Trigger password reset email from user management

[MorrisJobke]

As of now the password reset email can only be triggered via the lost password page. In some cases this is disabled. It would be useful to trigger the email nevertheless as an admin from the user management.

Use case: having LDAP and DB users - LDAP users are not allowed to change the password but the reset should still be triggered by an admin for the DB users.

The email is sent here:

server/core/Controller/LostController.php

Lines 314 to 370 in ac8a6e2

	protected function sendEmail($input) {
	$user = $this->findUserByIdOrMail($input);
	$email = $user->getEMailAddress();
	if (empty($email)) {
	throw new \Exception(
	$this->l10n->t('Could not send reset email because there is no email address for this username. Please contact your administrator.')
	);
	}
	// Generate the token. It is stored encrypted in the database with the
	// secret being the users' email address appended with the system secret.
	// This makes the token automatically invalidate once the user changes
	// their email address.
	$token = $this->secureRandom->generate(
	21,
	ISecureRandom::CHAR_DIGITS.
	ISecureRandom::CHAR_LOWER.
	ISecureRandom::CHAR_UPPER
	);
	$tokenValue = $this->timeFactory->getTime() .':'. $token;
	$encryptedValue = $this->crypto->encrypt($tokenValue, $email . $this->config->getSystemValue('secret'));
	$this->config->setUserValue($user->getUID(), 'core', 'lostpassword', $encryptedValue);
	$link = $this->urlGenerator->linkToRouteAbsolute('core.lost.resetform', array('userId' => $user->getUID(), 'token' => $token));
	$emailTemplate = $this->mailer->createEMailTemplate('core.ResetPassword', [
	'link' => $link,
	]);
	$emailTemplate->setSubject($this->l10n->t('%s password reset', [$this->defaults->getName()]));
	$emailTemplate->addHeader();
	$emailTemplate->addHeading($this->l10n->t('Password reset'));
	$emailTemplate->addBodyText(
	htmlspecialchars($this->l10n->t('Click the following button to reset your password. If you have not requested the password reset, then ignore this email.')),
	$this->l10n->t('Click the following link to reset your password. If you have not requested the password reset, then ignore this email.')
	);
	$emailTemplate->addBodyButton(
	htmlspecialchars($this->l10n->t('Reset your password')),
	$link,
	false
	);
	$emailTemplate->addFooter();
	try {
	$message = $this->mailer->createMessage();
	$message->setTo([$email => $user->getUID()]);
	$message->setFrom([$this->from => $this->defaults->getName()]);
	$message->useTemplate($emailTemplate);
	$this->mailer->send($message);
	} catch (\Exception $e) {
	throw new \Exception($this->l10n->t(
	'Couldn\'t send reset email. Please contact your administrator.'
	));
	}

[MorrisJobke]

cc @juliushaertl @skjnldsv @kesselb @newhinton @weeman1337 Maybe one of you wants to look into this

[skjnldsv]

Basically it would require:

1. have the option in the ocs api
2. add the action in the vue user management

[compagnon]

Is a new action in the admin gui override the canResetPassword==false ?
#16245 description of the feature implemented in a PR
a url like https://example.com/newpassword/user@email.com could trigger an email to user for resetting his password

[florian-prd]

Hello,
is there any plan to add this useful feature?
Kind regards

[oasis9]

Hi, just chiming in to register my interest for this. I couldn't find a way to do this, seems like a nice feature to have as an admin to forcefully invalidate a user's password and notify them to choose a new one.