feat(dashboard): add password change functionality in user management

[Pegoku]

User description

SUMMARY

A password change modal has been added to the user management UI.

BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF

BEFORE: AFTER:

TESTING INSTRUCTIONS

Go to the user management UI and press the password change (key) button.

ADDITIONAL INFORMATION

• [x] Has associated issue: #36223
• [ ] Required feature flags:
• [x] Changes UI
• [ ] Includes DB Migration (follow approval process in SIP-59)
  • [ ] Migration is atomic, supports rollback & is backwards-compatible
  • [ ] Confirm DB migration upgrade and downgrade tested
  • [ ] Runtime estimates and downtime expectations provided
• [ ] Introduces new feature or API
• [ ] Removes existing feature or API

---

CodeAnt-AI Description

Add "Change password" action and modal to user management

What Changed

• A "Change password" button (Key icon) is now available in each user's Actions menu for admins.
• Clicking it opens a modal that only requires a new password and confirmation; submitting updates that user's password and refreshes the user list.
• Success and error messages are shown specifically for password-change outcomes; other user add/edit flows keep existing behavior.

Impact

✅ Shorter admin password updates ✅ Clearer password change errors ✅ Fewer support password reset requests

💡 Usage Guide

Checking Your Pull Request

Every time you make a pull request, our system automatically looks through it. We check for security issues, mistakes in how you're setting up your infrastructure, and common code problems. We do this to make sure your changes are solid and won't cause any trouble later.

Talking to CodeAnt AI

Got a question or need a hand with something in your pull request? You can easily get in touch with CodeAnt AI right here. Just type the following in a comment on your pull request, and replace "Your question here" with whatever you want to ask:

@codeant-ai ask: Your question here

This lets you have a chat with CodeAnt AI about your pull request, making it easier to understand and improve your code.

Example

@codeant-ai ask: Can you suggest a safer alternative to storing this secret?

Preserve Org Learnings with CodeAnt

You can record team preferences so CodeAnt AI applies them in future reviews. Reply directly to the specific CodeAnt AI suggestion (in the same thread) and replace "Your feedback here" with your input:

@codeant-ai: Your feedback here

This helps CodeAnt AI learn and adapt to your team's coding style and standards.

Example

@codeant-ai: Do not flag unused imports.

Retrigger review

Ask CodeAnt AI to review the PR again, by typing:

@codeant-ai: review

Check Your Repository Health

To analyze the health of your code repository, visit our dashboard at https://app.codeant.ai. This tool helps you identify potential issues and areas for improvement in your codebase, ensuring your repository maintains high standards of code health.

[codeant-ai-for-open-source[bot]]

Nitpicks 🔍

🔒 No security issues identified

⚡ Recommended areas for review [ ] Permission / Consumer handling Adding a new action usually requires updates where action strings are checked (e.g., permission lists, audit logs, backend endpoints). Verify all code paths that switch on or whitelist Actions values (UI menus, role/permission checks, API handlers) are updated to handle this new value and that tests cover it. [ ] Field name mismatch The FormItem uses name="active" but the Checkbox onChange sets isActive via form.setFieldsValue({ isActive: checked }). This inconsistency will prevent the active value from being saved/submitted and can cause UI and API mismatch. Verify the form field name matches the app/api contract (either active, isActive, or is_active) and use the same key everywhere. [ ] Modal component export / props The new import adds UserListPasswordChangeModal from 'src/features/users/UserListModal' and the modal is passed roles and groups. Verify that the component is exported from that module and accepts these props; otherwise this will cause a runtime or compile failure. [ ] Naming consistency The new enum value uses snake_case ('password_change') while the other action values are single-word lowercase strings ('create', 'update'). Confirm the string format (snake_case vs camelCase vs single-word) is intentionally chosen and is supported by all consumers (UI, backend, permission checks). Inconsistent formats can cause runtime mismatches when values are compared. [ ] Unknown icon usage The new action uses icon: 'KeyOutlined' as a string (consistent with other actions), but it's important to confirm that this icon key actually exists where ActionsBar resolves icons. If it doesn't, the icon will not render. Consider using the Icons component (e.g., Icons.KeyOutlined) or validate the string mapping.

[codeant-ai-for-open-source[bot]]

CodeAnt AI finished reviewing your PR.

[sadpandajoe]

@Pegoku mind adding tests?

Also say I am logged in, I change my password, does it automatically log me out where I would have to log in again or would it keep my current session open until I log out?

