The get request is just to render the /reset route, it is not used to reset the password of a user. When a user enters an email address on that page, if that email is registered in the system an email with a reset code is sent to that address.
There is an API route that admins can use to change the password of another user.
https://docs.nodebb.org/api/write/#tag/users/paths/~1users~1{uid}~1password/put
ReDoc favicon(docs.nodebb.org)