feat: implement admin user management page with user listing, creation, deletion, and password reset functionality

2025-12-19 20:28:27 +05:30
parent c26c74ebdb
commit 21a0031c81
6 changed files with 552 additions and 0 deletions
--- a/backend/src/handlers/users.rs
+++ b/backend/src/handlers/users.rs
@@ -328,6 +328,46 @@ pub async fn delete_user(
    Ok(StatusCode::NO_CONTENT)
 }

+/// Request to reset a user's password.
+#[derive(Deserialize)]
+pub struct ResetPasswordRequest {
+    pub new_password: String,
+}
+
+/// POST /api/users/:id/reset-password - Reset a user's password (admin only).
+pub async fn reset_password(
+    State(db): State<DatabaseConnection>,
+    Path(id): Path<i32>,
+    Json(req): Json<ResetPasswordRequest>,
+) -> Result<StatusCode, StatusCode> {
+    // Find the user
+    let existing = user::Entity::find_by_id(id)
+        .one(&db)
+        .await
+        .map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)?
+        .ok_or(StatusCode::NOT_FOUND)?;
+
+    // Hash new password
+    let password_hash = crate::auth::hash_password(&req.new_password)
+        .map_err(|e| {
+            tracing::error!("Password hashing failed: {:?}", e);
+            StatusCode::INTERNAL_SERVER_ERROR
+        })?;
+
+    let now = Utc::now().naive_utc();
+
+    let mut active: user::ActiveModel = existing.into();
+    active.password_hash = Set(password_hash);
+    active.updated_at = Set(now);
+
+    active
+        .update(&db)
+        .await
+        .map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)?;
+
+    Ok(StatusCode::OK)
+}
+
 /// GET /api/roles - List all roles.
 pub async fn list_roles(
    State(db): State<DatabaseConnection>,
@@ -355,3 +395,4 @@ pub struct RoleResponse {
    pub name: String,
    pub description: Option<String>,
 }
+
--- a/backend/src/main.rs
+++ b/backend/src/main.rs
@@ -138,6 +138,7 @@ fn create_router(db: DatabaseConnection, config: &config::Config) -> Router {
        .route("/api/users/{id}", get(handlers::users::get_user)
            .put(handlers::users::update_user)
            .delete(handlers::users::delete_user))
+        .route("/api/users/{id}/reset-password", post(handlers::users::reset_password))
        // Entries API
        .route("/api/entries", post(handlers::entries::create_entry))
        .route("/api/users/{user_id}/entries", get(handlers::entries::list_user_entries))