Reset User Password (Admin)
POST/company/auth/reset/:id
Endpoint to reset a user's password (administrative operation).
Generates a new random password and sends it via email.
Allow administrators to reset any user's password by generating a secure temporary password and sending it via email.
Use Cases
- Administrator needs to reset the password of a locked user
- User cannot access their account and requires administrative intervention
- Technical support resets user credentials
Process Flow
- Administrator requests a password reset for a user
- Middleware m.isGestor verifies the user has a manager/admin/dev role (401 if not)
- Client sends a POST request with the user ID in the URL
- Server searches for the user by ID in the database
- If the user does not exist, returns a 404 error
- If the user exists, generates a secure random password
- Hashes the new password with bcrypt
- Saves the new password in the database
- Sends an email with the newly generated password
- Returns the updated user data (excluding the password)
- Logs the action in the security history
Security
- Requires authentication and management permissions (manager, admin, or dev role)
- Randomly generated password is secure (minimum 8 characters)
- Sent via email to ensure the actual user receives it
- Requires proper authorization to perform this operation
Request
Responses
- 200
- 400
- 401
- 404
Password successfully reset
Response Headers
Error resetting password
Response Headers
Unauthorized - manager role required
Response Headers
User not found