Users and User Accounts

Stump has two user account types:

Server Owner: The owner of the server. This user has full control over the server, and can add and remove users.
Server Member: A user that is granted access to the server. This user has majority read-only access to the server, with opt-out options

An ‘unclaimed’ Stump server, or a server that has no user with the server owner role, will prompt for an initialization step, and will automatically assign the first registered user the Server Owner role.

Management

🔐

These functionalities are gated behind the user:manage user permission. To learn more about permissions, see the permissions guide.

Create a user

Navigate to the settings page

Navigate to the primary settings page (/settings) in your browser

Select `Users` in the `Server` section of the sidebar

This will take you to the user management page. It will display a list of users, authentication history, and miscellaneous user stats.

Click the `Create user` button

This will route you to a subpage which displays a form to create a new user

Fill out the form

Username: The username of the user. This is used to log in to the server
Password: The password of the user. This is used to log in to the server. You can click the Generate button to generate a random password, or manually enter one
Age restriction: The optional age restriction of the user. This is used to determine which books the user can access. You may enter a number corresponding to the maximum age rating the user can access. For example, if you enter 13 then the user will be able to access books with an age rating of 13 or lower. See the age restrictions section of the Access Control guide for more information
- Note: If you check the Enforce restrictions for missing metadata checkbox, then the user will only be able to access books that:
  1. Explicitly have an age rating set
  2. The age rating is less than or equal to the user’s age restriction
  Otherwise, the user will be able to access books that do not have an age rating set

Editing a user

Follow steps 1 and 2 above to navigate to the user management page. Locate the Users table and click the action menu button (three dots) for the user you wish to edit. Click the Edit button in the action menu. This will route you to the same subpage as the Create user button, but with the form pre-filled with the user’s current information. Make any necessary changes and click the Save button to save the changes.

Deleting a user

To delete a user, navigate to /settings/users in your browser. Locate the Users table and click the action menu button (three dots) for the user you wish to delete. Click the Delete button in the action menu. This will open a modal asking you to confirm the deletion. Click the Delete button in the modal to confirm the deletion.

Security

Stump currently does not enforce any password complexity requirements. This can change if there is enough demand for it. In general, Stump follows a fairly standard security model:

Stored passwords are hashed and salted
All ASCII/Unicode characters are allowed
There are no knowledge-based authentication (KBA) recovery options, such as “What was the name of your first pet?”
Users are allowed 10 failed password attempts before being locked out completely (until an administrator unlocks the account)

Account locking and unlocking

If a user has been locked out of their account, it is up to the server owner to unlock the account to restore access. This can be done using either of the following methods:

Navigate to /settings/users in your browser. Locate the Users table and click the action menu button (three dots) for the user you wish to unlock. Click the Unlock button in the action menu. This will open a modal asking you to confirm the unlock. Click the Unlock button in the modal to confirm the unlock.
Use the embedded CLI in the Stump server to unlock the user account. See the CLI guide for more information. In general, the command will look like this:
```
./stump account unlock --username <username>
```
Similarly, you can lock a user account using the following command:
```
 ./stump account lock --username <username>
```

In the event the server owner account becomes locked, you will only be able to unlock it using the CLI.

Password reset

If a user has forgotten their password, you will have to use the embedded CLI in the Stump server to reset the user’s password. See the CLI guide for more information. In general, the command will look like this:

./stump account reset-password --username <username>

It will prompt you for a new password with confirmation. Once the password has been reset, the user will be able to log in with the new password.

Permissions Tag Restrictions