From 155905b61e548b88b1e5945e65537811e2d38315 Mon Sep 17 00:00:00 2001
From: rob <robdickson444@hotmail.com>
Date: Wed, 14 Jan 2026 00:07:21 -0400
Subject: [PATCH] Fix password reset to use argon2 hasher

Was using werkzeug's generate_password_hash which creates incompatible
hashes. Now uses the same argon2 password_hasher as registration/login.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 src/cmdforge/registry/app.py | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/cmdforge/registry/app.py b/src/cmdforge/registry/app.py
index 5f6f1c2..4982229 100644
--- a/src/cmdforge/registry/app.py
+++ b/src/cmdforge/registry/app.py
@@ -2531,7 +2531,6 @@ def create_app() -> Flask:
     def admin_reset_password(publisher_id: int) -> Response:
         """Generate a temporary password for a publisher."""
         import secrets
-        from werkzeug.security import generate_password_hash
 
         publisher = query_one(g.db, "SELECT * FROM publishers WHERE id = ?", [publisher_id])
         if not publisher:
@@ -2539,7 +2538,7 @@ def create_app() -> Flask:
 
         # Generate a temporary password
         temp_password = secrets.token_urlsafe(12)
-        password_hash = generate_password_hash(temp_password)
+        password_hash = password_hasher.hash(temp_password)
 
         g.db.execute(
             "UPDATE publishers SET password_hash = ? WHERE id = ?",