Feature: Admin v2 - reset team member passwords

[KevinMulhern]

Because:

• When an Admin team member forgets their password, I want to be able to send them a password reset email, so they can regain access to their account.
• Closes: https://github.com/TheOdinProject/theodinproject/issues/4588

This commit

• Adds a drop down menu to admin team member items
• Adds a reset password option to the menu
• Adds Devise's reset password instructions mailer template and tweaks it for TOP admins
• Blocks access to the new and create devise password actions for all users

[Asartea]

This might just be an unfortunate result from the review app not having an email provider, but clicking the button on the review app tries to POST to https://odin-review-app-pr-4590.herokuapp.com/admin_v2/team_members/1/password_resets and then returns a 500 Testing locally - this is definitely caused by something in the review app; works fine on localhost

[Asartea]

Testing locally:

• Button shows up:
• Clicking it shows a success message
• Letter opener shows a new email sent to the correct address and with the right message:
• Opening the rest password link in a new incognito tab shows the password reset form:
• ❌ Attempting to submit a new password gives no visual feedback, and examining the network tab shows an HTTP 402 error:

  
  POST: http://localhost:3000/admin_v2/password
  Status: 422 Unprocessable Content

Request data: _method "put" authenticity_token "C7ETjvK4bY19EUWBYLv_zp9waXgvgodwKho7uJ07cIE56nncTeZlXlsHGZuKjsC54TQntHDs3YdRPZmeIcujsQ" admin_user[reset_password_token] "vgsHmpEY8q6x8XEUp_7R" admin_user[password] "testpassword123" admin_user[password_confirmation] "testpassword123" commit "Change+my+password"

[KevinMulhern]

Thanks for the feedback @Asartea 💪

I've not been able to reproduce the 422 with those steps so far. I've tried with pending/active users, different combos of passwords and deliberately failing validations and then entering a valid password. Is there anything else you can think of that you did different?

[KevinMulhern]

I think I've found it. 422 responses happen when the password reset token is no longer valid. I've been able to reproduce that in a couple of ways:

• Trying to reuse a password reset link after already using it successfully
• Requesting a second password reset link and then trying to use the first - the second request renders the first password reset token invalid.

It's somewhat of an edgecase. But you're right, we should provide feedback when it happens. I've updated the branch to include an error message.

Great spot 🚀

[KevinMulhern]

Note: This can't be tested on the review app but can be tested locally. We don't have an email provider available on review apps.

Steps for QA:

1. Log into admin v2 - admin@odin.com, password123
2. Invite a new team member
3. Click the ellipsis menu on the new team member
4. Click the "Send password reset email" option
5. Open the password reset link in an incognito window
6. Choose a new password
7. You should be logged in and redirected to the admin v2 dashboard as the new team member

[Asartea]

I think I've found it. 422 responses happen when the password reset token is no longer valid. I've been able to reproduce that in a couple of ways:

Yeah, it was probably one of these.

QA

1. works as expected
2. 
3. 
4. 
5. 
6. (and 7)

Trying to submit two different passwords:

And just to check the previous issue:

Overall: LGTM :rocket: