Skip to content

Class Name: ResetPasswordBatch

Last Updated: 2025-10-22

API Name: ResetPasswordBatch Type: Batch/Queueable/Schedulable Test Coverage: Unknown

Business Purpose

This batch class sends password reset emails to migrated users as part of AANP's user migration process. It processes active users flagged as migration users who haven't yet received password reset emails, triggering Salesforce's standard password reset functionality and tracking success/failure in a custom logging object to ensure all migrated users receive access to their new accounts.

Class Overview

Scope and Sharing

  • Sharing Model: No explicit sharing declaration (defaults to without sharing for global class)
  • Access Modifier: global
  • Interfaces Implemented: Database.Batchable, Database.Stateful

Key Responsibilities

  • Identifies active users flagged as Migration_User__c = true who haven't received password reset emails
  • Invokes System.resetPassword() to trigger standard Salesforce password reset email
  • Marks users as PasswordResetEmailSent__c = true after successful email sending
  • Logs failures to Reset_Email_Log__c custom object for tracking and troubleshooting
  • Limits processing to 5000 users per batch execution (1 user in test context)

Public Methods

start

global Database.QueryLocator start(Database.BatchableContext bc)

Purpose: Initializes the batch by building a query for active migration users who haven't received password reset emails.

Parameters: - bc (Database.BatchableContext): Batch context provided by the platform

Returns: - Database.QueryLocator: Query locator for User records to process

Business Logic: - Builds base query for IsActive = true users - In test context: limits to 1 user for test execution - In production: adds filters for Migration_User__c = true AND PasswordResetEmailSent__c = false, limits to 5000 users - Query retrieves Id, Migration_User__c, and PasswordResetEmailSent__c fields

execute

global void execute(Database.BatchableContext bc, List<User> scope)

Purpose: Processes each batch of User records by sending password reset emails and logging results.

Parameters: - bc (Database.BatchableContext): Batch context provided by the platform - scope (List): List of User records to process

Business Logic: - Returns immediately if scope is empty - For each user in scope: - Calls System.resetPassword(userId, true) to send password reset email - On success: marks user as PasswordResetEmailSent__c = true and adds to update list - On failure: creates Reset_Email_Log__c record with error message and timestamp - Performs bulk update of successful users - Performs bulk insert of error log records for failures

finish

global void finish(Database.BatchableContext bc)

Purpose: Completes batch execution with minimal logging.

Parameters: - bc (Database.BatchableContext): Batch context provided by the platform

Business Logic: - Outputs debug statement indicating batch completion - No additional processing or error handling

Private/Helper Methods

This class contains no private helper methods. All logic is contained within the three required batch interface methods.

Dependencies

Apex Classes

None - standalone batch class using standard Salesforce System methods

Salesforce Objects

  • User: Target object for password reset (Fields: Id, IsActive, Migration_User__c, PasswordResetEmailSent__c)
  • Reset_Email_Log__c: Custom object for error logging (Fields: User__c, Error_Message__c, Timestamp__c)

Custom Settings/Metadata

None

External Services

  • Salesforce Email Services: Uses System.resetPassword() which triggers standard password reset email workflow

Design Patterns

  • Batch Processing Pattern: Implements Database.Batchable for processing large numbers of users
  • Stateful Pattern: Uses Database.Stateful to maintain state across batch chunks (though no instance variables are used)
  • Error Logging Pattern: Separates successful updates from failures and logs errors to custom object
  • Graceful Degradation: Catches exceptions per user to allow batch to continue processing

Governor Limits Considerations

SOQL Queries: - start method: 1 query via QueryLocator

DML Operations: - execute method: Up to 2 DML statements per batch chunk (1 update for users, 1 insert for error logs)

Email Limits: - System.resetPassword() counts toward daily email limits - Each invocation sends 1 email - Batch limited to 5000 users to manage email volume

CPU Time: Low - simple field assignments and system method calls

Heap Size: - Batch processing limits heap usage to batch size (default 200 records) - Error log list grows only with failures

