New password generation method: send user email # 15461

[Mark-H]

What does it do?

This is a re-up of #15461 originally by @sdrenth back in 2021, which has gone stale waiting for some minor changes. I've rebased it, tweaked it, tested it, so we can include it in 3.1.

This adds a new option for setting the password when creating/updating a user: send the user a link to set their password. That's more secure and builds upon improvements to the password reset flow that was done in 3.0.

Why is it needed?

Showing the password on screen or manually setting a password is kinda outdated and insecure.

How to test

Create and/or edit a user, and choose "Let the user choose their own password via email" for the password method. Look for the email (make sure you have email delivery set up beforehand) and attempt to set the new password.

Related issue(s)/PR(s)

This PR replaces the stale PR #15461

Sterc#22
#13973
Sterc#31

[codecov]

Codecov Report

Attention: 77 lines in your changes are missing coverage. Please review.

Comparison is base (73bfd27) 21.68% compared to head (f20d31e) 21.63%.

Files	Patch %	Lines
...src/Revolution/Processors/Security/User/Update.php	0.00%	45 Missing ⚠️
...src/Revolution/Processors/Security/User/Create.php	0.00%	30 Missing ⚠️
...Revolution/Processors/Security/User/Validation.php	0.00%	2 Missing ⚠️

Additional details and impacted files

@@             Coverage Diff              @@
##                3.x   #16519      +/-   ##
============================================
- Coverage     21.68%   21.63%   -0.05%     
- Complexity    10496    10502       +6     
============================================
  Files           561      561              
  Lines         31703    31771      +68     
============================================
  Hits           6875     6875              
- Misses        24828    24896      +68     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[theboxer]

👏 thx for the update