Add two distinct password reset routes

src/users.js

@@ -37,6 +37,9 @@ exports = module.exports = {
 
     sendPasswordResetByIdentifier,
 
+    getPasswordResetLink,
+    sendPasswordResetEmail,
+
     notifyLoginLocation,
 
     setupAccount,
@@ -623,11 +626,39 @@ async function sendPasswordResetByIdentifier(identifier, auditSource) {
     await update(user, { resetToken,resetTokenCreationTime }, auditSource);
 
     const resetLink = `${settings.dashboardOrigin()}/login.html?resetToken=${user.resetToken}`;
-    await mailer.passwordReset(user, resetLink);
+    await mailer.passwordReset(user, user.fallbackEmail || user.email, resetLink);
 
     return resetLink;
 }
 
+async function getPasswordResetLink(user, auditSource) {
+    assert.strictEqual(typeof user, 'object');
+    assert.strictEqual(typeof auditSource, 'object');
+
+    let resetToken = user.resetToken;
+    let resetTokenCreationTime = user.resetTokenCreationTime || 0;
+
+    if (!resetToken || (Date.now() - resetTokenCreationTime > 7 * 24 * 60 * 60 * 1000)) {
+        resetToken = hat(256);
+        resetTokenCreationTime = new Date();
+
+        await update(user, { resetToken, resetTokenCreationTime }, auditSource);
+    }
+
+    const resetLink = `${settings.dashboardOrigin()}/login.html?resetToken=${resetToken}`;
+
+    return resetLink;
+}
+
+async function sendPasswordResetEmail(user, email, auditSource) {
+    assert.strictEqual(typeof user, 'object');
+    assert.strictEqual(typeof email, 'string');
+    assert.strictEqual(typeof auditSource, 'object');
+
+    const resetLink = await getPasswordResetLink(user, auditSource);
+    await mailer.passwordReset(user, email, resetLink);
+}
+
 async function notifyLoginLocation(user, ip, userAgent, auditSource) {
     assert.strictEqual(typeof user, 'object');
     assert.strictEqual(typeof ip, 'string');