feat(admin-room): Delete the reset user password message after 60s

Reported-by: Matthias Ahouansou <matthias@ahouansou.cz> Helped-by: Matthias Ahouansou <matthias@ahouansou.cz> Related-to: https://gitlab.com/famedly/conduit/-/issues/432 Signed-off-by: Awiteb <a@4rs.nl>
2025-06-27 16:35:59 +00:00 · 2024-04-14 19:13:56 +03:00 · 2024-04-14 19:13:56 +03:00 · 3e4d85fcee
commit 3e4d85fcee
parent a5e785fa6c
1 changed files with 39 additions and 13 deletions
--- a/src/service/admin/mod.rs
+++ b/src/service/admin/mod.rs
@ -703,19 +703,45 @@ impl Service {
                let new_password = utils::random_string(AUTO_GEN_PASSWORD_LENGTH);
-                Some(
+                if let Err(err) = services()
-                    match services()
+                    .users
-                        .users
+                    .set_password(&user_id, Some(new_password.as_str()))
-                        .set_password(&user_id, Some(new_password.as_str()))
+                {
-                    {
+                    Some(RoomMessageEventContent::text_plain(format!(
-                        Ok(()) => RoomMessageEventContent::text_plain(format!(
+                        "Couldn't reset the password for user {user_id}: {err}"
-                            "Successfully reset the password for user {user_id}: {new_password}"
+                    )))
-                        )),
+                } else {
-                        Err(e) => RoomMessageEventContent::text_plain(format!(
+                    // Send the reset password  message to the user, we
-                            "Couldn't reset the password for user {user_id}: {e}"
+                    // need it's event id to delete it after 60s
-                        )),
+                    let Some(sended_message_event_id) = services()
-                    },
+                        .admin
-                )
+                        .send_message_with_result(&RoomMessageEventContent::text_plain(format!(
                            "Successfully reset the password for user {user_id}: {new_password} (This message will be deleted after 60s)"
                        )))
                        .await?
                    else {
                        return Ok(None);
                    };
                    // Delete the message after 60s because it's contain a plain password
                    // and the admin room are not encrypted
                    tokio::spawn(async move {
                        tokio::time::sleep(tokio::time::Duration::from_secs(60)).await;
                        if let Err(err) = services()
                            .admin
                            .delete_user_message(
                                sended_message_event_id.as_ref(),
                                Some("Message contained a plaintext password"),
                            )
                            .await
                        {
                            tracing::warn!(
                                "Couldn't delete message containing a plaintext password {err}"
                            )
                        }
                    });
                    None
                }
            }
            AdminCommand::CreateUser { username, password } => {
                let is_auto_generated_password = password.is_none();