def get_reset_link(**_):
"""
Send a reset link via email to the email address specified
Variables:
None
Arguments:
None
Data Block:
{
"email": <EMAIL ADDRESS TO RESET PASSWORD>
}
Result example:
{
"success": true
}
"""
if not config.auth.internal.signup.enabled:
return make_api_response({"success": False},
"Signup process has been disabled", 403)
try:
data = request.json
except BadRequest:
data = request.values
email = data.get('email', None)
if email and STORAGE.user.search(f"email:{email.lower()}").get('total',
0) == 1:
key = hashlib.sha256(
get_random_password(length=512).encode('utf-8')).hexdigest()
# noinspection PyBroadException
try:
send_reset_email(email, key)
get_reset_queue(key).add(email)
return make_api_response({"success": True})
except Exception:
make_api_response(
{"success": False},
"The system failed to send the password reset link.", 400)
return make_api_response(
{"success": False},
"We have no record of this email address in our system.", 400)
def reset():
if not config.auth.internal.signup.enabled:
return redirect(redirect_helper("/"))
reset_id = request.args.get('reset_id', "")
if reset_id and get_reset_queue(reset_id).length() == 0:
reset_id = ""
return custom_render("reset.html", reset_id=reset_id)
def reset_pwd(**_):
"""
Reset the password for the specified reset ID
Variables:
None
Arguments:
None
Data Block:
{
"reset_id": <RESET_HASH>,
"password": <PASSWORD TO RESET TO>,
"password_confirm": <CONFIRMATION OF PASSWORD TO RESET TO>
}
Result example:
{
"success": true
}
"""
if not config.auth.internal.signup.enabled:
return make_api_response({"success": False},
"Signup process has been disabled", 403)
data = request.json
if not data:
data = request.values
reset_id = data.get('reset_id', None)
password = data.get('password', None)
password_confirm = data.get('password_confirm', None)
if reset_id and password and password_confirm:
if password != password_confirm:
return make_api_response({"success": False},
err="Password mismatch",
status_code=469)
password_requirements = config.auth.internal.password_requirements.as_primitives(
)
if not check_password_requirements(password, **password_requirements):
error_msg = get_password_requirement_message(
**password_requirements)
return make_api_response({"success": False}, error_msg, 469)
try:
reset_queue = get_reset_queue(reset_id)
members = reset_queue.members()
reset_queue.delete()
if members:
email = members[0]
res = STORAGE.user.search(f"email:{email}")
if res.get('total', 0) == 1:
user = STORAGE.user.get(res['items'][0].uname)
user.password = get_password_hash(password)
STORAGE.user.save(user.uname, user)
return make_api_response({"success": True})
except Exception:
pass
return make_api_response({"success": False},
err="Invalid parameters passed",
status_code=400)