Password change as modal + admin can reset other user passwords

- New Modal.svelte component: overlay with backdrop click to close, title bar, reusable via children snippet - Layout: password change moved from inline sidebar form to modal dialog. Clean UX with current + new password fields. - Users page: 🔑 button per user opens modal for admin to set a new password (no current password required for admin reset) - Backend: PUT /api/users/{id}/password (admin only, min 6 chars) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-19 17:32:03 +03:00
parent 0200b9929f
commit 7b7ef5fec1
4 changed files with 112 additions and 16 deletions
--- a/packages/server/src/immich_watcher_server/api/users.py
+++ b/packages/server/src/immich_watcher_server/api/users.py
@@ -62,6 +62,29 @@ async def create_user(
    return {"id": user.id, "username": user.username, "role": user.role}


+class ResetPasswordRequest(BaseModel):
+    new_password: str
+
+
+@router.put("/{user_id}/password")
+async def reset_user_password(
+    user_id: int,
+    body: ResetPasswordRequest,
+    admin: User = Depends(require_admin),
+    session: AsyncSession = Depends(get_session),
+):
+    """Reset a user's password (admin only)."""
+    user = await session.get(User, user_id)
+    if not user:
+        raise HTTPException(status_code=404, detail="User not found")
+    if len(body.new_password) < 6:
+        raise HTTPException(status_code=400, detail="Password must be at least 6 characters")
+    user.hashed_password = bcrypt.hashpw(body.new_password.encode(), bcrypt.gensalt()).decode()
+    session.add(user)
+    await session.commit()
+    return {"success": True}
+
+
@router.delete("/{user_id}", status_code=status.HTTP_204_NO_CONTENT)
 async def delete_user(
    user_id: int,