From 6885bf8a642bdd0cec52a9c351400d3a3571ee4d Mon Sep 17 00:00:00 2001
From: AarDG10 <aarol.dsouza@gmail.com>
Date: Mon, 9 Mar 2026 12:08:08 +0530
Subject: [PATCH] refactor: return link only when used internally

Restrict _reset_password() for internal use. Return link when used as an internal func, whitelisted method to be used otherwise, when resetting password.

Co-authored-by: Ankush Menat <ankushmenat@gmail.com>
---
 frappe/auth.py                        | 4 +++-
 frappe/core/api/user_invitation.py    | 2 +-
 frappe/core/doctype/user/test_user.py | 2 +-
 frappe/core/doctype/user/user.py      | 6 +++---
 4 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/frappe/auth.py b/frappe/auth.py
index 1658930317..d4a0dae4a0 100644
--- a/frappe/auth.py
+++ b/frappe/auth.py
@@ -155,7 +155,9 @@ class LoginManager:
 		self.authenticate(user=user, pwd=pwd)
 		if self.force_user_to_reset_password():
 			doc = frappe.get_doc("User", self.user)
-			frappe.local.response["redirect_to"] = doc.reset_password(send_email=False, password_expired=True)
+			frappe.local.response["redirect_to"] = doc._reset_password(
+				send_email=False, password_expired=True
+			)
 			frappe.local.response["message"] = "Password Reset"
 			return False
 
diff --git a/frappe/core/api/user_invitation.py b/frappe/core/api/user_invitation.py
index 7ca304b046..619b8e1af8 100644
--- a/frappe/core/api/user_invitation.py
+++ b/frappe/core/api/user_invitation.py
@@ -126,7 +126,7 @@ def _accept_invitation(key: str, in_test: bool) -> None:
 	# set redirect_to
 	redirect_to = frappe.utils.get_url(invitation.get_redirect_to_path())
 	if should_update_password:
-		redirect_to = f"{user.reset_password()}&redirect_to=/{invitation.get_redirect_to_path()}"
+		redirect_to = f"{user._reset_password()}&redirect_to=/{invitation.get_redirect_to_path()}"
 
 	# GET requests do not cause an implicit commit
 	frappe.db.commit()  # nosemgrep
diff --git a/frappe/core/doctype/user/test_user.py b/frappe/core/doctype/user/test_user.py
index aa7c182b00..691c8235a1 100644
--- a/frappe/core/doctype/user/test_user.py
+++ b/frappe/core/doctype/user/test_user.py
@@ -42,7 +42,7 @@ class TestUser(IntegrationTestCase):
 
 	@staticmethod
 	def reset_password(user) -> str:
-		link = user.reset_password()
+		link = user._reset_password()
 		return parse_qs(urlparse(link).query)["key"][0]
 
 	def test_user_type(self):
diff --git a/frappe/core/doctype/user/user.py b/frappe/core/doctype/user/user.py
index fdc3cca83c..5e646f8650 100644
--- a/frappe/core/doctype/user/user.py
+++ b/frappe/core/doctype/user/user.py
@@ -480,7 +480,7 @@ class User(Document):
 	def validate_reset_password(self):
 		pass
 
-	def reset_password(self, send_email=False, password_expired=False):
+	def _reset_password(self, send_email=False, password_expired=False):
 		from frappe.utils import get_url
 
 		key = frappe.generate_hash()
@@ -516,7 +516,7 @@ class User(Document):
 	def send_welcome_mail_to_user(self):
 		from frappe.utils import get_url
 
-		link = self.reset_password()
+		link = self._reset_password()
 		subject = None
 		method = frappe.get_hooks("welcome_email")
 		if method:
@@ -1142,7 +1142,7 @@ def reset_password(user: str) -> str:
 			return "disabled"
 
 		user.validate_reset_password()
-		user.reset_password(send_email=True)
+		user._reset_password(send_email=True)
 
 		return frappe.msgprint(
 			msg=_("Password reset instructions have been sent to {}'s email").format(user.full_name),