Enhance password reset logic in MemberActionsService (#20504)

JaredScar · web-flow · commit 0afbe942e82c · 2026-05-07T11:21:01.000-04:00
* Update allowResetPassword method to permit password resets for users with an Accepted status when AdminResetTwoFactor is enabled.
* Add unit tests to verify behavior for password reset permissions based on user status and AdminResetTwoFactor settings.
diff --git a/apps/web/src/app/admin-console/organizations/members/services/member-actions/member-actions.service.spec.ts b/apps/web/src/app/admin-console/organizations/members/services/member-actions/member-actions.service.spec.ts
@@ -791,6 +791,33 @@ describe("MemberActionsService", () => {
       expect(result).toBe(false);
     });
 
+    it("should allow reset password when user status is accepted and AdminResetTwoFactor is enabled", () => {
+      const user = {
+        ...mockOrgUser,
+        status: OrganizationUserStatusType.Accepted,
+      } as OrganizationUserView;
+
+      const result = service.allowResetPassword(user, mockOrganization, resetPasswordEnabled, true);
+
+      expect(result).toBe(true);
+    });
+
+    it("should not allow reset password when user status is accepted and AdminResetTwoFactor is disabled", () => {
+      const user = {
+        ...mockOrgUser,
+        status: OrganizationUserStatusType.Accepted,
+      } as OrganizationUserView;
+
+      const result = service.allowResetPassword(
+        user,
+        mockOrganization,
+        resetPasswordEnabled,
+        false,
+      );
+
+      expect(result).toBe(false);
+    });
+
     it("should not allow reset password when user status is invited", () => {
       const user = {
         ...mockOrgUser,
diff --git a/apps/web/src/app/admin-console/organizations/members/services/member-actions/member-actions.service.ts b/apps/web/src/app/admin-console/organizations/members/services/member-actions/member-actions.service.ts
@@ -235,7 +235,8 @@ export class MemberActionsService {
 
     const statusAllowed =
       orgUser.status === OrganizationUserStatusType.Confirmed ||
-      (adminResetTwoFactorEnabled && orgUser.status === OrganizationUserStatusType.Revoked);
+      (adminResetTwoFactorEnabled && orgUser.status === OrganizationUserStatusType.Revoked) ||
+      (adminResetTwoFactorEnabled && orgUser.status === OrganizationUserStatusType.Accepted);
 
     return (
       organization.canManageUsersPassword &&
