org admin user password via onetime link (#6267)

2025-09-25 14:50:29 +00:00 · 2024-06-29 07:42:25 +08:00
parent c3e2d8a421
commit 0e4cb9b7b5
2 changed files with 44 additions and 35 deletions
--- a/frontend/src/pages/org-admin/org-user-item.js
+++ b/frontend/src/pages/org-admin/org-user-item.js
@@ -59,13 +59,7 @@ class UserItem extends React.Component {
    const { email, name } = this.props.user;
    toaster.success(gettext('Resetting user\'s password, please wait for a moment.'));
    seafileAPI.orgAdminResetOrgUserPassword(orgID, email).then(res => {
-      let msg;
-      msg = gettext('Successfully reset password to %(passwd)s for user %(user)s.');
-      msg = msg.replace('%(passwd)s', res.data.new_password);
-      msg = msg.replace('%(user)s', name);
-      toaster.success(msg, {
-        duration: 15
-      });
+      toaster.success(res.data.reset_tip);
    }).catch(error => {
      let errMessage = Utils.getErrorMsg(error);
      toaster.danger(errMessage);
--- a/seahub/organizations/api/admin/user_set_password.py
+++ b/seahub/organizations/api/admin/user_set_password.py
@@ -7,6 +7,8 @@ from rest_framework.views import APIView
 from rest_framework.response import Response
 from rest_framework.authentication import SessionAuthentication

+from django.utils.translation import gettext as _
+
 from seaserv import ccnet_api

 from seahub.api2.permissions import IsProVersion, IsOrgAdminUser
@@ -14,16 +16,14 @@ from seahub.api2.throttling import UserRateThrottle
 from seahub.api2.authentication import TokenAuthentication
 from seahub.api2.utils import api_error
 from seahub.base.accounts import User
-from seahub.settings import INIT_PASSWD, SEND_EMAIL_ON_RESETTING_USER_PASSWD
-from seahub.utils import IS_EMAIL_CONFIGURED
-from seahub.views.sysadmin import send_user_reset_email
 from seahub.profile.models import Profile
+from seahub.utils import IS_EMAIL_CONFIGURED, send_html_email
+from seahub.base.templatetags.seahub_tags import email2nickname
+
+from seahub.settings import INIT_PASSWD, SEND_EMAIL_ON_RESETTING_USER_PASSWD

 from seahub.organizations.views import org_user_exists

-from pysearpc import SearpcError
-
-
 logger = logging.getLogger(__name__)


@@ -39,38 +39,53 @@ class OrgAdminUserSetPassword(APIView):
        # resource check
        org_id = int(org_id)
        if not ccnet_api.get_org_by_id(org_id):
-            error_msg = 'Organization %s not found.' % org_id
+            error_msg = f'Organization {org_id} not found.' % org_id
            return api_error(status.HTTP_404_NOT_FOUND, error_msg)

        try:
            user = User.objects.get(email=email)
        except User.DoesNotExist:
-            error_msg = 'User %s not found.' % email
+            error_msg = f'User {email} not found.'
            return api_error(status.HTTP_404_NOT_FOUND, error_msg)

-        if not org_user_exists(org_id, user.username):
-            err_msg = 'User %s does not exist in the organization.' % user.username
+        user_nickname = email2nickname(email)
+        if not org_user_exists(org_id, email):
+            err_msg = f'User {user_nickname} does not exist in the organization.'
            return api_error(status.HTTP_404_NOT_FOUND, err_msg)

-        # Reset an organization user's password.
+        profile = Profile.objects.get_profile_by_user(email)
+        if IS_EMAIL_CONFIGURED and SEND_EMAIL_ON_RESETTING_USER_PASSWD and \
+                profile and profile.contact_email:
+
+            from seahub.utils import get_site_name
+            from django.utils.http import int_to_base36
+            from seahub.auth.tokens import default_token_generator
+
+            site_name = get_site_name()
+            contact_email = profile.contact_email
+            email_template_name = 'sysadmin/short_time_linving_password_reset_link.html'
+            c = {
+                'email': contact_email,
+                'uid': int_to_base36(user.id),
+                'user': user,
+                'token': default_token_generator.make_token(user),
+            }
+
+            send_html_email(_("Reset Password on %s") % site_name,
+                            email_template_name, c, None,
+                            [contact_email])
+
+            reset_tip = _(f'A password reset link has been sent to {contact_email}.')
+        else:
            if isinstance(INIT_PASSWD, FunctionType):
                new_password = INIT_PASSWD()
            else:
                new_password = INIT_PASSWD
+
            user.set_password(new_password)
            user.save()

-        # send password reset email
-        if IS_EMAIL_CONFIGURED:
-            if SEND_EMAIL_ON_RESETTING_USER_PASSWD:
-                send_to = user.username
-                profile = Profile.objects.get_profile_by_user(user.username)
-                if profile and profile.contact_email:
-                    send_to = profile.contact_email
+            reset_tip = _('Successfully reset password to %(passwd)s for user %(user)s.') \
+                % {'passwd': new_password, 'user': user_nickname}

-                try:
-                    send_user_reset_email(request, send_to, new_password)
-                except Exception as e:
-                    logger.error(str(e))
-
-        return Response({'new_password': new_password})
+        return Response({'reset_tip': reset_tip})