deploystackio
diff --git a/‎services/backend/api-spec.json‎
Lines changed: 219 additions & 0 deletions b/‎services/backend/api-spec.json‎
Lines changed: 219 additions & 0 deletions
diff --git a/‎services/backend/api-spec.yaml‎
Lines changed: 153 additions & 0 deletions b/‎services/backend/api-spec.yaml‎
Lines changed: 153 additions & 0 deletions
@@ -6979,6 +6979,199 @@
         }
       }
     },
+    "/api/auth/admin/reset-password": {
+      "post": {
+        "summary": "Admin-initiated password reset",
+        "tags": [
+          "Authentication",
+          "Admin"
+        ],
+        "description": "Allows global administrators to initiate password reset for users with email authentication. The admin cannot reset their own password. Requires global_send_mail setting to be enabled. The user will receive an email with a reset link that works the same as self-initiated password resets.",
+        "requestBody": {
+          "content": {
+            "application/json": {
+              "schema": {
+                "type": "object",
+                "properties": {
+                  "email": {
+                    "type": "string",
+                    "format": "email"
+                  }
+                },
+                "required": [
+                  "email"
+                ],
+                "additionalProperties": false
+              }
+            }
+          },
+          "required": true
+        },
+        "security": [
+          {
+            "cookieAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Password reset email sent successfully",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "type": "object",
+                  "properties": {
+                    "success": {
+                      "type": "boolean",
+                      "description": "Indicates if the request was processed successfully"
+                    },
+                    "message": {
+                      "type": "string",
+                      "description": "Success message"
+                    }
+                  },
+                  "required": [
+                    "success",
+                    "message"
+                  ],
+                  "additionalProperties": false,
+                  "description": "Password reset email sent successfully"
+                }
+              }
+            }
+          },
+          "400": {
+            "description": "Bad Request - Invalid email, user not found, or user not eligible",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "type": "object",
+                  "properties": {
+                    "success": {
+                      "type": "boolean",
+                      "description": "Indicates if the operation was successful (false for errors)",
+                      "default": false
+                    },
+                    "error": {
+                      "type": "string",
+                      "description": "Error message describing what went wrong"
+                    }
+                  },
+                  "required": [
+                    "error"
+                  ],
+                  "additionalProperties": false,
+                  "description": "Bad Request - Invalid email, user not found, or user not eligible"
+                }
+              }
+            }
+          },
+          "401": {
+            "description": "Unauthorized - Authentication required",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "type": "object",
+                  "properties": {
+                    "success": {
+                      "type": "boolean",
+                      "description": "Indicates if the operation was successful (false for errors)",
+                      "default": false
+                    },
+                    "error": {
+                      "type": "string",
+                      "description": "Error message describing what went wrong"
+                    }
+                  },
+                  "required": [
+                    "error"
+                  ],
+                  "additionalProperties": false,
+                  "description": "Unauthorized - Authentication required"
+                }
+              }
+            }
+          },
+          "403": {
+            "description": "Forbidden - Insufficient permissions or self-reset attempt",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "type": "object",
+                  "properties": {
+                    "success": {
+                      "type": "boolean",
+                      "description": "Indicates if the operation was successful (false for errors)",
+                      "default": false
+                    },
+                    "error": {
+                      "type": "string",
+                      "description": "Error message describing what went wrong"
+                    }
+                  },
+                  "required": [
+                    "error"
+                  ],
+                  "additionalProperties": false,
+                  "description": "Forbidden - Insufficient permissions or self-reset attempt"
+                }
+              }
+            }
+          },
+          "500": {
+            "description": "Internal Server Error - Password reset failed",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "type": "object",
+                  "properties": {
+                    "success": {
+                      "type": "boolean",
+                      "description": "Indicates if the operation was successful (false for errors)",
+                      "default": false
+                    },
+                    "error": {
+                      "type": "string",
+                      "description": "Error message describing what went wrong"
+                    }
+                  },
+                  "required": [
+                    "error"
+                  ],
+                  "additionalProperties": false,
+                  "description": "Internal Server Error - Password reset failed"
+                }
+              }
+            }
+          },
+          "503": {
+            "description": "Service Unavailable - Email functionality disabled",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "type": "object",
+                  "properties": {
+                    "success": {
+                      "type": "boolean",
+                      "description": "Indicates if the operation was successful (false for errors)",
+                      "default": false
+                    },
+                    "error": {
+                      "type": "string",
+                      "description": "Error message describing what went wrong"
+                    }
+                  },
+                  "required": [
+                    "error"
+                  ],
+                  "additionalProperties": false,
+                  "description": "Service Unavailable - Email functionality disabled"
+                }
+              }
+            }
+          }
+        }
+      }
+    },
     "/api/auth/profile/update": {
       "put": {
         "summary": "Update user profile",
@@ -7144,6 +7337,32 @@
               }
             }
           },
+          "403": {
+            "description": "Forbidden - Cannot change username for non-email users",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "type": "object",
+                  "properties": {
+                    "success": {
+                      "type": "boolean",
+                      "description": "Indicates if the operation was successful (false for errors)",
+                      "default": false
+                    },
+                    "error": {
+                      "type": "string",
+                      "description": "Error message describing what went wrong"
+                    }
+                  },
+                  "required": [
+                    "error"
+                  ],
+                  "additionalProperties": false,
+                  "description": "Forbidden - Cannot change username for non-email users"
+                }
+              }
+            }
+          },
           "500": {
             "description": "Internal Server Error - Profile update failed",
             "content": {
 
@@ -4867,6 +4867,141 @@ paths:
                   - error
                 additionalProperties: false
                 description: Service Unavailable - Email functionality disabled
+  /api/auth/admin/reset-password:
+    post:
+      summary: Admin-initiated password reset
+      tags:
+        - Authentication
+        - Admin
+      description: Allows global administrators to initiate password reset for users
+        with email authentication. The admin cannot reset their own password.
