PasswordReset.create_token - Python API

Begins the password reset process.

Accepts a username or password and looks up a user by the credential. If the user is found, a password reset token and password reset key are generated and saved in the database. Next, an email is sent with a link for the user to click which leads to the next step in the process, represented by the access_token call in Python.

The method never returns an explicit indication to the caller that a username or email were not found - if that be the case, this information will be found in server logs.


password_reset.create_token(self, cid, credential, current_app, remote_addr, user_agent)

  • credential: Request's correlation ID.
  • credential: A username or email to look up a user whose password should be reset
  • current_app: Name of application the current user is issuing the call from
  • remote_addr: User's remote address
  • user_agent: User's browser or another tool as extracted from the HTTP User-Agent header.
  # -*- coding: utf-8 -*-

  # Zato
  from zato.server.service import Service

  class PasswordResetCreateToken(Service):
      def handle(self):

          current_app = 'CRM'
          remote_addr = ''
          user_agent = self.request.http.user_agent

          # This can be either username or email,
          # in this particular case it is a username.
          credential = 'my.username'

          # This will never return an explicit indication
          # whether the credential was valid or not.
              self.cid, credential, current_app, remote_addr, user_agent)