Prototyping a password reset method for low security forum

eeeee

I wrote before about one of my forums not needing to be high security (as it has no sensitive information) and only has infrequent visitors. Password resets are a frequently requested issue.
Ive made a widget with a puzzle to solve which is generated from a hash of the email. The user is shown the solution to this puzzle each time they login, and its easy to remember. So any time they cant login they probably will remember the solution.
The widget is on a public category in the forum viewable by guests, so a person can enter their username, and complete the puzzle.

Is there an API call which can be called with Admin permissions, which will reset a password, just using the username of the user?

eeeee

I did try the first step of the two step reset process as outlined in the v3 docs

The first step is meant to generate a code
so calling the API with https://myforum.org/api/reset
but the response was empty for the code?

{
  "code": null,
  "breadcrumbs": [
....

eeeee

The step1 Get request doesnt seem to take a username or UID number as a payload?
So how would this API request theoretically work, if it doesnt know which user you are asking for a reset code for?

<baris>

The get request is just to render the /reset route, it is not used to reset the password of a user. When a user enters an email address on that page, if that email is registered in the system an email with a reset code is sent to that address.

There is an API route that admins can use to change the password of another user.

https://docs.nodebb.org/api/write/#tag/users/paths/~1users~1{uid}~1password/put

ReDoc

(docs.nodebb.org)