Bulkification: Yes - processes records in batches with bulk DML operations

Async Processing: Yes - runs as asynchronous batch job

Error Handling

Strategy: Try-catch per user with error logging - Wraps System.resetPassword() in try-catch block - Continues processing remaining users if one fails - Logs failures to custom object for follow-up

Logging: - Errors logged to Reset_Email_Log__c with User__c, Error_Message__c, and Timestamp__c - Debug statement in finish method - No success metrics or summary statistics

User Notifications: - Users receive standard Salesforce password reset email on success - No notification to administrators about batch completion or failure summary

Security Considerations

Sharing Rules: No sharing keyword (defaults to without sharing for global class) - Bypasses sharing rules to access all migration users regardless of hierarchy

Field-Level Security: - No WITH SECURITY_ENFORCED clause used in queries - May bypass FLS restrictions in batch context

CRUD Permissions: - No explicit CRUD permission checks - Relies on system context for User updates

Input Validation: - No validation of user data before password reset - System.resetPassword() performs internal validation

Test Class

Test Class: Unknown - test class not identified in source code Coverage: Unknown Test Scenarios Covered: - Test context uses LIMIT 1 to reduce test execution scope

Changes & History

  • Initial implementation for user migration password reset process
  • Part of broader user migration workflow

Pre-Go-Live Concerns

CRITICAL - Fix Before Go-Live

  • Email Limit Risk: Processing 5000 users per batch could quickly consume daily email limits (5000 single emails per day for most orgs). Consider smaller batch sizes or coordinate with email limit monitoring.
  • No Email Deliverability Check: System.resetPassword() may succeed but email could fail to deliver. No verification that emails actually reached users.
  • Missing User Validation: No checks that users have valid email addresses before attempting password reset.

HIGH - Address Soon After Go-Live

  • Hard-coded 5000 Limit: Fixed limit may not align with email capacity or business requirements. Consider using Custom Settings for configurable batch size.
  • No Retry Mechanism: Failed password resets are logged but not automatically retried. Manual intervention required.
  • Missing Completion Metrics: No summary of success/failure counts sent to administrators. Difficult to verify batch completed successfully.
  • Empty Stateful Implementation: Implements Database.Stateful but maintains no state variables. Unclear why interface is included.

MEDIUM - Future Enhancement

  • No Email Template Customization: Uses default Salesforce password reset email. May want custom branding or messaging for migration users.
  • Limited Error Detail: Error logs capture exception message but not stack trace or context. Makes troubleshooting difficult.
  • No User Communication: Users receive only password reset email. Consider additional communication about migration process.
  • Batch Scheduling: No built-in scheduling mechanism. Must be manually scheduled or triggered.

LOW - Monitor

  • Test Context Behavior: LIMIT 1 in tests may not adequately test bulk processing scenarios or governor limits.
  • Debug Logging Only: Finish method provides minimal operational insight.
  • No Performance Metrics: Processing time and throughput not tracked.

Maintenance Notes

Complexity: Low Recommended Review Schedule: Annually

Key Maintainer Notes: - This batch is typically run as part of a one-time or periodic user migration process. Not intended for continuous operation. - The 5000 user limit exists to manage Salesforce email limits. Monitor org email usage before running batch to ensure capacity. - Migration_User__c flag must be set properly on user records before batch execution. Consider data quality checks. - PasswordResetEmailSent__c flag is permanent marker. If batch needs to be rerun for same users, this flag must be reset. - System.resetPassword() generates temporary passwords and sends standard Salesforce emails. Users must check email and follow reset link. - Error logs in Reset_Email_Log__c should be reviewed after each batch run to identify users who didn't receive emails. - Consider running batch during off-peak hours to minimize email delivery timing issues. - Coordinate with email team to whitelist sender domains and ensure deliverability for bulk password reset emails.

Areas that need careful testing when modified: - Email deliverability with various email providers (Gmail, Outlook, etc.) - Error scenarios (invalid email addresses, inactive users, locked users) - Batch size impacts on email limits and performance - User object validation rules that might block updates to PasswordResetEmailSent__c - Reset_Email_Log__c object capacity and storage limits for error records