feat: add force password reset feature

app/Http/Controllers/UserController.php

@@ -34,6 +34,7 @@ use App\Http\Requests\SearchPlayerRequest;
 use App\Http\Requests\UpdateUserRequest;
 use App\Notifications\ChangedPassword;
 use App\Notifications\EmailChanged;
+use App\Notifications\PasswordAdminResetNotification;
 use App\Services\AccountSuspensionService;
 use App\Traits\DisablesFeatures;
 use App\Traits\HandlesAccountDeletion;
@@ -275,6 +276,33 @@ class UserController extends Controller
     }
 
 
+    /**
+     * Removes the user's password and notifies them.
+     *
+     * @param User $user The user to remove the password for
+     * @return \Illuminate\Http\RedirectResponse
+     * @throws \Illuminate\Auth\Access\AuthorizationException
+     */
+    public function forcePasswordReset(User $user) {
+
+        $this->authorize('adminEdit', $user);
+        $user->notify(new PasswordAdminResetNotification());
+
+        $user->password = null;
+        $user->save();
+
+
+        Log::alert("Removed account password", [
+            'target' => $user,
+            'actor' => Auth::user()
+        ]);
+
+        return redirect()
+            ->back()
+            ->with('success', 'Account password removed.');
+    }
+
+
     /**
      * Delete the given user's account
      *

app/Http/Requests/AdminPasswordResetRequest.php

@@ -0,0 +1,28 @@
+<?php
+
+namespace App\Http\Requests;
+
+use Illuminate\Foundation\Http\FormRequest;
+use Illuminate\Support\Facades\Auth;
+
+class AdminPasswordResetRequest extends FormRequest
+{
+    public function rules(): array
+    {
+        if (Auth::user()->has2FA()) {
+            return [
+                'currentPassword' => 'required|current_password:web',
+                'otp' => 'required|integer|max:6',
+            ];
+        }
+
+        return [
+            'currentPassword' => 'required|current_password:web',
+        ];
+    }
+
+    public function authorize(): bool
+    {
+        return true;
+    }
+}