{"id":16552467,"url":"https://github.com/0xdevalias/poc-beeper-password-reset","last_synced_at":"2025-10-28T19:30:19.152Z","repository":{"id":170943430,"uuid":"647216194","full_name":"0xdevalias/poc-beeper-password-reset","owner":"0xdevalias","description":"Proof of Concept (PoC) script implementing email/code (JWT) password reset flow for Beeper / Matrix","archived":false,"fork":false,"pushed_at":"2023-10-30T06:31:51.000Z","size":44,"stargazers_count":13,"open_issues_count":0,"forks_count":4,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-02-13T16:58:06.338Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/0xdevalias.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2023-05-30T09:57:49.000Z","updated_at":"2025-01-17T19:23:09.000Z","dependencies_parsed_at":null,"dependency_job_id":"cfef183b-7da7-4672-bd6a-c9e0c5e233b8","html_url":"https://github.com/0xdevalias/poc-beeper-password-reset","commit_stats":null,"previous_names":["0xdevalias/poc-beeper-password-reset"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xdevalias%2Fpoc-beeper-password-reset","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xdevalias%2Fpoc-beeper-password-reset/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xdevalias%2Fpoc-beeper-password-reset/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xdevalias%2Fpoc-beeper-password-reset/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/0xdevalias","download_url":"https://codeload.github.com/0xdevalias/poc-beeper-password-reset/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":238700715,"owners_count":19515980,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-11T19:44:56.570Z","updated_at":"2025-10-28T19:30:18.762Z","avatar_url":"https://github.com/0xdevalias.png","language":"TypeScript","readme":"# Beeper - Password Reset (JWT)\n\nProof of Concept (PoC) script implementing JWT / email-code based password reset flow for Beeper / Matrix.\n\n## Warning\n\n**WARNING:** Use this at your own risk, there might be bugs; if the flows aren't implemented correctly you may end up logging out all of your existing devices, and if you haven't backed up your encryption keys you may lose access to your encrypted messages. You use this tool at your own risk.\n\n## For Beeper users who just want to get a password set by support (without needing to use this tool)\n\nFor Beeper users seeking a straightforward way to set a password without using this tool: Contact Beeper Support directly and request \"a temporary password for use with an alternate client\". Beeper Support should then assist you in establishing a temporary credential, which you can then update to a permanent, self-chosen password via the client's settings. This process allows you to set up a new password with ease and security.\n\n## Usage\n\nFirst you will need to run:\n\n```shell\nnpm install\n```\n\nThen you can use the script as follows:\n\n```shell\n./beeper-password-reset.ts --help\n\n./beeper-password-reset.ts --version\n\n./beeper-password-reset.ts login-email --email user@example.com\n\n./beeper-password-reset.ts login-token --token jwtToken123\n\n./beeper-password-reset.ts reset-password --access_token accessToken123 --jwt_token jwtToken123 --new_password newPassword123\n```\n\nOutput from `./beeper-password-reset.ts --help`:\n\n```shell\n⇒ ./beeper-password-reset.ts --help\nbeeper-password-reset.ts \u003ccommand\u003e\n\nCommands:\n  beeper-password-reset.ts login-email     Login with email\n  beeper-password-reset.ts login-token     Login with JWT token\n  beeper-password-reset.ts reset-password  Reset password\n\nOptions:\n  --version  Show version number                                       [boolean]\n  --help     Show help                                                 [boolean]\n```\n\n## Announcement Posts\n\n- https://twitter.com/_devalias/status/1663515884575657993\n- https://www.linkedin.com/posts/glenn-devalias-grant_opensource-beeper-matrix-activity-7069282362525675520-VlCb\n- https://www.reddit.com/r/beeper/comments/13vol68/i_built_a_beeper_password_reset_tool_for_login/\n- https://news.ycombinator.com/item?id=36123896\n\n## Libs / Dependencies\n\n- https://github.com/yargs/yargs\n- https://github.com/terkelg/prompts\n- https://github.com/node-fetch/node-fetch\n- https://github.com/esbuild-kit/tsx\n\n## Background Context\n\n### Summarised Notes / Process (and ChatGPT Prompts)\n\nThe following are my notes (formatted as a ChatGPT prompt) on implementing a JWT-based password reset flow, using Beeper's new 'email login' flow.