Dear mates,
Because we have users with no real email addresses, an user cannot use the standard password reset scenario using the GUI.
So the idea came up to update another user's login password via API.
Unfortunately, the API endpoint /api/user/:id/password
(documented here) can only change the own password of the logged-in user. (the endpoint has a :id
path parameter so one could think it can be an arbitrary user id)
In the DB itself is the password in a non-trivial way hashed, probably using multiple fields, so I have not figured out a way using direct DB update.
Any Idea, please?
Thanks and see ya