diff --git a/src/service/admin/mod.rs b/src/service/admin/mod.rs index 36bddfdd..49193368 100644 --- a/src/service/admin/mod.rs +++ b/src/service/admin/mod.rs @@ -703,19 +703,45 @@ impl Service { let new_password = utils::random_string(AUTO_GEN_PASSWORD_LENGTH); - Some( - match services() - .users - .set_password(&user_id, Some(new_password.as_str())) - { - Ok(()) => RoomMessageEventContent::text_plain(format!( - "Successfully reset the password for user {user_id}: {new_password}" - )), - Err(e) => RoomMessageEventContent::text_plain(format!( - "Couldn't reset the password for user {user_id}: {e}" - )), - }, - ) + if let Err(err) = services() + .users + .set_password(&user_id, Some(new_password.as_str())) + { + Some(RoomMessageEventContent::text_plain(format!( + "Couldn't reset the password for user {user_id}: {err}" + ))) + } else { + // Send the reset password message to the user, we + // need it's event id to delete it after 60s + let Some(sended_message_event_id) = services() + .admin + .send_message_with_result(&RoomMessageEventContent::text_plain(format!( + "Successfully reset the password for user {user_id}: {new_password} (This message will be deleted after 60s)" + ))) + .await? + else { + return Ok(None); + }; + + // Delete the message after 60s because it's contain a plain password + // and the admin room are not encrypted + tokio::spawn(async move { + tokio::time::sleep(tokio::time::Duration::from_secs(60)).await; + if let Err(err) = services() + .admin + .delete_user_message( + sended_message_event_id.as_ref(), + Some("Message contained a plaintext password"), + ) + .await + { + tracing::warn!( + "Couldn't delete message containing a plaintext password {err}" + ) + } + }); + None + } } AdminCommand::CreateUser { username, password } => { let is_auto_generated_password = password.is_none();