feat: User data sanitization — clear passwords in backup + mass password reset on restore #129

New Issue

Closed

opened 2026-06-23 16:59:51 +00:00 by jmiller · 0 comments

jmiller commented 2026-06-23 16:59:51 +00:00

Owner

Copy Link

Copy Source

Summary

Two related features for secure site cloning/migration:

Part 1: Sanitize user passwords in backup

Profile option: "Sanitize User Data" (checkbox)

When enabled, the database dump replaces all user password hashes in #__users with a known invalid hash (e.g., $2y$10$SANITIZED...). This means:

• Backup archives can be shared without exposing password hashes
• Cloned/demo sites don't inherit live user credentials
• The super admin password is optionally preserved (separate checkbox)

Part 2: Mass password reset on restore

The MokoRestore wizard gets a new step: "Reset User Passwords"

When restoring a sanitized backup:

• Detect that passwords are sanitized (check for the known invalid hash)
• Show option: "Send password reset emails to all registered users"
• Uses Joomla's com_users password reset token system
• Generates reset tokens for each user, sends email with reset link
• Optional: set a temporary password for the super admin account

Profile Form

Add to the General or Archive fieldset:

[ ] Sanitize user passwords (replace all password hashes with invalid values)
    [ ] Preserve super admin password

Database Dumper Changes

In DatabaseDumper::dumpToFile() / dump(), when writing #__users rows:

• Replace the password column with a fixed sanitized value
• Optionally preserve rows where id matches the super admin user group

MokoRestore Changes

In the generated restore script:

• Add a "Password Reset" step after database import
• Detect sanitized passwords in #__users
• Button: "Send Reset Emails" — generates tokens via UsersModelReset::processResetRequest()
• Or: "Set Temporary Password" — sets a known password for all users

Files

• forms/profile.xml — sanitize_passwords checkbox
• sql/install.mysql.sql + migration — new column
• src/Engine/DatabaseDumper.php — password replacement logic
• src/Engine/MokoRestore.php — password reset step in generated script
• Language strings

## Summary Two related features for secure site cloning/migration: ### Part 1: Sanitize user passwords in backup Profile option: **"Sanitize User Data"** (checkbox) When enabled, the database dump replaces all user password hashes in `#__users` with a known invalid hash (e.g., `$2y$10$SANITIZED...`). This means: - Backup archives can be shared without exposing password hashes - Cloned/demo sites don't inherit live user credentials - The super admin password is optionally preserved (separate checkbox) ### Part 2: Mass password reset on restore The MokoRestore wizard gets a new step: **"Reset User Passwords"** When restoring a sanitized backup: - Detect that passwords are sanitized (check for the known invalid hash) - Show option: "Send password reset emails to all registered users" - Uses Joomla's `com_users` password reset token system - Generates reset tokens for each user, sends email with reset link - Optional: set a temporary password for the super admin account ### Profile Form Add to the General or Archive fieldset: ``` [ ] Sanitize user passwords (replace all password hashes with invalid values) [ ] Preserve super admin password ``` ### Database Dumper Changes In `DatabaseDumper::dumpToFile()` / `dump()`, when writing `#__users` rows: - Replace the `password` column with a fixed sanitized value - Optionally preserve rows where `id` matches the super admin user group ### MokoRestore Changes In the generated restore script: - Add a "Password Reset" step after database import - Detect sanitized passwords in `#__users` - Button: "Send Reset Emails" — generates tokens via `UsersModelReset::processResetRequest()` - Or: "Set Temporary Password" — sets a known password for all users ## Files - `forms/profile.xml` — sanitize_passwords checkbox - `sql/install.mysql.sql` + migration — new column - `src/Engine/DatabaseDumper.php` — password replacement logic - `src/Engine/MokoRestore.php` — password reset step in generated script - Language strings

jmiller added the component: enginecomponent: admin labels 2026-06-23 16:59:51 +00:00

jmiller referenced this issue from a commit 2026-06-23 17:06:24 +00:00

feat: data sanitization — passwords, emails, sessions (#129)

jmiller referenced this issue 2026-06-23 17:06:32 +00:00

feat: Data sanitization — passwords, emails, sessions (#129) #130

jmiller referenced this issue from a commit 2026-06-23 17:06:55 +00:00

Merge pull request 'feat: Data sanitization — passwords, emails, sessions (#129)' (#130) from feat/sanitize-user-passwords into main

jmiller closed this issue 2026-06-23 17:19:04 +00:00

Sign in to join this conversation.

Labels

Clear labels

component: admin

Admin UI and views

component: api

REST API

component: engine

Backup/restore engine

component: remote

Remote storage (FTP/GDrive)

component: scheduler

Scheduled tasks

No labels component: admin component: engine

Priority Medium

Type Feature

Milestone

No items

No Milestone

Assignees

Clear assignees

jmiller (Jonathan Miller)

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: MokoConsulting/MokoSuiteBackup#129