and run mongo bash.
```
cd /opt/docker/Rocket.Chat
docker compose run mongo bash
```
  Alternatively, you can run the following command without navigating to the docker-compose.yml directory.
```
docker exec -it -u root mongo-image /bin/bash
```
- Login into the Mongo shell.
```
mongo
```
  Make sure to replace mongo with the name of your MongoDB container if you use a different one.
- Open the database in the Mongo shell
```
use rocketchat
```
  Make sure to replace rocketchat with the name of your Mongo database. If you're unsure of the name, you can either check your docker-compose.yml file or run the following command:
```
show dbs
```
Ubuntu Snaps installation:
- Connect to MongoDB using the following command:
```
sudo rocketchat-server.mongo
```
- Select the Rocket.Chat database.
```
use parties
```
Updating the admin password:
To update the admin password, you can either use a one-time access token or update the admin password to a random string.
Using an access token will require the user to change their password.
```
db.getCollection('users').update({username:"administrator"}, {$set: { "services":{"loginToken":{"token":"some-token-id-that-you-will-use-to-login-once"}}, "requirePasswordChange":true} })
```
Then access http://{your server url}/login-token/some-token-id-that-you-will-use-to-login-once to log in.
Alternatively, you can update the admin password to a random string. Using 12345 as an example of the password, use its hashed(bycrypt) value:
```
db.getCollection('users').update({username:"administrator"}, { $set: {"services" : { "password" : {"bcrypt" : "$2a$10$n9CM8OgInDlwpvjLKLPML.eizXIzLlRtgCh3GRLafOdR9ldAUh/KG" } } } })
```
Replace administrator with the appropriate username of the administrator on your server.
- Restart your application container in case the new password is not accepted yet.
Generate a valid admin password: To generate a valid password and its hashed value with bcrypt-cli,
- Install bcrypt-cli with:
```
// npm install -g @carsondarling/bcrypt-cli
```
- Then, use this to generate your bcrypt password:
```
// npm install -g @carsondarling/bcrypt-cli bcrypt $(echo -n "yourPasswordHere" | sha256sum | cut -d " " -f 1) && echo
```
Reset a user role to admin:
In addition to updating the password, the user role can also be reset to admin using a specific database command. This ensures that the restored user has the necessary admin privileges.
Run the following database command :
```
db.users.update({username: "administrator"}, { $push: { roles: "admin"}})
```
Replace administrator with the appropriate username of the administrator on your server.