Make set creadential label use reset-password scope

Closes #43460

Signed-off-by: vramik <vramik@redhat.com>

services/src/main/java/org/keycloak/services/resources/admin/UserResource.java

@@ -892,7 +892,7 @@ public class UserResource {
         @APIResponse(responseCode = "404", description = "Not Found")
     })
     public void setCredentialUserLabel(final @PathParam("credentialId") String credentialId, String userLabel) {
-        auth.users().requireManage(user);
+        auth.users().requireResetPassword(user);
         CredentialModel credential = user.credentialManager().getStoredCredentialById(credentialId);
         if (credential == null) {
             // we do this to make sure somebody can't phish ids
@@ -1324,4 +1324,4 @@ public class UserResource {
             this.lifespan = lifespan;
         }
     }
-}
+}

tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/UserResourceTypeEvaluationTest.java

@@ -18,6 +18,7 @@
 package org.keycloak.tests.admin.authz.fgap;
 
 import static org.hamcrest.MatcherAssert.assertThat;
+import static org.hamcrest.Matchers.hasSize;
 import static org.hamcrest.Matchers.instanceOf;
 import static org.hamcrest.Matchers.notNullValue;
 import static org.junit.jupiter.api.Assertions.assertEquals;
@@ -474,6 +475,11 @@ public class UserResourceTypeEvaluationTest extends AbstractPermissionTest {
         createPermission(client, userAlice.admin().toRepresentation().getId(), usersType, Set.of(VIEW), allowMyAdminPermission);
 
         users.get(search.get(0).getId()).resetPassword(credential);
+
+        // set credential label - admin UI sets the label upon resetting the password
+        List<CredentialRepresentation> credentials = users.get(search.get(0).getId()).credentials();
+        assertThat(credentials, hasSize(1));
+        users.get(search.get(0).getId()).setCredentialUserLabel(credentials.get(0).getId(), "User Label");
     }
 
     @Test