TourmalineCore · akovylyaeva · Nov 19, 2025 · Nov 1, 2025 · Nov 5, 2025 · Nov 11, 2025
diff --git a/Api/Controllers/UsersController.cs b/Api/Controllers/UsersController.cs
@@ -52,6 +52,14 @@ public async Task<ActionResult> DeleteUserAsync([FromBody] DeletionModel deletio
             }
         }
 
+        [Authorize]
+        [RequiresPermission(UserClaimsProvider.AUTO_TESTS_ONLY_IsSetUserPasswordBypassingEmailConfirmationAllowed)]
+        [HttpPost("set-password")]
+        public Task SetPassword([FromBody] PasswordSetModel passwordSetModel)
+        {
+            return _usersService.SetPasswordBypassingEmailConfirmationAsync(passwordSetModel);
+        }
+
         [HttpPost("reset")]
         public Task RegisterUser([FromQuery] string corporateEmail)
         {

diff --git a/Api/Services/Models/PasswordSetModel.cs b/Api/Services/Models/PasswordSetModel.cs
@@ -0,0 +1,8 @@
+namespace Api.Services.Models;
+
+public readonly struct PasswordSetModel
+{
+    public string CorporateEmail { get; init; }
+
+    public string NewPassword { get; init; }
+}
diff --git a/Api/Services/UsersService.cs b/Api/Services/UsersService.cs
@@ -92,7 +92,7 @@ public async Task ResetPasswordAsync(string corporateEmail)
             var user = await _findUserQuery.FindUserByCorporateEmailAsync(corporateEmail);
             if (user == null)
             {
-                throw new NullReferenceException("User doesn't exists");
+                throw new NullReferenceException("User doesn't exist");
             }
 
             var resetToken = await _userManager.GeneratePasswordResetTokenAsync(user);
@@ -126,5 +126,19 @@ public async Task ChangePasswordAsync(PasswordChangeModel passwordChangeModel)
             await _userManager.ResetPasswordAsync(user, passwordChangeModel.PasswordResetToken,
                 passwordChangeModel.NewPassword);
         }
+
+        public async Task SetPasswordBypassingEmailConfirmationAsync(PasswordSetModel passwordSetModel)
+        {
+            var user = await _findUserQuery.FindUserByCorporateEmailAsync(passwordSetModel.CorporateEmail);
+
+            if (user == null)
+            {
+                throw new NullReferenceException($"User with the corporate email [{passwordSetModel.CorporateEmail}] doesn't exist");
+            }
+
+            var resetToken = await _userManager.GeneratePasswordResetTokenAsync(user);
+
+            await _userManager.ResetPasswordAsync(user, resetToken, passwordSetModel.NewPassword);
+        }
     }
 }
diff --git a/Api/UserClaimsProvider.cs b/Api/UserClaimsProvider.cs
@@ -11,6 +11,8 @@ public class UserClaimsProvider : IUserClaimsProvider
 
     public const string IsAccountsHardDeleteAllowed = "IsAccountsHardDeleteAllowed";
 
+    public const string AUTO_TESTS_ONLY_IsSetUserPasswordBypassingEmailConfirmationAllowed = "AUTO_TESTS_ONLY_IsSetUserPasswordBypassingEmailConfirmationAllowed";
+
     public Task<List<Claim>> GetUserClaimsAsync(string login)
     {
         throw new NotImplementedException();

diff --git a/e2e/KarateDockerfile b/e2e/KarateDockerfile
@@ -1,11 +1,11 @@
-FROM openjdk:11-jre-slim
+FROM eclipse-temurin:17-jre-noble
 
 RUN apt-get update && apt-get install -y curl
 
 RUN apt-get install -y unzip
 
-RUN curl -o /karate.jar -L 'https://github.com/intuit/karate/releases/download/v1.4.1/karate-1.4.1.jar'
+RUN curl -o /karate.jar -L 'https://github.com/intuit/karate/releases/download/v1.5.1/karate-1.5.1.jar'
 
 COPY ./e2e/js-utils.js .
 
-ENTRYPOINT ["java", "-jar", "karate.jar"]
+ENTRYPOINT ["java", "-jar", "karate.jar"]