\n\n```markdown\nWrite me a basic typescript CLI app that implements 3 seperate flows/commands. The code should be neat/DRY, easy to understand, and easily maintainable/extensible.\n\n--\n\nThe first flow allows logging in with an email address and code sent to the email:\n\n- ask the user for their email address (if not already read from CLI params)\n- send a POST to https://api.beeper.com/user/login with an empty body and `Authorization: \"Bearer BEEPER-PRIVATE-API-PLEASE-DONT-USE\"` header\n- extract the `request` param from that response and display it to the user\n- send a POST to https://api.beeper.com/user/login/email with the extracted request + email in the body `{\"request\":\"REDACTED\",\"email\":\"REDACTED\"}` + `Authorization: \"Bearer BEEPER-PRIVATE-API-PLEASE-DONT-USE\"` header\n- ask the user for the code sent to their email address\n- send a POST to https://api.beeper.com/user/login/response with the request + code from email: `{\"request\":\"REDACTED\",\"response\":\"REDACTED-code-from-email\"}` + `Authorization: \"Bearer BEEPER-PRIVATE-API-PLEASE-DONT-USE\"` header\n- extract the JWT `token` from the response and display it to the user\n\n--\n\nThe second flow show allow the user to login with a JWT token:\n\n- ask the user for their JWT token (if not already read from CLI params)\n- send a POST request to https://matrix.beeper.com/_matrix/client/v3/login with the JWT token: { \"type\": \"org.matrix.login.jwt\", \"token\": \"REDACTED\" }\n- extract the access_token, device_id and user_id from the response + display the entire response json pretty formatted\n\n--\n\nThe third flow allows the user to reset their password using an access token and JWT:\n\n- ask the user for their access token, JWT, and new password (if not already read from CLI params)\n- send a POST to https://matrix.beeper.com/_matrix/client/v3/account/password with the access token in the Authorization Bearer REDACTED-ACCESS-TOKEN header, and no json body\n- extract the `session` from the response, and ensure that the `flows` contains an entry with a `stages` array that contains `\"org.matrix.login.jwt\"`, if not, throw an error\n- send a POST to https://matrix.beeper.com/_matrix/client/v3/account/password with the access token in the Authorization Bearer REDACTED-ACCESS-TOKEN header, and previously extracted `session` and `jwt` in the JSON body:\n{\n    \"auth\": {\n        \"type\": \"org.matrix.login.jwt\",\n        \"token\": \"REDACTED.JWT.TOKEN\",\n        \"session\": \"REDACTED-FROM-PREV-RESPONSE\"\n    },\n    \"new_password\": \"REDACTED-NEW-PASSWORD\",\n    \"logout_devices\": false\n}\n- If that response is a 200 success, tell the user their password was changed successfully\n\n--\n\nSee also:\n\n- Synapse JWT Support\n  - Issue: https://github.com/matrix-org/synapse/issues/1504\n  - PR: https://github.com/matrix-org/synapse/pull/671\n  - Docs: https://github.com/matrix-org/synapse/pull/7776\n- Beeper JWT Support\n  - https://github.com/beeper/synapse/commit/906fa572163a94fccaaf451577bf8dbd32c1af44\n- Matrix Spec\n  - https://spec.matrix.org/latest/client-server-api/#using-access-tokens\n  - https://spec.matrix.org/latest/client-server-api/#login\n  - https://spec.matrix.org/latest/client-server-api/#user-interactive-api-in-the-rest-api\n  - https://spec.matrix.org/latest/client-server-api/#post_matrixclientv3accountpassword\n- Synapse Docs\n  - https://matrix-org.github.io/synapse/latest/jwt.html\n```\n\nFollowup ChatGPT prompts:\n\n```\nCan you use fetch instead of axios?\n```\n\n```\nModify yargs so it shows the help text when no command provided\n```\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F0xdevalias%2Fpoc-beeper-password-reset","html_url":"https://awesome.ecosyste.ms/projects/github.com%2F0xdevalias%2Fpoc-beeper-password-reset","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F0xdevalias%2Fpoc-beeper-password-reset/lists"}