org admin user password via onetime link (#6267)

frontend/src/pages/org-admin/org-user-item.js

@@ -59,13 +59,7 @@ class UserItem extends React.Component {
     const { email, name } = this.props.user;
     toaster.success(gettext('Resetting user\'s password, please wait for a moment.'));
     seafileAPI.orgAdminResetOrgUserPassword(orgID, email).then(res => {
-      let msg;
+      toaster.success(res.data.reset_tip);
-      msg = gettext('Successfully reset password to %(passwd)s for user %(user)s.');
-      msg = msg.replace('%(passwd)s', res.data.new_password);
-      msg = msg.replace('%(user)s', name);
-      toaster.success(msg, {
-        duration: 15
-      });
     }).catch(error => {
       let errMessage = Utils.getErrorMsg(error);
       toaster.danger(errMessage);

seahub/organizations/api/admin/user_set_password.py

@@ -7,6 +7,8 @@ from rest_framework.views import APIView
 from rest_framework.response import Response
 from rest_framework.authentication import SessionAuthentication
 
+from django.utils.translation import gettext as _
+
 from seaserv import ccnet_api
 
 from seahub.api2.permissions import IsProVersion, IsOrgAdminUser
@@ -14,16 +16,14 @@ from seahub.api2.throttling import UserRateThrottle
 from seahub.api2.authentication import TokenAuthentication
 from seahub.api2.utils import api_error
 from seahub.base.accounts import User
-from seahub.settings import INIT_PASSWD, SEND_EMAIL_ON_RESETTING_USER_PASSWD
-from seahub.utils import IS_EMAIL_CONFIGURED
-from seahub.views.sysadmin import send_user_reset_email
 from seahub.profile.models import Profile
+from seahub.utils import IS_EMAIL_CONFIGURED, send_html_email
+from seahub.base.templatetags.seahub_tags import email2nickname
+
+from seahub.settings import INIT_PASSWD, SEND_EMAIL_ON_RESETTING_USER_PASSWD
 
 from seahub.organizations.views import org_user_exists
 
-from pysearpc import SearpcError
-
-
 logger = logging.getLogger(__name__)
 
 
@@ -39,38 +39,53 @@ class OrgAdminUserSetPassword(APIView):
         # resource check
         org_id = int(org_id)
         if not ccnet_api.get_org_by_id(org_id):
-            error_msg = 'Organization %s not found.' % org_id
+            error_msg = f'Organization {org_id} not found.' % org_id
             return api_error(status.HTTP_404_NOT_FOUND, error_msg)
 
         try:
             user = User.objects.get(email=email)
         except User.DoesNotExist:
-            error_msg = 'User %s not found.' % email
+            error_msg = f'User {email} not found.'
             return api_error(status.HTTP_404_NOT_FOUND, error_msg)
 
-        if not org_user_exists(org_id, user.username):
+        user_nickname = email2nickname(email)
-            err_msg = 'User %s does not exist in the organization.' % user.username
+        if not org_user_exists(org_id, email):
+            err_msg = f'User {user_nickname} does not exist in the organization.'
             return api_error(status.HTTP_404_NOT_FOUND, err_msg)
 
-        # Reset an organization user's password.
+        profile = Profile.objects.get_profile_by_user(email)
+        if IS_EMAIL_CONFIGURED and SEND_EMAIL_ON_RESETTING_USER_PASSWD and \
+                profile and profile.contact_email:
+
+            from seahub.utils import get_site_name
+            from django.utils.http import int_to_base36
+            from seahub.auth.tokens import default_token_generator
+
+            site_name = get_site_name()
+            contact_email = profile.contact_email
+            email_template_name = 'sysadmin/short_time_linving_password_reset_link.html'
+            c = {
+                'email': contact_email,
+                'uid': int_to_base36(user.id),
+                'user': user,
+                'token': default_token_generator.make_token(user),
+            }
+
+            send_html_email(_("Reset Password on %s") % site_name,
+                            email_template_name, c, None,
+                            [contact_email])
+
+            reset_tip = _(f'A password reset link has been sent to {contact_email}.')
+        else:
             if isinstance(INIT_PASSWD, FunctionType):
                 new_password = INIT_PASSWD()
             else:
                 new_password = INIT_PASSWD
+
             user.set_password(new_password)
             user.save()
 
-        # send password reset email
+            reset_tip = _('Successfully reset password to %(passwd)s for user %(user)s.') \
-        if IS_EMAIL_CONFIGURED:
+                % {'passwd': new_password, 'user': user_nickname}
-            if SEND_EMAIL_ON_RESETTING_USER_PASSWD:
-                send_to = user.username
-                profile = Profile.objects.get_profile_by_user(user.username)
-                if profile and profile.contact_email:
-                    send_to = profile.contact_email
 
-                try:
+        return Response({'reset_tip': reset_tip})
-                    send_user_reset_email(request, send_to, new_password)
-                except Exception as e:
-                    logger.error(str(e))
-
-        return Response({'new_password': new_password})