Bug 30611: Add ability for staff to send password reset emails

This patch adds the ability for staff with the edit_borrowers permission
to send password reset emails to users.

The staff initiated password reset has it's own notice,
STAFF_PASSWORD_RESET, and the reset link produced has an extended
timeout of 5 days, as apposed to the usual 2 day limit.

Test plan
1) Apply patch and run the database update
2) Login to the staff client with a user who has the 'edit_borrowers'
   permission.
3) Note that a new, 'Send password reset' option appears under the
   'More' menu on the patron details page.
4) Clicking the button will queue the STAFF_PASSWORD_RESET notice and
   redirect the user to the Notices tab.

Signed-off-by: Sally <sally.healey@cheshiresharedservices.gov.uk>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>

Koha/Patron/Password/Recovery.pm

@@ -104,6 +104,7 @@ sub SendPasswordRecoveryEmail {
     my $borrower  = shift;    # Koha::Patron
     my $userEmail = shift;    #to_address (the one specified in the request)
     my $update    = shift;
+    my $staff     = shift // 0;
 
     my $schema = Koha::Database->new->schema;
 
@@ -114,8 +115,9 @@ sub SendPasswordRecoveryEmail {
     } while ( substr ( $uuid_str, -1, 1 ) eq '.' );
 
     # insert into database
+    my $days = $staff ? 5 : 2;
     my $expirydate =
-      dt_from_string()->add( days => 2 );
+      dt_from_string()->add( days => $days );
     if ($update) {
         my $rs =
           $schema->resultset('BorrowerPasswordRecovery')
@@ -141,7 +143,7 @@ sub SendPasswordRecoveryEmail {
     # prepare the email
     my $letter = C4::Letters::GetPreparedLetter(
         module      => 'members',
-        letter_code => 'PASSWORD_RESET',
+        letter_code => $staff ? 'STAFF_PASSWORD_RESET' : 'PASSWORD_RESET',
         branchcode  => $borrower->branchcode,
         lang        => $borrower->lang,
         substitute =>

koha-tmpl/intranet-tmpl/prog/en/includes/members-toolbar.inc

@@ -72,6 +72,10 @@
                     <li><a id="sendwelcome" href="/cgi-bin/koha/members/notices.pl?borrowernumber=[% patron.borrowernumber | uri %]&op=send_welcome">Send welcome email</a></li>
                 [% END %]
 
+                [% IF CAN_user_borrowers_edit_borrowers %]
+                    <li><a id="resetpassword" href="/cgi-bin/koha/members/notices.pl?borrowernumber=[% patron.borrowernumber | uri %]&op=send_password_reset">Send password reset</a></li>
+                [% END %]
+
                 [% IF CAN_user_borrowers_delete_borrowers %]
                     <li><a id="deletepatron" href="#">Delete</a></li>
                 [% ELSE %]

members/notices.pl

@@ -27,6 +27,7 @@ use C4::Members;
 use C4::Letters qw( GetPreparedLetter EnqueueLetter );
 use Koha::Patrons;
 use Koha::Patron::Categories;
+use Koha::Patron::Password::Recovery qw( SendPasswordRecoveryEmail ValidateBorrowernumber );
 
 my $input=CGI->new;
 
@@ -93,6 +94,24 @@ if ( $op eq 'send_welcome' ) {
     print $input->redirect("/cgi-bin/koha/members/notices.pl?borrowernumber=$borrowernumber");
 }
 
+if ( $op eq 'send_password_reset' ) {
+
+    my $emailaddr = $patron->notice_email_address;
+
+    if ($emailaddr) {
+
+        # check if there's already a recovery in process
+        my $update = ValidateBorrowernumber( $patron->borrowernumber );
+
+        # send staff initiated password recovery
+        SendPasswordRecoveryEmail( $patron, $emailaddr, $update, 1 );
+    }
+
+    # redirect to self to avoid form submission on refresh
+    print $input->redirect(
+        "/cgi-bin/koha/members/notices.pl?borrowernumber=$borrowernumber");
+}
+
 # Getting the messages
 my $queued_messages = C4::Letters::GetQueuedMessages({borrowernumber => $borrowernumber});