authnzerver.actions.passreset module

This contains functions to reset passwords.

authnzerver.actions.passreset.verify_password_reset(payload: dict, raiseonfail: bool = False, override_authdb_path: str = None, min_pass_length: int = 12, max_unsafe_similarity: int = 33, config: types.SimpleNamespace = None) → dict[source]

Verifies a password reset request.

Parameters:
  • payload (dict) –

    This is a dict with the following required keys:

    • email_address: str
    • new_password: str
    • session_token: str

    In addition to these items received from an authnzerver client, the payload must also include the following keys (usually added in by a wrapping function):

    • reqid: int or str
    • pii_salt: str
  • raiseonfail (bool) – If True, will raise an Exception if something goes wrong.
  • override_authdb_path (str or None) – If given as a str, is the alternative path to the auth DB.
  • min_pass_length (int) – The minimum required character length of the password.
  • max_unsafe_similarity (int) – The maximum ratio required to fuzzy-match the input password against the server’s domain name, the user’s email, or their name.
  • config (SimpleNamespace object or None) – An object containing systemwide config variables as attributes. This is useful when the wrapping function needs to pass in some settings directly from environment variables.
Returns:

Returns a dict containing a success key indicating if the user’s password was reset.
Return type:

dict
authnzerver.actions.passreset.verify_password_reset_nosession(payload: dict, raiseonfail: bool = False, override_authdb_path: str = None, min_pass_length: int = 12, max_unsafe_similarity: int = 33, config: types.SimpleNamespace = None) → dict[source]

Verifies a password reset request.

This version does not require an active session.

Parameters:
  • payload (dict) –

    This is a dict with the following required keys:

    • email_address: str
    • new_password: str
    • required_active: bool

    The required_active parameter can be used to check the required state of the is_active DB entry for the user before password reset is allowed to proceed. This is useful when user accounts are required to be locked when a successful password reset verification token is received by a frontend server.

    In addition to these items received from an authnzerver client, the payload must also include the following keys (usually added in by a wrapping function):

    • reqid: int or str
    • pii_salt: str
  • raiseonfail (bool) – If True, will raise an Exception if something goes wrong.
  • override_authdb_path (str or None) – If given as a str, is the alternative path to the auth DB.
  • min_pass_length (int) – The minimum required character length of the password.
  • max_unsafe_similarity (int) – The maximum ratio required to fuzzy-match the input password against the server’s domain name, the user’s email, or their name.
  • config (SimpleNamespace object or None) – An object containing systemwide config variables as attributes. This is useful when the wrapping function needs to pass in some settings directly from environment variables.
Returns:

Returns a dict containing a success key indicating if the user’s password was reset.
Return type:

dict