Magento Admin Reset Password: Common Bugs and Fixes

Password recovery for the Magento admin panel often encounters several issues caused by a few bugs. Here's a concise overview and their solutions:

Password reset link includes an extra path
The URL contains an unnecessary /admin segment after the main domain, e.g.:
http://magento.local/admin/admin_123456/admin/auth/resetpassword/key/xxxxxxxxxx/?id=1&token=yyyyyyyy
Solution: Apply the patch suggested in this comment.
Note: This issue exists in Magento 2.4.6 but has been fixed in version 2.4.7.

Missing password reset form
This issue is documented here. After upgrading Magento, the form might disappear, even with all custom modules disabled. A patch is needed to resolve this

diff --git a/view/adminhtml/layout/adminhtml_auth_resetpassword.xml b/view/adminhtml/layout/adminhtml_auth_resetpassword.xml
index 3ee2rd..8349152 111644
--- a/view/adminhtml/layout/adminhtml_auth_resetpassword.xml    2024-10-16 23:10:32.714755233 +0200
+++ b/view/adminhtml/layout/adminhtml_auth_resetpassword.xml    2024-10-16 23:11:13.808563121 +0200

@@ -9,7 +9,7 @@
     <update handle="admin_login" />
     <body>
         <referenceContainer name="login.content">
-            <block class="Magento\Backend\Block\Template" name="content" template="Magento_User::admin/resetforgottenpassword.phtml" />
+            <block class="Magento\Backend\Block\Template" name="content.reset.password" template="Magento_User::admin/resetforgottenpassword.phtml" />
         </referenceContainer>
     </body>
 </page>

Add this into composer.json:

"extra": {
    "magento-force": "override",
    "composer-exit-on-patch-failure": true,
    "patches": {
        "magento/module-user": {
             "Reset password form for admin": "patches/composer/admin_password_reset_form.patch",
        }
    }
},

Expired password reset link
Modifying the form block leads to the error: "Your password reset link has expired." This occurs because the token is not added to the form.

Another patch is required to fix this issue.

--- /dev/null
+++ ../Controller/Adminhtml/Auth/ResetPassword.php
@@ -24,7 +24,7 @@

             $this->_view->loadLayout();

-            $content = $this->_view->getLayout()->getBlock('content');
+            $content = $this->_view->getLayout()->getBlock('content.reset.password');
             if ($content) {
                 $content->setData('user_id', $userId)->setData('reset_password_link_token', $passwordResetToken);

"extra": {
    "magento-force": "override",
    "composer-exit-on-patch-failure": true,
    "patches": {
        "magento/module-user": {
            "fix admin post reset": "patches/composer/magento-module-user-controller-adminhtml-auth-resetpassword-php.patch"
        }
    }
},

Missing 'id' parameter
Sometimes the password reset link leads to an "expired link" message due to a missing id parameter in the file:
vendor/magento/module-user/view/adminhtml/templates/admin/resetforgottenpassword.phtml:

<form method="post" data-mage-init='{"form": {}, "validation": {}}'
      action="<?= $block->escapeUrl(
          $block->getUrl(
              '*/auth/resetpasswordpost',
              ['_query' => ['id' => $block->getUserId(), 'token' => $block->getResetPasswordLinkToken()]]
          )
      ) ?>" id="reset-password-form" autocomplete="off">

These issues require applying several patches to ensure the password recovery function works correctly in the Magento admin panel.