Admin Password Reset
Overview Description
The Admin Password Reset feature allows administrators to regain access to their accounts when they forget their passwords. This process involves requesting a password reset link, receiving an email with a secured token, and using that token to set a new password. The system ensures security by generating time-limited tokens, validating email ownership, and requiring the creation of a new secure password that meets system requirements. This feature is specifically tailored for administrative accounts with elevated privileges.
Activity Diagram
---
config:
theme: base
layout: dagre
flowchart:
curve: linear
htmlLabels: true
themeVariables:
edgeLabelBackground: "transparent"
---
flowchart TD
%% Main components
AdminUser[Admin User]
Firebase((Firebase Auth))
%% Process steps with numbering
AdminUser --- Step1[
<div style='text-align: center'>
<span style='display: inline-block; background-color: #6699cc !important; color:white; width: 28px; height: 28px; line-height: 28px; border-radius: 50%; font-weight: bold'>1</span>
<p style='margin-top: 8px'>Request Reset</p>
</div>
]
Step1 --> SubmitRequest[Submit Email and URL]
SubmitRequest --- Step2[
<div style='text-align: center'>
<span style='display: inline-block; background-color: #6699cc !important; color:white; width: 28px; height: 28px; line-height: 28px; border-radius: 50%; font-weight: bold'>2</span>
<p style='margin-top: 8px'>Validate</p>
</div>
]
Step2 --> ValidateRequest[Validate Request]
ValidateRequest --- Step3[
<div style='text-align: center'>
<span style='display: inline-block; background-color: #6699cc !important; color:white; width: 28px; height: 28px; line-height: 28px; border-radius: 50%; font-weight: bold'>3</span>
<p style='margin-top: 8px'>Check Data</p>
</div>
]
Step3 --> DataCheck{Valid Data?}
DataCheck -->|No| Step4A[
<div style='text-align: center'>
<span style='display: inline-block; background-color: #cc6666 !important; color:white; width: 28px; height: 28px; line-height: 28px; border-radius: 50%; font-weight: bold'>4A</span>
<p style='margin-top: 8px'>Return Error</p>
</div>
]
Step4A --> ReturnError[Return Error]
DataCheck -->|Yes| Step4B[
<div style='text-align: center'>
<span style='display: inline-block; background-color: #6699cc !important; color:white; width: 28px; height: 28px; line-height: 28px; border-radius: 50%; font-weight: bold'>4B</span>
<p style='margin-top: 8px'>Process</p>
</div>
]
Step4B --> ProcessRequest[Process Reset Request]
ProcessRequest --> Firebase
Firebase --- Step5[
<div style='text-align: center'>
<span style='display: inline-block; background-color: #6699cc !important; color:white; width: 28px; height: 28px; line-height: 28px; border-radius: 50%; font-weight: bold'>5</span>
<p style='margin-top: 8px'>Send Email</p>
</div>
]
Step5 --> SendEmail[Send Reset Email]
SendEmail --- Step6[
<div style='text-align: center'>
<span style='display: inline-block; background-color: #6699cc !important; color:white; width: 28px; height: 28px; line-height: 28px; border-radius: 50%; font-weight: bold'>6</span>
<p style='margin-top: 8px'>Check Status</p>
</div>
]
Step6 --> EmailCheck{Email Sent?}
EmailCheck -->|No| Step7A[
<div style='text-align: center'>
<span style='display: inline-block; background-color: #cc6666 !important; color:white; width: 28px; height: 28px; line-height: 28px; border-radius: 50%; font-weight: bold'>7A</span>
<p style='margin-top: 8px'>Return Error</p>
</div>
]
Step7A --> ReturnError
EmailCheck -->|Yes| Step7B[
<div style='text-align: center'>
<span style='display: inline-block; background-color: #6699cc !important; color:white; width: 28px; height: 28px; line-height: 28px; border-radius: 50%; font-weight: bold'>7B</span>
<p style='margin-top: 8px'>Return Success</p>
</div>
]
Step7B --> ReturnSuccess[Return Success]
ReturnSuccess --- Step8[
<div style='text-align: center'>
<span style='display: inline-block; background-color: #6699cc !important; color:white; width: 28px; height: 28px; line-height: 28px; border-radius: 50%; font-weight: bold'>8</span>
<p style='margin-top: 8px'>Receive Email</p>
</div>
]
Step8 --> ReceiveEmail[Admin Receives Email]
ReceiveEmail --- Step9[
<div style='text-align: center'>
<span style='display: inline-block; background-color: #6699cc !important; color:white; width: 28px; height: 28px; line-height: 28px; border-radius: 50%; font-weight: bold'>9</span>
<p style='margin-top: 8px'>Click Link</p>
</div>
]
Step9 --> ClickLink[Click Reset Link]
ClickLink --- Step10[
<div style='text-align: center'>
<span style='display: inline-block; background-color: #6699cc !important; color:white; width: 28px; height: 28px; line-height: 28px; border-radius: 50%; font-weight: bold'>10</span>
<p style='margin-top: 8px'>Set Password</p>
</div>
]
Step10 --> SetPassword[Set New Password]
SetPassword --- Step11[
<div style='text-align: center'>
<span style='display: inline-block; background-color: #6699cc !important; color:white; width: 28px; height: 28px; line-height: 28px; border-radius: 50%; font-weight: bold'>11</span>
<p style='margin-top: 8px'>Login</p>
</div>
]
Step11 --> AdminLogin[Admin Login]
%% Styling
style AdminUser fill:#e6f3ff,stroke:#0066cc,stroke-width:2px
style SubmitRequest fill:#f0f8e6,stroke:#339933,stroke-width:2px
style ValidateRequest fill:#f0f8e6,stroke:#339933,stroke-width:2px
style DataCheck fill:#f5f0ff,stroke:#9966cc,stroke-width:2px
style ProcessRequest fill:#f0f8e6,stroke:#339933,stroke-width:2px
style SendEmail fill:#f0f8e6,stroke:#339933,stroke-width:2px
style EmailCheck fill:#f5f0ff,stroke:#9966cc,stroke-width:2px
style ReturnSuccess fill:#f0f8e6,stroke:#339933,stroke-width:2px
style ReceiveEmail fill:#f0f8e6,stroke:#339933,stroke-width:2px
style ClickLink fill:#f0f8e6,stroke:#339933,stroke-width:2px
style SetPassword fill:#f0f8e6,stroke:#339933,stroke-width:2px
style AdminLogin fill:#f0f8e6,stroke:#339933,stroke-width:2px
style ReturnError fill:#fcd9d9,stroke:#cc3333,stroke-width:2px
style Firebase fill:#fcd9d9,stroke:#cc3333,stroke-width:2px
style Step1 fill:transparent,stroke:transparent,stroke-width:1px
style Step2 fill:transparent,stroke:transparent,stroke-width:1px
style Step3 fill:transparent,stroke:transparent,stroke-width:1px
style Step4A fill:transparent,stroke:transparent,stroke-width:1px
style Step4B fill:transparent,stroke:transparent,stroke-width:1px
style Step5 fill:transparent,stroke:transparent,stroke-width:1px
style Step6 fill:transparent,stroke:transparent,stroke-width:1px
style Step7A fill:transparent,stroke:transparent,stroke-width:1px
style Step7B fill:transparent,stroke:transparent,stroke-width:1px
style Step8 fill:transparent,stroke:transparent,stroke-width:1px
style Step9 fill:transparent,stroke:transparent,stroke-width:1px
style Step10 fill:transparent,stroke:transparent,stroke-width:1px
style Step11 fill:transparent,stroke:transparent,stroke-width:1px
API: Admin Password Reset API
Case Documentation
Case 1: Request Password Reset
Description
Administrator requests a password reset link by providing their email address.
Sequence Diagram
sequenceDiagram
participant Admin
participant API as ForgotPasswordController
participant Service as AuthService
participant Firebase as FirebaseService
Note over Admin,API: Step 1: Submit Reset Request
Admin->>API: POST /api/v1/admin/auth/forgot (with email and URL)
Note over API,Service: Step 2: Extract and Validate
API->>API: Extract email and URL
Note over API,Service: Step 3: Send Reset Email
API->>Service: sendResetPassEmail(email, url)
Service->>Service: Check user exists and status
Service->>Firebase: sendMailWithActionLink(email, url)
Firebase-->>Service: Email sent status
Note over API,Admin: Step 4: Return Response
API-->>Admin: 200 OK with success message
Steps
Step 1: Submit Reset Request
- Description: Administrator submits email address for password reset
- Request:
POST /api/v1/admin/auth/forgot - Body Parameters:
- email: Administrator's registered email address
- url: Client-side URL for password reset form
- Validation:
- Email format validation
- Required fields validation
Step 2: Extract and Validate
- Description: Controller extracts and validates request data
- Action:
- Validate email format
- Validate URL format and security
- Extract values for processing
Step 3: Send Reset Email
- Description: System processes reset request and sends email
- Action:
- Check if user exists and is active
- Call Firebase service to send reset email
- Handle any errors during the process
Step 4: Return Response
- Description: Inform administrator of email delivery status
- Response:
- Success:
200 OKwith success message - Error: Appropriate error code with message
- Success:
Database Related Tables & Fields
erDiagram
users {
id bigint "Primary key"
name string "User's full name"
email string "User's email address (unique)"
uid string "Firebase UID (unique)"
payment_provider_customer_id string "Payment provider customer ID (nullable)"
status int "Account status (0: Inactive, 1: Active)"
is_first_login int "First login flag (0: not yet, 1: logged in)"
remember_token string "Remember token"
created_at timestamp "Record creation timestamp"
updated_at timestamp "Record last update timestamp"
deleted_at timestamp "Soft delete timestamp"
}
admin_roles {
id bigint "Primary key"
name string "Role name"
slug string "Role slug"
created_at timestamp "Record creation timestamp"
updated_at timestamp "Record last update timestamp"
}
admin_role_user {
admin_role_id bigint "Reference to admin_roles table"
user_id bigint "Reference to users table"
created_at timestamp "Record creation timestamp"
updated_at timestamp "Record last update timestamp"
}
users ||--o{ admin_role_user : has
admin_roles ||--o{ admin_role_user : has
Error Handling
-
Log
- Email sending failures logged
- User validation issues recorded
-
Error Detail:
Status Code Error Message Description 400 "メールアドレスが見つかりません。" When email not found 400 "メールの送信に失敗しました。" When email sending fails 400 "問題が発生しました。申し訳ございませんが、もう一度お試しください。" When unexpected errors occur
Case 2: Reset Password with Token
Description
Administrator resets their password using the token received via email.
Sequence Diagram
sequenceDiagram
participant Admin
participant API as ResetPasswordController
participant Service as AuthService
participant Firebase
Admin->>API: POST /api/v1/admin/auth/reset-password
API->>Service: resetPassword(token, email, password)
Service->>Firebase: updatePassword(email, password)
Firebase-->>Service: Password update status
Service-->>API: Reset result
API-->>Admin: 200 OK with success message
Steps
Step 1: Submit Reset Form
- Description: Administrator submits new password with reset token
- Request:
POST /api/v1/admin/auth/reset-password - Body Parameters:
- token: Reset token from email
- email: Administrator's email address
- password: New password
- password_confirmation: Password confirmation
- Validation:
- Token presence and format
- Password strength and confirmation
- Email match with token
Step 2: Update Password
- Description: Set new administrator password
- Action:
- Update password in Firebase authentication
- Apply password hashing according to security standards
Step 3: Return Response
- Description: Inform administrator of password reset success
- Response:
- Success:
200 OKwith success message - Error: Appropriate error code with detailed message
- Success:
Additional Notes
- Reset tokens expire after a configurable time period (typically 60 minutes)
- The system prevents token reuse by deleting tokens after successful password reset
- Password requirements may be stricter for administrative accounts
- The reset URL is provided by the client application to enable different front-end implementations
- Additional security measures may be in place for administrative password resets compared to regular users