OS Information

• coder --version:Coder v0.0.0-devel+d01a687

Steps to Reproduce

1. Have admin reset a user's password

Expected

User should be prompted to change the random string password set or be able to change it themselves.

Actual

They cannot change it, they must live with a random 16 character string as their password.

Logs

Screenshot

Admin password reset flow (only thing that exists currently):

Notes

I was very confident about not needing to build a user password change flow because I believed having an admin action was all we needed. This was short sighted, since there's no where to go after an admin resets the password. Even if the admin could set the password themselves (instead of it being random) it still would not work as a secure feature.

Also, the ideal long term solution is a temporary password flow like V1, but I don't think there's any reason we need to do that for CMVP.