authnzerver.actions.passreset module¶
This contains functions to reset passwords.
-
authnzerver.actions.passreset.
verify_password_reset
(payload: dict, raiseonfail: bool = False, override_authdb_path: str = None, min_pass_length: int = 12, max_unsafe_similarity: int = 33, config: types.SimpleNamespace = None) → dict[source]¶ Verifies a password reset request.
Parameters: - payload (dict) –
This is a dict with the following required keys:
- email_address: str
- new_password: str
- session_token: str
In addition to these items received from an authnzerver client, the payload must also include the following keys (usually added in by a wrapping function):
- reqid: int or str
- pii_salt: str
- raiseonfail (bool) – If True, will raise an Exception if something goes wrong.
- override_authdb_path (str or None) – If given as a str, is the alternative path to the auth DB.
- min_pass_length (int) – The minimum required character length of the password.
- max_unsafe_similarity (int) – The maximum ratio required to fuzzy-match the input password against the server’s domain name, the user’s email, or their name.
- config (SimpleNamespace object or None) – An object containing systemwide config variables as attributes. This is useful when the wrapping function needs to pass in some settings directly from environment variables.
Returns: Returns a dict containing a success key indicating if the user’s password was reset.
Return type: dict
- payload (dict) –
-
authnzerver.actions.passreset.
verify_password_reset_nosession
(payload: dict, raiseonfail: bool = False, override_authdb_path: str = None, min_pass_length: int = 12, max_unsafe_similarity: int = 33, config: types.SimpleNamespace = None) → dict[source]¶ Verifies a password reset request.
This version does not require an active session.
Parameters: - payload (dict) –
This is a dict with the following required keys:
- email_address: str
- new_password: str
- required_active: bool
The required_active parameter can be used to check the required state of the is_active DB entry for the user before password reset is allowed to proceed. This is useful when user accounts are required to be locked when a successful password reset verification token is received by a frontend server.
In addition to these items received from an authnzerver client, the payload must also include the following keys (usually added in by a wrapping function):
- reqid: int or str
- pii_salt: str
- raiseonfail (bool) – If True, will raise an Exception if something goes wrong.
- override_authdb_path (str or None) – If given as a str, is the alternative path to the auth DB.
- min_pass_length (int) – The minimum required character length of the password.
- max_unsafe_similarity (int) – The maximum ratio required to fuzzy-match the input password against the server’s domain name, the user’s email, or their name.
- config (SimpleNamespace object or None) – An object containing systemwide config variables as attributes. This is useful when the wrapping function needs to pass in some settings directly from environment variables.
Returns: Returns a dict containing a success key indicating if the user’s password was reset.
Return type: dict
- payload (dict) –