Begins the password reset process.
Accepts a username or password and looks up a user by the credential. If the user is found, a password reset token and password reset key are generated and saved in the database. Next, an email is sent with a link for the user to click which leads to the next step in the process, represented by the access_token call in Python.
The method never returns an explicit indication to the caller that a username or email were not found - if that be the case, this information will be found in server logs.
password_reset.create_token(self, cid, credential, current_app, remote_addr, user_agent)
credential: Request's correlation ID.credential: A username or email to look up a user whose password should be resetcurrent_app: Name of application the current user is issuing the call fromremote_addr: User's remote addressuser_agent: User's browser or another tool as extracted from the HTTP User-Agent header. # -*- coding: utf-8 -*-
# Zato
from zato.server.service import Service
class PasswordResetCreateToken(Service):
def handle(self):
current_app = 'CRM'
remote_addr = '127.0.0.1'
user_agent = self.request.http.user_agent
# This can be either username or email,
# in this particular case it is a username.
credential = 'my.username'
# This will never return an explicit indication
# whether the credential was valid or not.
self.sso.password_reset.create_token(
self.cid, credential, current_app, remote_addr, user_agent)