How do I change a User Password or Email? DigitalOcean Hosting


I have a User who forgot their password to the account.

I want to help them by changing their password but I have no option. I am the Admin. Also, the email they used for their account was one of those temporary disposable email accounts so we can not send a confirmation link.

I am not good with terminals or server issue so a step by step guide would be nice.

Simply go to their profile and edit the email then send an email verification link.

cd /var/discourse
./launcher enter app
rake admin:create

This will let you set their password (and not make them an admin).

But doing what @itsbhanusharma recomended is easier.

Wouldn’t that create an admin account instead of resetting the email of a local user?

root@abednego-web-only:/var/www/discourse# rake admin:create
User with this email already exists! Do you want to reset the password for this email? (Y/n)   
Repeat password:  

Ensuring account is active!

Account updated successfully!
Do you want to grant Admin privileges to this account? (Y/n)  n

It asks if you want to make them an admin.


Where do i type this information? I have the site hosted on Digital Ocean

Log in to your droplet via the web console or ssh. If you use the one click install you’ll have to figure out how to do the script.

1 Like

I followed and it worked somewhat. I am able to change the password! However, i get this message when i log in.

“You can’t log in yet. We previously sent an activation email to you at Please follow the instructions in that email to activate your account.”

when i type in the new email address, i get “You are not permitted to view the requested resource.”

how do i avoid that old email confirm link? i do not have access to that.

If this works via rake admin:create, then how about allowing it from the admin user interface?

I have a user suffering the “Sorry, that password change link is too old”, and it would be nice to have the option to simply reset his password and then have him change it, instead of having to figure how to resolve whatever weird issue is invalidating the link or delve into rake commands that have side effects that do what you want more or less accidentally.

Is your server time messed up?

Nope. It’s a standard Ubuntu install, so its got NTP running presumably, and the clock appears accurate to the second.

I presume the issue is some anti-spam scanning software on the client end that is “using up” the single use token.

Hmm @techAPJ can we confirm the error is correct in this case? Is it too old, or is it already used? I was pretty sure we distinguished this case already.

1 Like

Well, I am happy to look at logs, or ask the user for more info if you can point me in the right direction. Currently the only suggestion I have is to change his email address and try a different one, since I don’t really want to run rake commands if I can avoid it.

Turns out the user had previously logged in with Google and Twitter, but then had all sorts of interesting issues trying to use Safari/Mojave to login with Twitter or Google and further troubles with Twitter on Chrome as well, and finally got in with Google on Chrome.

The user created several videos and is willing to be emailed, so if some Discourse folks would like to see the videos and chat with the user, please email me directly (I can’t give out his details over the forum, but he has authorised me to give the details via email). Look up my email address on the forum if you have authority or PM me. Thanks. HTH.

Password reset link is working for me as expected. Just visiting the link does not invalidate it and the link expires based on setting email token valid hours as expected.

@peternlewis is any other user experiencing issues with password reset link or just that user? Can you confirm the feature works as expected for you or any other test user? I am happy to look more into it but unless I have confirmed repro steps I’ll not be able to debug it on my dev environment.


Even though both cases works as expected the error message shown is same:

Sorry, that password change link is too old. Select the Log In button and use ‘I forgot my password’ to get a new link.

Added on my list to show actual error messages (expired vs already used).


I have no reports of issues from other people.

So I figured I’d test it myself, and, well, that was just weird from top to bottom.

I have my system account that I never use, so I logged out of my primary admin account, and then reset the password on the system account, and that worked fine, I received the email, reset the password and it logged in, so that all appeared to work fine for me.

Then it went wrong. I logged out and tried to log back in using the new password, and it told me I could not log in from that IP address. Bizarre. So then I tried to log in from my admin account, same thing, “You can’t log in as peternlewis from that IP address.” So now I’m locked out of my own forum. Thankfully I found this post:

And used the admin login to log back in, and that worked (thankfully!), and then I went and checked the logs as suggested and sure enough my IP was blocked, but why all of a sudden? And the dates don’t make sense, they still show:


And yet it was blocking ten minutes ago.

I changed it from blocked to allow, and all is well again, except I have no idea how the sequence happened.

And back to the topic at hand, I had no trouble with the password reset email/link per se. So the problem appears to be specific to the user somehow.