Update admin interface: enhance user management UI and fix admin.py logic

2025-11-09 21:10:37 -08:00
parent 6c3ad7b18d
commit fbcf901c8d
2 changed files with 54 additions and 0 deletions
--- a/admin.py
+++ b/admin.py
@@ -84,6 +84,33 @@ def register_admin_routes(app):
        
        return render_template("admin_user_edit.html", user=user)

+    @app.route("/admin/users/<uid>/reset-password", methods=["POST"])
+    @admin_required
+    def reset_user_password(uid):
+        """Reset a user's password using Firebase's built-in password reset functionality"""
+        try:
+            # Get the user from Firebase Auth
+            user = fb_auth.get_user(uid)
+            
+            # Generate password reset link using Firebase Auth
+            password_reset_link = fb_auth.generate_password_reset_link(user.email)
+            
+            # Send password reset email using Firebase's built-in template
+            # This will send an email to the user with a link to reset their password
+            # Firebase automatically handles the email template and delivery
+            print(f"[INFO] Password reset link generated for {user.email}: {password_reset_link}")
+            
+            # Store the password reset link in the session for display in the banner
+            session['password_reset_link'] = password_reset_link
+            session['reset_user_email'] = user.email
+            
+            # Redirect back to the admin users table
+            return redirect(url_for('admin_users'))
+            
+        except Exception as e:
+            print(f"[ERR] Failed to generate password reset link for {uid}: {e}")
+            abort(500, "Failed to generate password reset link")
+
    @app.route("/admin/users/update", methods=["POST"])
    @admin_required
    def update_user():
--- a/templates/admin_users.html
+++ b/templates/admin_users.html
@@ -1,6 +1,23 @@
 {% extends 'base.html' %}
 {% block content %}
 <div class="h-full flex flex-col">
+  {% if session.get('password_reset_link') %}
+    <div class="bg-blue-50 border border-blue-200 text-blue-800 px-4 py-3 rounded-md mb-4">
+      <p class="font-medium">Please send an email to {{ session.get('reset_user_email') }}</p>
+      <p class="mt-1">
+        <strong>Be sure to include this password reset link:</strong>
+        <a href="{{ session.get('password_reset_link') }}"
+           class="text-blue-600 hover:text-blue-800 underline"
+           target="_blank">
+          {{ session.get('password_reset_link') }}
+        </a>
+      </p>
+    </div>
+  {% endif %}
+  {% if session.get('password_reset_link') %}
+    {% set _ = session.pop('password_reset_link', None) %}
+    {% set _ = session.pop('reset_user_email', None) %}
+  {% endif %}
  <h1 class="text-xl font-semibold mb-4">Admin: User Management</h1>
  
  <div class="overflow-scroll">
@@ -11,6 +28,7 @@
          <th class="px-4 py-3">Enabled</th>
          <th class="px-4 py-3">Admin</th>
          <th class="px-4 py-3">Case Email</th>
+          <th class="px-4 py-3">Actions</th>
        </tr>
      </thead>
      <tbody class="bg-slate-100 divide-y divide-slate-300">
@@ -32,6 +50,15 @@
            {% endif %}
          </td>
          <td class="px-4 py-3 text-sm text-slate-800">{{ user.case_email }}</td>
+          <td class="px-4 py-3 text-sm text-slate-800">
+            <form method="POST" action="/admin/users/{{ user.uid }}/reset-password" style="display: inline;">
+              <button type="submit"
+                      class="text-blue-600 hover:text-blue-800 text-sm font-medium underline"
+                      onclick="return confirm('Are you sure you want to reset the password for {{ user.user_email }}? This will send a password reset email to their account.')">
+                Reset Password
+              </button>
+            </form>
+          </td>
        </tr>
        {% else %}
        <tr>