It's been almost two years since I purchased the domain qualityaddict.com and set up a Ghost blogging platform on my local machine. During this time, I've drafted several blog posts, but I didn't feel they are ready for publication, so I put off on launching my website until now.

However, today was the day I finally decided to publish QualityAddict.com. Excitedly, I attempted to log in to the local admin dashboard, only to hit a major roadblock—I couldn't remember my password! Despite trying every possible combination, I couldn't sign into the dashboard. Of course, I hadn't configured an SMTP server for my local setup, which meant I couldn't utilize the forgot password flow.

There was only one option left: updating the password directly from the database! Let me explain step by step so if I forget again in the future I would be able to reset it quickly!

Download the password.js file from their repository: https://github.com/TryGhost/Utils/blob/main/packages/security/lib/password.js

Fortunately, they don't store passwords as plain teTherefore, we need to hash the new password string just as they do. Their code look like as below, but it's crucial to ensure that you're using the most updated version.

const Promise = require('bluebird');

module.exports.hash = function hash(plainPassword) {
    const bcrypt = require('bcryptjs');
    const bcryptGenSalt = Promise.promisify(bcrypt.genSalt);
    const bcryptHash = Promise.promisify(bcrypt.hash);

    return bcryptGenSalt().then(function (salt) {
        return bcryptHash(plainPassword, salt);
    });
};

module.exports.compare = function compare(plainPassword, hashedPassword) {
    const bcrypt = require('bcryptjs');
    const bcryptCompare = Promise.promisify(bcrypt.compare);

    return bcryptCompare(plainPassword, hashedPassword);
};

Currently, we need to install the following dependencies to run the code above:

npm install bluebird
npm install bcryptjs

Then create a file named generatePassword.js

require('./password').hash(process.argv[2]).then(console.log);

Password.js and generatePassword.js should be located in the same directory.

We can hash strings right now, for example:

node generatePassword.js "test123"

You will see the hashed version of the string in the console.

We need to replace the password field with the new one in the database record, but the question arises: where is the database located?

Let's check the config.development.json file:

  "database": {
    "client": "sqlite3",
    "connection": {
      "filename": "/home/..../ghost-local.db"
    }
  }

As you can see, it uses a local database solution named sqlite3 and we can easily connect it:

sqlite3 /home/..../ghost-local.db

Finally, we can replace the password by running the following query:

UPDATE users
  SET
    password = 'NEW_PASSWORD_HASH'
  WHERE id = 1;

So we can sign into the dasboard with your new password!