From ca455af9db135e32167f86de7bf3727efc7e0005 Mon Sep 17 00:00:00 2001
From: fuwx <f2928560492@163.com>
Date: Fri, 14 Mar 2025 09:57:22 +0800
Subject: [PATCH] add reset password

---
 api/controllers/console/workspace/account.py | 19 +++++++++++++++++++
 api/services/account_service.py              | 18 ++++++++++++++++++
 2 files changed, 37 insertions(+)

diff --git a/api/controllers/console/workspace/account.py b/api/controllers/console/workspace/account.py
index accb99cdfe..1570fb291a 100644
--- a/api/controllers/console/workspace/account.py
+++ b/api/controllers/console/workspace/account.py
@@ -215,6 +215,24 @@ class APOAccountPasswordApi(Resource):
         return {"result": "success"}
 
 
+class APOAccountResetPasswordApi(Resource):
+    def post(self):
+        parser = reqparse.RequestParser()
+        parser.add_argument("username", type=str, required=True, location="json")
+        parser.add_argument("new_password", type=str, required=True, location="json")
+        args = parser.parse_args()
+
+        current_user = AccountService.get_user_through_email(args["username"]+"@apo.com")
+        if not current_user:
+            return {"result": "failed", "message": "Account not found"}
+
+        try:
+            AccountService.apo_reset_account_password(current_user, args["new_password"])
+        except ServiceCurrentPasswordIncorrectError:
+            return {"result": "failed", "message": "Current password incorrect"}
+
+        return {"result": "success"}
+
 class AccountIntegrateApi(Resource):
     integrate_fields = {
         "provider": fields.String,
@@ -325,6 +343,7 @@ api.add_resource(AccountInterfaceThemeApi, "/account/interface-theme")
 api.add_resource(AccountTimezoneApi, "/account/timezone")
 api.add_resource(AccountPasswordApi, "/account/password")
 api.add_resource(APOAccountPasswordApi, "/apo/account/password")
+api.add_resource(APOAccountResetPasswordApi, "/apo/account/reset-password")
 api.add_resource(AccountIntegrateApi, "/account/integrates")
 api.add_resource(AccountDeleteVerifyApi, "/account/delete/verify")
 api.add_resource(AccountDeleteApi, "/account/delete")
diff --git a/api/services/account_service.py b/api/services/account_service.py
index 69d9f49696..664719c060 100644
--- a/api/services/account_service.py
+++ b/api/services/account_service.py
@@ -194,6 +194,24 @@ class AccountService:
         account.password_salt = base64_salt
         db.session.commit()
         return account
+    
+    @staticmethod
+    def apo_reset_account_password(account, new_password):
+        """reset account password"""
+        # may be raised
+        valid_password(new_password)
+
+        # generate password salt
+        salt = secrets.token_bytes(16)
+        base64_salt = base64.b64encode(salt).decode()
+
+        # encrypt password with salt
+        password_hashed = hash_password(new_password, salt)
+        base64_password_hashed = base64.b64encode(password_hashed).decode()
+        account.password = base64_password_hashed
+        account.password_salt = base64_salt
+        db.session.commit()
+        return account
 
     @staticmethod
     def create_account(