feature: add password reset token endpoint to the admin panel (#2171)

* add password reset token endpoint to the admin panel * add None check on token * add localization message for passowrd reset link button
2025-07-22 14:49:40 +02:00 · 2023-03-12 15:33:36 -05:00 · 2023-03-12 15:33:36 -05:00 · 93eb2af087
commit 93eb2af087
parent 1b26ca0cb3
6 changed files with 52 additions and 1 deletions
--- a/frontend/lang/messages/en-US.json
+++ b/frontend/lang/messages/en-US.json
@ -689,6 +689,7 @@
    "error-cannot-delete-super-user": "Error! Cannot Delete Super User",
    "existing-password-does-not-match": "Existing password does not match",
    "full-name": "Full Name",
+    "generate-password-reset-link": "Generate Password Reset Link",
    "invite-only": "Invite Only",
    "link-id": "Link ID",
    "link-name": "Link Name",
--- a/frontend/lib/api/admin/admin-users.ts
+++ b/frontend/lib/api/admin/admin-users.ts
@ -1,5 +1,5 @@
 import { BaseCRUDAPI } from "../base/base-clients";
-import { UnlockResults, UserIn, UserOut } from "~/lib/api/types/user";
+import { ForgotPassword, PasswordResetToken, UnlockResults, UserIn, UserOut } from "~/lib/api/types/user";

 const prefix = "/api";

@ -7,6 +7,7 @@ const routes = {
  adminUsers: `${prefix}/admin/users`,
  adminUsersId: (tag: string) => `${prefix}/admin/users/${tag}`,
  adminResetLockedUsers: (force: boolean) => `${prefix}/admin/users/unlock?force=${force ? "true" : "false"}`,
+  adminPasswordResetToken: `${prefix}/admin/users/password-reset-token`,
 };

 export class AdminUsersApi extends BaseCRUDAPI<UserIn, UserOut, UserOut> {
@ -16,4 +17,8 @@ export class AdminUsersApi extends BaseCRUDAPI<UserIn, UserOut, UserOut> {
  async unlockAllUsers(force = false) {
    return await this.requests.post<UnlockResults>(routes.adminResetLockedUsers(force), {});
  }
+
+  async generatePasswordResetToken(payload: ForgotPassword) {
+    return await this.requests.post<PasswordResetToken>(routes.adminPasswordResetToken, payload);
+  }
 }
--- a/frontend/lib/api/types/user.ts
+++ b/frontend/lib/api/types/user.ts
@ -233,3 +233,6 @@ export interface UserIn {
 export interface ValidateResetToken {
  token: string;
 }
+export interface PasswordResetToken {
+  token: string;
+}
--- a/frontend/pages/admin/manage/users/_id.vue
+++ b/frontend/pages/admin/manage/users/_id.vue
@ -27,6 +27,13 @@
            label="User Group"
            :rules="[validators.required]"
          ></v-select>
+          <div class="d-flex py-2 pr-2">
+            <BaseButton type="button" :loading="generatingToken" create @click.prevent="handlePasswordReset">
+              {{ $t("user.generate-password-reset-link") }}
+            </BaseButton>
+            <AppButtonCopy v-if="resetUrl" :copy-text="resetUrl"></AppButtonCopy>
+          </div>
+
          <AutoForm v-model="user" :items="userForm" update-mode />
        </v-card-text>
      </v-card>
@ -67,6 +74,9 @@ export default defineComponent({

    const userError = ref(false);

+    const resetUrl = ref<string | null>(null);
+    const generatingToken = ref(false);
+
    onMounted(async () => {
      const { data, error } = await adminApi.users.getOne(userId);

@ -90,6 +100,20 @@ export default defineComponent({
      }
    }

+    async function handlePasswordReset() {
+      if (user.value === null) return;
+      generatingToken.value = true;
+
+      const { response, data } = await adminApi.users.generatePasswordResetToken({ email: user.value.email });
+
+      if (response?.status === 201 && data) {
+        const token: string = data.token;
+        resetUrl.value = `${window.location.origin}/reset-password?token=${token}`;
+      }
+
+      generatingToken.value = false;
+    }
+
    return {
      user,
      userError,
@ -98,6 +122,9 @@ export default defineComponent({
      handleSubmit,
      groups,
      validators,
+      handlePasswordReset,
+      resetUrl,
+      generatingToken,
    };
  },
 });
--- a/mealie/routes/admin/admin_management_users.py
+++ b/mealie/routes/admin/admin_management_users.py
@ -10,6 +10,8 @@ from mealie.schema.response.pagination import PaginationQuery
 from mealie.schema.response.responses import ErrorResponse
 from mealie.schema.user.auth import UnlockResults
 from mealie.schema.user.user import UserIn, UserOut, UserPagination
+from mealie.schema.user.user_passwords import ForgotPassword, PasswordResetToken
+from mealie.services.user_services.password_reset_service import PasswordResetService
 from mealie.services.user_services.user_service import UserService

 router = APIRouter(prefix="/users", tags=["Admin: Users"])
@ -65,3 +67,12 @@ class AdminUserManagementRoutes(BaseAdminController):
    @router.delete("/{item_id}", response_model=UserOut)
    def delete_one(self, item_id: UUID4):
        return self.mixins.delete_one(item_id)
+
+    @router.post("/password-reset-token", response_model=PasswordResetToken, status_code=201)
+    def generate_token(self, email: ForgotPassword):
+        """Generates a reset token and returns it. This is an authenticated endpoint"""
+        f_service = PasswordResetService(self.session)
+        token_entry = f_service.generate_reset_token(email.email)
+        if not token_entry:
+            raise HTTPException(status_code=500, detail=ErrorResponse.respond("error while generating reset token"))
+        return PasswordResetToken(token=token_entry.token)
--- a/mealie/schema/user/user_passwords.py
+++ b/mealie/schema/user/user_passwords.py
@ -9,6 +9,10 @@ class ForgotPassword(MealieModel):
    email: str


+class PasswordResetToken(MealieModel):
+    token: str
+
+
 class ValidateResetToken(MealieModel):
    token: str