Begins the password reset process.
Accepts a username or password and looks up a user by the credential. If the user is found, a password reset token and password reset key are generated and saved in the database. Next, an email is sent with a link for the user to click which leads to the next step in the process, represented by the access_token call in Python.
The method never returns an explicit indication to the caller that a username or email were not found - if that be the case, this information will be found in server logs.
password_reset.create_token(self, cid, credential, current_app, remote_addr, user_agent)
credential: Request's correlation ID.
credential: A username or email to look up a user whose password should be reset
current_app: Name of application the current user is issuing the call from
remote_addr: User's remote address
user_agent: User's browser or another tool as extracted from the HTTP User-Agent header.
# -*- coding: utf-8 -*- # Zato from zato.server.service import Service class PasswordResetCreateToken(Service): def handle(self): current_app = 'CRM' remote_addr = '127.0.0.1' user_agent = self.request.http.user_agent # This can be either username or email, # in this particular case it is a username. credential = 'my.username' # This will never return an explicit indication # whether the credential was valid or not. self.sso.password_reset.create_token( self.cid, credential, current_app, remote_addr, user_agent)