Reset user password (Admin only)
POST/company/users/change/:id
Allows an administrator to reset the password of any user in the company, generating a new random password and sending it via email.
Objective
To facilitate user access recovery by administrators when users forget their password or need assistance.
Use Cases
- User forgot their password and requests help from an admin
- Admin needs to restore a user's access
- Security reset at the user's request
Authentication & Authorization
- Requires a valid JWT (middleware m.isLoged)
- Requires admin or dev role (middleware m.isAdmin)
Behavior
- If no password is provided, one is automatically generated using tools.generatePass()
- The generated password is 8 characters long with uppercase letters, lowercase letters, and numbers
- Hashes the password with model.getPassword()
- Sends an email with the new password using mail.sendNewPass()
- Verifies that the user belongs to the admin's company
Validations
- User must exist
- User must belong to the admin's company
- If a password is provided in the request body, it is used instead of generating one
Password Handling
- If a password is provided in the body, that one is used
- If not provided, one is automatically generated: 8 characters, uppercase, lowercase, numbers
- The password is hashed with model.getPassword()
- It is sent via email to the user in their configured language (user.i18n)
Notes
- Different from POST /changePass where the user changes their own password
- This endpoint is for an admin to reset another user's password
Request
Responses
- 200
- 401
- 403
- 404
Password successfully reset and sent by email.
Unauthorized (admin or dev role required)
Forbidden (user is not an administrator)
User not found