Merge pull request #7650 from weseek/imprv/119788-121726-admin-can-us…

…e-reset-password-without-email-setting imprv: Admin user can use `reset-password` without email settings
weseek · May 16, 2023 · 96006fe · 96006fe
2 parents be29880 + 6556a60
commit 96006fe
Show file tree

Hide file tree

Showing 6 changed files with 25 additions and 44 deletions.
diff --git a/apps/app/public/static/locales/en_US/admin.json b/apps/app/public/static/locales/en_US/admin.json
@@ -753,9 +753,9 @@
     },
     "reset_password": "Reset Password",
     "reset_password_modal": {
-      "reset_password_info": "When a password is reset, a newly password is sent to the target user.",
-      "password_reset_message": "The temporary password was sent to the below user and strongly recommend to change another one immediately.",
-      "reset_password_alert": "If the e-mail transmission fails, please make sure that e-mail settings are correct and reset password again.",
+      "password_never_seen": "The temporary password can never be retrieved after this screen is closed.",
+      "password_reset_message": "Let the user know the new password below and strongly recommend to change another one immediately.",
+      "send_new_password": "Please send the new password to the user.",
       "target_user": "Target User",
       "new_password": "New Password"
     },

diff --git a/apps/app/public/static/locales/ja_JP/admin.json b/apps/app/public/static/locales/ja_JP/admin.json
@@ -761,9 +761,9 @@
     },
     "reset_password": "パスワードのリセット",
     "reset_password_modal": {
-      "reset_password_info": "パスワードをリセットすると新規発行したパスワードを対象ユーザーに送信します。",
-      "password_reset_message": "対象ユーザーに一時的なパスワードを送信しました。新しく別のパスワードを設定するよう伝えてください。",
-      "reset_password_alert": "送信に失敗した場合はメール設定が正しいことを確認し再度パスワードのリセットを行ってください",
+      "password_never_seen": "表示されたパスワードはこの画面を閉じると二度と表示できませんのでご注意ください。",
+      "password_reset_message": "対象ユーザーに下記のパスワードを伝え、すぐに新しく別のパスワードを設定するよう伝えてください。",
+      "send_new_password": "新規発行したパスワードを、対象ユーザーへ連絡してください。",
       "target_user": "対象ユーザー",
       "new_password": "新しいパスワード"
     },

diff --git a/apps/app/public/static/locales/zh_CN/admin.json b/apps/app/public/static/locales/zh_CN/admin.json
@@ -761,9 +761,9 @@
     },
     "reset_password": "重置密码",
     "reset_password_modal": {
-      "reset_password_info": "When a password is reset, a newly password is sent to the target user.",
-      "password_reset_message": "The temporary password was sent to the below user and strongly recommend to change another one immediately.",
-      "reset_password_alert": "If the e-mail transmission fails, please make sure that e-mail settings are correct and reset password again.",
+      "password_never_seen": "The temporary password can never be retrieved after this screen is closed.",
+      "password_reset_message": "Let the user know the new password below and strongly recommend to change another one immediately.",
+      "send_new_password": "Please send the new password to the user.",
       "target_user": "Target User",
       "new_password": "New Password"
     },

diff --git a/apps/app/resource/locales/ja_JP/admin/userResetPassword.txt b/apps/app/resource/locales/ja_JP/admin/userResetPassword.txt
@@ -9,4 +9,3 @@ New Password: <%- password %>
 --
 <%- appTitle %>
 <%- url %>
-
diff --git a/apps/app/src/components/Admin/Users/PasswordResetModal.jsx b/apps/app/src/components/Admin/Users/PasswordResetModal.jsx
@@ -16,6 +16,7 @@ class PasswordResetModal extends React.Component {
     super(props);
 
     this.state = {
+      temporaryPassword: [],
       isPasswordResetDone: false,
     };
 
@@ -25,8 +26,9 @@ class PasswordResetModal extends React.Component {
   async resetPassword() {
     const { t, userForPasswordResetModal } = this.props;
     try {
-      await apiv3Put('/users/reset-password', { id: userForPasswordResetModal._id });
-      this.setState({ isPasswordResetDone: true });
+      const res = await apiv3Put('/users/reset-password', { id: userForPasswordResetModal._id });
+      const { newPassword } = res.data;
+      this.setState({ temporaryPassword: newPassword, isPasswordResetDone: true });
     }
     catch (err) {
       toastError(err);
@@ -39,8 +41,8 @@ class PasswordResetModal extends React.Component {
     return (
       <>
         <p>
-          {t('user_management.reset_password_modal.reset_password_info')}<br />
-          <span className="text-danger">{t('user_management.reset_password_modal.reset_password_alert')}</span>
+          {t('user_management.reset_password_modal.password_never_seen')}<br />
+          <span className="text-danger">{t('user_management.reset_password_modal.send_new_password')}</span>
         </p>
         <p>
           {t('user_management.reset_password_modal.target_user')}: <code>{userForPasswordResetModal.email}</code>
@@ -58,6 +60,9 @@ class PasswordResetModal extends React.Component {
         <p>
           {t('user_management.reset_password_modal.target_user')}: <code>{userForPasswordResetModal.email}</code>
         </p>
+        <p>
+          {t('user_management.reset_password_modal.new_password')}: <code>{this.state.temporaryPassword}</code>
+        </p>
       </>
     );
   }

diff --git a/apps/app/src/server/routes/apiv3/users.js b/apps/app/src/server/routes/apiv3/users.js
@@ -940,52 +940,29 @@ module.exports = (crowi) => {
    *            application/json:
    *              schema:
    *                properties:
-   *                  id:
+   *                  newPassword:
+   *                    type: string
+   *                  user:
    *                    type: string
    *                    description: user id for reset password
    *        responses:
    *          200:
    *            description: success resrt password
    */
   router.put('/reset-password', loginRequiredStrictly, adminRequired, addActivity, async(req, res) => {
-    const { appService, mailService } = crowi;
     const { id } = req.body;
 
-    let newPassword;
-    let user;
-
     try {
-      [newPassword, user] = await Promise.all([
+      const [newPassword, user] = await Promise.all([
         await User.resetPasswordByRandomString(id),
         await User.findById(id)]);
 
       activityEvent.emit('update', res.locals.activity._id, { action: SupportedAction.ACTION_ADMIN_USERS_PASSWORD_RESET });
+      return res.apiv3({ newPassword, user });
     }
     catch (err) {
-      const msg = 'Error occurred during password reset request procedure.';
-      logger.error(err);
-      return res.apiv3Err(`${msg} Cause: ${err}`);
-    }
-
-    try {
-      await mailService.send({
-        to: user.email,
-        subject: 'Your password has been reset by the administrator',
-        template: path.join(crowi.localeDir, 'en_US/admin/userResetPassword.txt'),
-        vars: {
-          email: user.email,
-          password: newPassword,
-          url: crowi.appService.getSiteUrl(),
-          appTitle: appService.getAppTitle(),
-        },
-      });
-
-      return res.apiv3({});
-    }
-    catch (err) {
-      const msg = 'Error occurred during password reset send e-mail.';
-      logger.error(err);
-      return res.apiv3Err(`${msg} Cause: ${err}`);
+      logger.error('Error', err);
+      return res.apiv3Err(new ErrorV3(err));
     }
   });