def reset_password():
"""Resets the password for the user in the post body """
user_management = UserManagement()
# Only and admin can reset a password
jwt_user = get_jwt_identity()
admin_user = user_management.get_user(jwt_user)
authorized = admin_user['role'] == 'admin'
log_request(request, jwt_user, authorized)
if not authorized:
response = {'message': 'only admins can reset password'}
return jsonify(response), 403
else:
# Check the request body
if 'username' not in request.json:
response = {'message': 'username required in post body'}
return jsonify(response), 400
# Generate a password and post the update to the datase
username = request.json['username']
user = user_management.get_user(username)
email = user['email']
mode = request.args.get('mode')
send = False if mode and mode == 'test' else True
user_management.reset_password(username, email, send=send)
response = {
'message': 'role updated for %s' % (username),
'email': user['email']
}
return jsonify(response), 201
def user_reset_password():
"""Resets the password for the user in the post body """
user_management = UserManagement()
# Check the request body
if 'username' not in request.json or 'email' not in request.json:
response = {'message': 'post body missing required keys'}
return jsonify(response), 400
# Generate a password and post the update to the datase
username = request.json['username']
email = request.json['email']
log_request(request, username, True)
mode = request.args.get('mode')
send = False if mode and mode == 'test' else True
updated = user_management.reset_password(username, email, send=send)
if updated:
response = {'message': 'Password updated for %s' % (username)}
return jsonify(response), 201
else:
response = {'message': 'Password updated failed for %s' % (username)}
return jsonify(response), 401