def reset_account_credentials(email, password_salt, password_hash):
return SyndicateUser.Reset(email, password_salt, password_hash)
raise Exception("Invalid certificate")
caller_user = _check_authenticated(fields)
if not caller_user.is_admin:
raise Exception("Only an admin can call this method")
_, admin_user = validate_user_cert(user_cert,
caller_user.owner_id,
check_admin=True)
if admin_user.owner_id != caller_user.owner_id:
raise Exception("This admin user did not sign the user cert")
# do the reset
user_key = SyndicateUser.Reset(user_cert)
if user_key is not None:
return {"result": True}
else:
return {"result": False}
def validate_volume_cert(volume_cert, signing_user_id=None):
"""
Given a deserialized volume certificate, check its validity:
* make sure the user exists
* make sure the user in the cert signed it, or verify that the user identified by signing_user_id did
(e.g. signing_user_id might correspond to a volume owner or admin)
Return the (user, volume) on success (volume can be None if we haven't created it yet)
Raise an exception on error