pub async fn reset_password(
db: &Db,
target_user_id: i64,
new_password: &str,
) -> Result<ResetOutcome>Expand description
Set a new password for target_user_id, raise
must_change_password = TRUE, revoke every session for the user.
The CLI supplies new_password — either operator-provided via
--temp-password or a CLI-generated random string. This function
does not generate or echo the plaintext; the caller owns it and
is responsible for displaying it exactly once.
Atomic: the password update + must-change flag flip + audit
columns (password_changed_at = NOW()) land in one transaction.
Session revocation runs after commit because
invalidate_sessions is the single writer of revoked_at
(doctrine 22) and runs its own atomic statement; a transaction
boundary here keeps the password mutation isolated from the
session sweep.