From 049b64ffd58329ddeecccfb0336768ed4dbe5320 Mon Sep 17 00:00:00 2001 From: Ferdinand Thiessen Date: Mon, 18 Jan 2021 16:18:16 +0100 Subject: [PATCH] [Plugin] auth: Implemented REST endpoint for password reset --- flaschengeist/plugins/auth/__init__.py | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/flaschengeist/plugins/auth/__init__.py b/flaschengeist/plugins/auth/__init__.py index 95ba2d3..fa9e789 100644 --- a/flaschengeist/plugins/auth/__init__.py +++ b/flaschengeist/plugins/auth/__init__.py @@ -2,12 +2,13 @@ Allow management of authentication, login, logout, etc. """ -from flask import Blueprint, request, jsonify from http.client import CREATED, NO_CONTENT -from werkzeug.exceptions import Forbidden, BadRequest, Unauthorized +from flask import Blueprint, request, jsonify +from werkzeug.exceptions import Forbidden, BadRequest, Unauthorized, NotFound from flaschengeist import logger from flaschengeist.plugins import Plugin +from flaschengeist.utils.HTTP import no_content from flaschengeist.decorator import login_required from flaschengeist.controller import sessionController, userController @@ -162,3 +163,20 @@ def get_assocd_user(token, current_session, **kwargs): # Valid tokens from other users and invalid tokens now are looking the same raise Forbidden return jsonify(session._user) + + +@auth_bp.route("/auth/reset", methods=["POST"]) +def reset_password(): + data = request.get_json() + if "userid" in data: + try: + user = userController.find_user(data["userid"]) + userController.request_reset(user) + except NotFound: + pass + elif "password" in data and "token" in data: + userController.reset_password(data["token"], data["password"]) + else: + raise BadRequest("Missing parameter(s)") + + return no_content()