From 810308c4790076e2e42162229120cb832b5c2962 Mon Sep 17 00:00:00 2001
From: Gus Brodman <gbrodman@google.com>
Date: Thu, 11 Sep 2025 12:54:49 -0400
Subject: [PATCH] Enable password reset for non-admins

Tested EPP password and registry lock password using the CharlestonRoad
registrar entity and the emails look simple and effective.
---
 .../settings/security/eppPasswordEdit.component.html   |  2 --
 .../src/app/users/userEditForm.component.html          |  2 --
 .../ui/server/console/PasswordResetRequestAction.java  |  4 ----
 .../ui/server/console/PasswordResetVerifyAction.java   | 10 ----------
 4 files changed, 18 deletions(-)

diff --git a/console-webapp/src/app/settings/security/eppPasswordEdit.component.html b/console-webapp/src/app/settings/security/eppPasswordEdit.component.html
index 93908ca51d4..62b175669a9 100644
--- a/console-webapp/src/app/settings/security/eppPasswordEdit.component.html
+++ b/console-webapp/src/app/settings/security/eppPasswordEdit.component.html
@@ -21,7 +21,6 @@ <h1>Update EPP password</h1>
     [formGroup]="passwordUpdateForm"
     (submitResults)="save($event)"
   />
-  @if(userDataService.userData()?.isAdmin) {
   <div class="settings-security__reset-password-field">
     <h2>Need to reset your EPP password?</h2>
     <button
@@ -33,5 +32,4 @@ <h2>Need to reset your EPP password?</h2>
       Reset EPP password via email
     </button>
   </div>
-  }
 </div>
diff --git a/console-webapp/src/app/users/userEditForm.component.html b/console-webapp/src/app/users/userEditForm.component.html
index 0b1aab4b3d3..3f4eb43db5e 100644
--- a/console-webapp/src/app/users/userEditForm.component.html
+++ b/console-webapp/src/app/users/userEditForm.component.html
@@ -44,7 +44,6 @@
       Save
     </button>
   </form>
-  @if(userDataService.userData()?.isAdmin) {
   <button
     mat-flat-button
     color="primary"
@@ -53,5 +52,4 @@
   >
     Reset registry lock password
   </button>
-  }
 </div>
diff --git a/core/src/main/java/google/registry/ui/server/console/PasswordResetRequestAction.java b/core/src/main/java/google/registry/ui/server/console/PasswordResetRequestAction.java
index 7ee27e4e4dc..63fe80de948 100644
--- a/core/src/main/java/google/registry/ui/server/console/PasswordResetRequestAction.java
+++ b/core/src/main/java/google/registry/ui/server/console/PasswordResetRequestAction.java
@@ -62,10 +62,6 @@ public PasswordResetRequestAction(
 
   @Override
   protected void postHandler(User user) {
-    // Temporary flag when testing email sending etc
-    if (!user.getUserRoles().isAdmin()) {
-      setFailedResponse("", HttpServletResponse.SC_FORBIDDEN);
-    }
     tm().transact(() -> performRequest(user));
     consoleApiParams.response().setStatus(HttpServletResponse.SC_OK);
   }
diff --git a/core/src/main/java/google/registry/ui/server/console/PasswordResetVerifyAction.java b/core/src/main/java/google/registry/ui/server/console/PasswordResetVerifyAction.java
index 32b21c1bdbd..c492a938192 100644
--- a/core/src/main/java/google/registry/ui/server/console/PasswordResetVerifyAction.java
+++ b/core/src/main/java/google/registry/ui/server/console/PasswordResetVerifyAction.java
@@ -60,11 +60,6 @@ public PasswordResetVerifyAction(
 
   @Override
   protected void getHandler(User user) {
-    // Temporary flag when testing email sending etc
-    if (!user.getUserRoles().isAdmin()) {
-      setFailedResponse("", HttpServletResponse.SC_FORBIDDEN);
-      return;
-    }
     PasswordResetRequest request = tm().transact(() -> loadAndValidateResetRequest(user));
     ImmutableMap<String, ?> result =
         ImmutableMap.of("type", request.getType(), "registrarId", request.getRegistrarId());
@@ -74,11 +69,6 @@ protected void getHandler(User user) {
 
   @Override
   protected void postHandler(User user) {
-    // Temporary flag when testing email sending etc
-    if (!user.getUserRoles().isAdmin()) {
-      setFailedResponse("", HttpServletResponse.SC_FORBIDDEN);
-      return;
-    }
     checkArgument(!Strings.isNullOrEmpty(newPassword.orElse(null)), "Password must be provided");
     tm().transact(
             () -> {