this post was submitted on 12 Mar 2024
12 points (87.5% liked)

Lemmy

12506 readers
4 users here now

Everything about Lemmy; bugs, gripes, praises, and advocacy.

For discussion about the lemmy.ml instance, go to [email protected].

founded 4 years ago
MODERATORS
[email protected]
12
How to download account data? (lemmy.ml)
submitted 7 months ago by [email protected] to c/[email protected]
9 comments fedilink hide all child comments
 

Is there a setting page on the lemmy instance where I can download all my data?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 5 points 7 months ago (1 children)

No settings page (as far as I'm aware), but you can use the API to get everything (posts, comments, etc):

step 1: get login token -

curl --request POST \
     --url https://lemmy.ml/api/v3/user/login \
     --header 'accept: application/json' \
     --header 'content-type: application/json' \
     --data '
{
  "username_or_email": "2br02b",
  "password": "YOUR-PASSWORD"
}
'

step 2: use login token (big long string starting with 'ey') to get data -

curl --request GET \
     --url 'https://lemmy.ml/api/v3/user?username=2br02b&page=1' \
     --header 'accept: application/json' \
     --header 'authorization: Bearer YOUR-JWT'

Increment page number until you have everything. source: https://lemmy.readme.io/reference/get_user

[–] [email protected] 2 points 7 months ago* (last edited 7 months ago) (1 children)

One thing to be aware of is that there is ~~currently, AFAIK, no~~ now (since 0.19.3) a way to "disable" a JWT.

Before that, once you had created it, if you leaked it, your account was, as far as I can tell, definitely compromised.

Now, it is possible to logout, to mark the JWT as "invalid".

I will add, ~~as a disclaimer, that I have not checked if~~ that as Nutomic highlighted below, there are conditions (password change, etc) under which ~~any or~~ all JWT (user, ~~instance, etc~~) become invalid. ~~So do audit the code if this is something that concerns you. As far as I am concerned, I treat the JWTs as extra-sensitive information, and store them only on machines I own~~.

Edit: correct information in the light of Nutomic's comments.

[–] [email protected] 2 points 7 months ago (1 children)

The jwt is invalidated once you logout. You can also change/reset your password to invalidate all login tokens for your account.

[–] [email protected] 1 points 7 months ago* (last edited 7 months ago) (1 children)

The jwt is invalidated once you logout.

Invalidated how?

You can also change/reset your password to invalidate all login tokens for your account.

OK. I was afraid this would not be the case. Thanks for confirming.

[–] [email protected] 2 points 7 months ago (1 children)

Invalidated how?

Well it's deleted from the database so you can't authenticate with it anymore.

[–] [email protected] 3 points 7 months ago

OK there now is a LoginToken class. This was not the case last time I checked. Good. Thanks for your answers.