Trigger password reset email from user management · nextcloud/server#14411

(5 comments) (3 reactions) (0 assignees)PHP (34,953 stars) (4,865 forks)batch import

1. to developenhancementfeature: authenticationfeature: users and groupsgood first issuesecurity

Description

As of now the password reset email can only be triggered via the lost password page. In some cases this is disabled. It would be useful to trigger the email nevertheless as an admin from the user management.

Use case: having LDAP and DB users - LDAP users are not allowed to change the password but the reset should still be triggered by an admin for the DB users.

The email is sent here:

https://github.com/nextcloud/server/blob/ac8a6e22448cd4077e73b68731764bd60775665a/core/Controller/LostController.php#L314-L370

Contributor guide

Tech stack: php
Domain: backendsecurityauthentication
Issue type: feature
Difficulty: 3
Estimated time: half day
Activity status: stale
Clarity: clear
Prerequisites: Basic PHP knowledgeNextcloud development setupFamiliarity with LostController.php
Newbie friendliness: 60
Research direction: The issue requests adding a way for admins to trigger password reset emails from the user management interface. The existing email sending logic is in `core/Controller/LostController.php` (lines 314-370). A new action should be added to the user management controller, possibly in `settings/Controller/UsersController.php`, to call the same email sending method. The UI would need a button or action in the user list.