fix: set password in management api (#1766)

* fix: set password in management api

* comment

Co-authored-by: Livio Amstutz <livio.a@gmail.com>

proto/zitadel/management.proto

@@ -392,7 +392,7 @@ service ManagementService {
         };
     }
 
-    // A Manager is only allowed to set an initial password, on the next login the user has to change his password
+    // deprecated: use SetHumanPassword
     rpc SetHumanInitialPassword(SetHumanInitialPasswordRequest) returns (SetHumanInitialPasswordResponse) {
         option (google.api.http) = {
             post: "/users/{user_id}/password/_initialize"
@@ -404,6 +404,19 @@ service ManagementService {
         };
     }
 
+    // Set a new password for a user, on default the user has to change the password on the next login
+    // Set no_change_required to true if the user does not have to change the password on the next login
+    rpc SetHumanPassword(SetHumanPasswordRequest) returns (SetHumanPasswordResponse) {
+        option (google.api.http) = {
+            post: "/users/{user_id}/password"
+            body: "*"
+        };
+
+        option (zitadel.v1.auth_option) = {
+            permission: "user.write"
+        };
+    }
+
     // An email will be sent to the given address to reset the password of the user
     rpc SendHumanResetPasswordNotification(SendHumanResetPasswordNotificationRequest) returns (SendHumanResetPasswordNotificationResponse) {
         option (google.api.http) = {
@@ -2380,6 +2393,16 @@ message SetHumanInitialPasswordResponse {
     zitadel.v1.ObjectDetails details = 1;
 }
 
+message SetHumanPasswordRequest {
+    string user_id = 1 [(validate.rules).string.min_len = 1];
+    string password = 2 [(validate.rules).string = {min_len: 1, max_len: 72}];
+    bool no_change_required = 3;
+}
+
+message SetHumanPasswordResponse {
+    zitadel.v1.ObjectDetails details = 1;
+}
+
 message SendHumanResetPasswordNotificationRequest {
     enum Type {
         TYPE_EMAIL = 0;