[Pegoku]

Also say I am logged in, I change my password, does it automatically log me out where I would have to log in again or would it keep my current session open until I log out?

when a password is changed via the API (/api/v1/security/users/{id} or /api/v1/me/), it does not invalidate or clear the user's session, so the user would be unaffected. Should all sessions linked to the user be invalidated?

mind adding tests?

Sure, will do.

[codeant-ai-for-open-source[bot]]

CodeAnt AI is running Incremental review

---

Thanks for using CodeAnt! 🎉

We're free for open-source projects. if you're enjoying it, help us grow by sharing.

Share on X · Reddit · LinkedIn

[netlify[bot]]

✅ Deploy Preview for superset-docs-preview ready!

Name	Link
🔨 Latest commit	01a39a900fee02fdf417cefa5a74569ea991ac7d
🔍 Latest deploy log	https://app.netlify.com/projects/superset-docs-preview/deploys/69678366bafe2d000821d54d
😎 Deploy Preview	https://deploy-preview-36764--superset-docs-preview.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[Pegoku]

@sadpandajoe Is it now better? Any update?

[Dev10-34]

Wasn't this feature already a part of flask appbuilder? This is the one feature which was overlooked while migrating to react views I believe?

[Dev10-34]

@Pegoku mind adding tests?

Also say I am logged in, I change my password, does it automatically log me out where I would have to log in again or would it keep my current session open until I log out?

Hi, Maybe not my place to say this, but this already used to be a thing in older versions of superset which got removed during the migration to react frontend. I am not sure about current the behaviour, but before, when flask session side were still not a thing ( I am talking like 3.x.x superset ), the password change would only be enforced in the next login for the user. Ongoing sessions would remain unaffected.

[Dev10-34]

related issue to this already mentioned by @Pegoku: https://github.com/apache/superset/issues/36223 Flask appbuilder doesn't have any mentions of deprecating the /resetmypassword or the /resetpassword endpoints either

[Dev10-34]

I am blocking this to discuss if it's a good idea. This opens up user impersonation by admins right? Granted api already allows it but the question is should we go the other direction with api as well?

The original feature was to redirect to a page with the /users/show/pk for that button. Here, the admin would be able to see details pertaining to the user along with having a button to change the users password if required. The reset password button would take them to /resetpassword page.

I think the use case it solves is that the user needs to know their password to login into the system. If they forget their password, they go to the admin who can change it for them and the user can reset their password again. However, if the user forgets and now admin can't change the password either (unless they make a db change for which they might have to write scripts as the db doesn't store the password plain text but does salt generation and hashing the password). This can lead to a ghost user in the db, one who can not access the system anymore and one whose password is hard to change without technical knowhow for people using superset out of the box. The issue is that even deleting the user and recreating the user may not be the case a lot of times especially if they are like a business user and hand are tied down by policies. This makes some form of implementation of this feature necessary in one way or another.

Please review.

[msyavuz]

The screenshot shows the password change for the current user . I think if we need this feature we need a proper password reset flow with all the necessary stuff like emails.

[EnxDev]

Hey @dpgaspar, do you recall if this API direction was driven by decisions made in Superset?

[alexandrusoare]

Thank you for the initiative, great work! I do agree that there should be some ways to handle for cases like when the user forgot his password, but we should talk first about a proper way to handle the flow.

[Dev10-34]

The screenshot shows the password change for the current user . I think if we need this feature we need a proper password reset flow with all the necessary stuff like emails.

Not really. If i add some more users, then I can show the flow like this: Screenshot 1: Logged in as Admin role

Screenshot 2: Navigate to fab page for the same.

Screenshot 3: Show record for test1 user

Screenshot 4: Navigate to /resetpassword endpoint which is going to pull up this page, allowing the admin to change the password as needed as well.

This changing password feature is different from the password change initiated through user_info page/endpoint. Explained through screenshots flow again:

Screenshot 1: The superset frontend page for user info:

Screenshot 2: Corresponding fab page for the same:

Screenshot 3: Resetting the password for the current user:

Not sure if this was intentional for superset, but the out of the box support from fab allowed users to do this very easily. Allowing admin control for the same as well. There are related permissions to these as well, namely ResetPassword and ResetMyPassword, which are separate from each other. This allows creation of a separate account in superset, with a role completely dedicated to this as well. Organizations can choose to remove this from the admin control and assign this over to a different role as well, maintaining the granularity principle in superset.

@EnxDev, here is the PR which I think added this feature in the first place: https://github.com/apache/superset/pull/9232

[dpgaspar]

Since we're touching this, would be nice to add a more modern user password reset flow, based on email and only possible when AUTH_TYPE = AUTH_DB.