authnzerver.actions.passchange module

This contains functions to change passwords.

authnzerver.actions.passchange.change_user_password(payload: dict, override_authdb_path: str = None, raiseonfail: bool = False, min_pass_length: int = 12, max_unsafe_similarity: int = 33, config: types.SimpleNamespace = None) → dict[source]

Changes the user’s password.

Parameters:
  • payload (dict) –

    This is a dict with the following required keys:

    • user_id: int
    • session_token: str
    • full_name: str
    • email: str
    • current_password: str
    • new_password: str

    In addition to these items received from an authnzerver client, the payload must also include the following keys (usually added in by a wrapping function):

    • reqid: int or str
    • pii_salt: str
  • override_authdb_path (str or None) – If given as a str, is the alternative path to the auth DB.
  • raiseonfail (bool) – If True, will raise an Exception if something goes wrong.
  • min_pass_length (int) – The minimum required character length of the password. The value provided in this kwarg will be overriden by the passpolicy attribute in the config object if that is passed in as well.
  • max_unsafe_similarity (int) – The maximum ratio required to fuzzy-match the input password against the server’s domain name, the user’s email, or their name. The value provided in this kwarg will be overriden by the passpolicy attribute in the config object if that is passed in as well.
  • config (SimpleNamespace object or None) – An object containing systemwide config variables as attributes. This is useful when the wrapping function needs to pass in some settings directly from environment variables.
Returns:

Returns a dict with the user’s user_id and email as keys if successful.
Return type:

dict

Notes

This logs out the user from all of their other sessions.

authnzerver.actions.passchange.change_user_password_nosession(payload: dict, override_authdb_path: str = None, raiseonfail: bool = False, min_pass_length: int = 12, max_unsafe_similarity: int = 33, config: types.SimpleNamespace = None) → dict[source]

Changes the user’s password.

This version doesn’t require an active session.

Parameters:
  • payload (dict) –

    This is a dict with the following required keys:

    • user_id: int
    • full_name: str
    • email: str
    • current_password: str
    • new_password: str

    In addition to these items received from an authnzerver client, the payload must also include the following keys (usually added in by a wrapping function):

    • reqid: int or str
    • pii_salt: str
  • override_authdb_path (str or None) – If given as a str, is the alternative path to the auth DB.
  • raiseonfail (bool) – If True, will raise an Exception if something goes wrong.
  • min_pass_length (int) – The minimum required character length of the password. The value provided in this kwarg will be overriden by the passpolicy attribute in the config object if that is passed in as well.
  • max_unsafe_similarity (int) – The maximum ratio required to fuzzy-match the input password against the server’s domain name, the user’s email, or their name. The value provided in this kwarg will be overriden by the passpolicy attribute in the config object if that is passed in as well.
  • config (SimpleNamespace object or None) – An object containing systemwide config variables as attributes. This is useful when the wrapping function needs to pass in some settings directly from environment variables.
Returns:

Returns a dict with the user’s user_id and email as keys if successful.
Return type:

dict

Notes

This logs out the user from all of their other sessions.