resets passwords

admin.py

@@ -1,7 +1,9 @@
 import json
 import os
+import random
+import string
 from functools import wraps
-from flask import render_template, request, redirect, url_for, session, abort, jsonify
+from flask import render_template, request, redirect, url_for, session, abort, jsonify, flash
 from firebase_init import db
 from firebase_admin import auth as fb_auth
 from utils import get_user_profile
@@ -47,7 +49,8 @@ def register_admin_routes(app):
                     "case_email": user_data.get("case_email", ""),
                     "case_domain_email": user_data.get("case_domain_email", ""),
                     "enabled": bool(user_data.get("enabled", False)),
-                    "is_admin": bool(user_data.get("is_admin", False))
+                    "is_admin": bool(user_data.get("is_admin", False)),
+                    "password_reset_required": bool(user_data.get("password_reset_required", False))
                 })
                 
         except Exception as e:
@@ -94,17 +97,23 @@ def register_admin_routes(app):
             # Get the user from Firebase Auth
             user = fb_auth.get_user(uid)
             
-            # Generate password reset link using Firebase Auth
-            password_reset_link = fb_auth.generate_password_reset_link(user.email)
             
-            # Send password reset email using Firebase's built-in template
-            # This will send an email to the user with a link to reset their password
-            # Firebase automatically handles the email template and delivery
-            print(f"[INFO] Password reset link generated for {user.email}: {password_reset_link}")
+            # Generate temporary password (random word + 3 digits)
+            words = ["sun", "moon", "star", "cloud", "rain", "wind", "fire", "water", "snow", "stone",
+                     "tree", "leaf", "flower", "bird", "wolf", "tiger", "bear", "fish", "dragon",
+                     "magic", "quest", "light", "dark", "gold", "silver", "ruby", "pearl", "diamond"]
+            random_word = random.choice(words)
+            random_digits = ''.join(random.choices(string.digits, k=3))
+            temp_password = f"{random_word}{random_digits}"
+
+            # Create user profile in Firestore with password reset required flag
+            user_ref = db.collection("users").document(user.uid)
+            user_ref.set({
+                "password_reset_required": True
+            },merge=True)
             
-            # Store the password reset link in the session for display in the banner
-            session['password_reset_link'] = password_reset_link
-            session['reset_user_email'] = user.email
+            flash(f"User now has a temporary password {temp_password}.", "success")
+            fb_auth.update_user(uid, password=temp_password)
             
             # Redirect back to the admin users table
             return redirect(url_for('admin_users'))
@@ -152,37 +161,51 @@ def register_admin_routes(app):
     @app.route("/admin/users/create", methods=["POST"])
     @admin_required
     def create_user():
-        """Create a new user"""
+        """Create a new user with temporary password"""
         try:
             # Get form data
             user_email = request.form.get("user_email")
             if not user_email:
                 abort(400, "User email is required")
-            
+
             # Validate email format
             if "@" not in user_email:
                 abort(400, "Invalid email format")
-            
-            # Create user in Firebase Authentication
+
+            # Generate temporary password (random word + 3 digits)
+            words = ["sun", "moon", "star", "cloud", "rain", "wind", "fire", "water", "snow", "stone",
+                     "tree", "leaf", "flower", "bird", "wolf", "tiger", "bear", "fish", "dragon",
+                     "magic", "quest", "light", "dark", "gold", "silver", "ruby", "pearl", "diamond"]
+            random_word = random.choice(words)
+            random_digits = ''.join(random.choices(string.digits, k=3))
+            temp_password = f"{random_word}{random_digits}"
+
+            # Create user in Firebase Authentication with temporary password
             user_record = fb_auth.create_user(
                 email=user_email,
                 email_verified=False,
-                disabled=not request.form.get("enabled", False)
+                disabled=not request.form.get("enabled", False),
+                password=temp_password
             )
-            
-            # Create user profile in Firestore
+
+            # Create user profile in Firestore with password reset required flag
             user_ref = db.collection("users").document(user_record.uid)
             user_ref.set({
                 "user_email": user_email,
                 "case_email": request.form.get("case_email", ""),
                 "case_domain_email": request.form.get("case_domain_email", ""),
                 "enabled": bool(request.form.get("enabled", False)),
-                "is_admin": bool(request.form.get("is_admin", False))
+                "is_admin": bool(request.form.get("is_admin", False)),
+                "password_reset_required": True
             })
-            
+
+            # Display success message with temporary password
+            flash(f"User created successfully. Temporary password: {temp_password}", "success")
+            print(f"[INFO] Created user {user_email} with temp password: {temp_password}")
+
             # Redirect to admin users page
             return redirect(url_for("admin_users"))
-            
+
         except fb_auth.EmailAlreadyExistsError:
             print(f"[ERR] User with email {user_email} already exists")
             abort(400, "A user with this email already exists")