+        Requires global_send_mail setting to be enabled. The user will receive
+        an email with a reset link that works the same as self-initiated
+        password resets.
+      requestBody:
+        content:
+          application/json:
+            schema:
+              type: object
+              properties:
+                email:
+                  type: string
+                  format: email
+              required:
+                - email
+              additionalProperties: false
+        required: true
+      security:
+        - cookieAuth: []
+      responses:
+        "200":
+          description: Password reset email sent successfully
+          content:
+            application/json:
+              schema:
+                type: object
+                properties:
+                  success:
+                    type: boolean
+                    description: Indicates if the request was processed successfully
+                  message:
+                    type: string
+                    description: Success message
+                required:
+                  - success
+                  - message
+                additionalProperties: false
+                description: Password reset email sent successfully
+        "400":
+          description: Bad Request - Invalid email, user not found, or user not eligible
+          content:
+            application/json:
+              schema:
+                type: object
+                properties:
+                  success:
+                    type: boolean
+                    description: Indicates if the operation was successful (false for errors)
+                    default: false
+                  error:
+                    type: string
+                    description: Error message describing what went wrong
+                required:
+                  - error
+                additionalProperties: false
+                description: Bad Request - Invalid email, user not found, or user not eligible
+        "401":
+          description: Unauthorized - Authentication required
+          content:
+            application/json:
+              schema:
+                type: object
+                properties:
+                  success:
+                    type: boolean
+                    description: Indicates if the operation was successful (false for errors)
+                    default: false
+                  error:
+                    type: string
+                    description: Error message describing what went wrong
+                required:
+                  - error
+                additionalProperties: false
+                description: Unauthorized - Authentication required
+        "403":
+          description: Forbidden - Insufficient permissions or self-reset attempt
+          content:
+            application/json:
+              schema:
+                type: object
+                properties:
+                  success:
+                    type: boolean
+                    description: Indicates if the operation was successful (false for errors)
+                    default: false
+                  error:
+                    type: string
+                    description: Error message describing what went wrong
+                required:
+                  - error
+                additionalProperties: false
+                description: Forbidden - Insufficient permissions or self-reset attempt
+        "500":
+          description: Internal Server Error - Password reset failed
+          content:
+            application/json:
+              schema:
+                type: object
+                properties:
+                  success:
+                    type: boolean
+                    description: Indicates if the operation was successful (false for errors)
+                    default: false
+                  error:
+                    type: string
+                    description: Error message describing what went wrong
+                required:
+                  - error
+                additionalProperties: false
+                description: Internal Server Error - Password reset failed
+        "503":
+          description: Service Unavailable - Email functionality disabled
+          content:
+            application/json:
+              schema:
+                type: object
+                properties:
+                  success:
+                    type: boolean
+                    description: Indicates if the operation was successful (false for errors)
+                    default: false
+                  error:
+                    type: string
+                    description: Error message describing what went wrong
+                required:
+                  - error
+                additionalProperties: false
+                description: Service Unavailable - Email functionality disabled
   /api/auth/profile/update:
     put:
       summary: Update user profile
@@ -4990,6 +5125,24 @@ paths:
                   - error
                 additionalProperties: false
                 description: Unauthorized - Authentication required
+        "403":
+          description: Forbidden - Cannot change username for non-email users
+          content:
+            application/json:
+              schema:
+                type: object
+                properties:
+                  success:
+                    type: boolean
+                    description: Indicates if the operation was successful (false for errors)
+                    default: false
+                  error:
+                    type: string
+                    description: Error message describing what went wrong
+                required:
+                  - error
+                additionalProperties: false
+                description: Forbidden - Cannot change username for non-email users
         "500":
           description: Internal Server Error - Profile update failed
           content: