[Bug]: "Resend welcome email" does not contain link to set initial password

[pReya]

⚠️ This issue respects the following points: ⚠️

• This is a bug, not a question or a configuration/webserver/proxy issue.
• This issue is not already reported on Github OR Nextcloud Community Forum (I've searched it).
• Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
• I agree to follow Nextcloud's Code of Conduct.

Bug description

If you create a new user in the UI and DON'T set a password, the user will receive a welcome E-Mail containing a button/link with the caption "Set your password" ("Setze dein Passwort" in German). It links to https://cloud.bla.de/lostpassword/reset/form/abcsomeToken123/MisterUsername.

However, when the admin triggers this E-Mail again via the "Resend welcome mail" button next to the user in the "Users" admin section, the second E-Mail will have different content: It will not contain the same button caption/link. Instead it will only have a link to the home page of the cloud – not to the password set/reset form.

Steps to reproduce

1. Create a new user via the Admin UI (don't set a password, just username and email)
2. User receives an e-mail with "Set your password" link (don't do it)
3. Resend the email with the "three dots" button next to the user entry
4. User receives another e-mail with a different content/no password set/reset link

Expected behavior

The second E-Mail should be identical to the first E-Mail

Installation method

Community Docker image

Nextcloud Server version

27

Operating system

Debian/Ubuntu

PHP engine version

PHP 8.2

Web server

Nginx

Database engine version

MariaDB

Is this bug present after an update or on a fresh install?

Fresh Nextcloud Server install

Are you using the Nextcloud Server Encryption module?

None

What user-backends are you using?

• Default user-backend (database)
• LDAP/ Active Directory
• SSO - SAML
• Other

Configuration report

No response

List of activated Apps

No response

Nextcloud Signing status

No response

Nextcloud Logs

No response

Additional info

No response

[joshtrichards]

Looks like the resend option defaults to excluding the password reset token, but when we add a user we first check to see if the password is empty. If it is, we include the password reset token. Seems we need to add the same check in the resend.

server/apps/provisioning_api/lib/Controller/UsersController.php

Line 1569 in 4828ac3

$emailTemplate = $this->newUserMailHelper->generateTemplate($targetUser, false);

server/apps/settings/lib/Mailer/NewUserMailHelper.php

Line 100 in 4828ac3

public function generateTemplate(IUser $user, $generatePasswordResetToken = false) {

server/apps/provisioning_api/lib/Controller/UsersController.php

Lines 482 to 500 in 4828ac3

	if ($password === '') {
	if ($email === '') {
	throw new OCSException('To send a password link to the user an email address is required.', 108);
	}
	$passwordEvent = new GenerateSecurePasswordEvent();
	$this->eventDispatcher->dispatchTyped($passwordEvent);
	$password = $passwordEvent->getPassword();
	if ($password === null) {
	// Fallback: ensure to pass password_policy in any case
	$password = $this->secureRandom->generate(10)
	. $this->secureRandom->generate(1, ISecureRandom::CHAR_UPPER)
	. $this->secureRandom->generate(1, ISecureRandom::CHAR_LOWER)
	. $this->secureRandom->generate(1, ISecureRandom::CHAR_DIGITS)
	. $this->secureRandom->generate(1, ISecureRandom::CHAR_SYMBOLS);
	}
	$generatePasswordResetToken = true;
	}

[ezhil56x]

I would like to work on this issue 🖐🏻. Can I get it assigned ?

[joshtrichards]

@ezhil56x No assignment necessary. Feel free to do so.

[ezhil56x]

@joshtrichards I have fixed this issue and created a PR on #41038 ⭐️