pub async fn emergency_access(
db: &Db,
target_user_id: i64,
ttl_minutes: i64,
) -> Result<EmergencyAccessOutcome>Expand description
Issue a single-use password-reset URL bypassing the email
mailer. The URL plaintext is returned in
EmergencyAccessOutcome::Ok::url_path — the operator hands it
to the target via whatever out-of-band channel makes sense.
Reuses R1’s rustio_password_reset_tokens table: inserts a row
keyed by SHA-256(token), returns the plaintext token in the URL
path. The plaintext never lands in the DB; the token is single-
use per the R1 partial unique index on
(token_hash) WHERE consumed_at IS NULL.
ttl_minutes is clamped to [1, 60] — beyond 60 the operator
should use reset_password instead (longer TTLs widen the URL
interception window for diminishing operational benefit).
InactiveTarget is the only emergency operation that refuses
inactive users: issuing a URL to a deactivated account has no
recovery semantic.