backend.routers.password_reset
Password reset router.
Implements the self-service password reset flow:
An admin triggers a reset for a user via the admin router.
A time-limited JWT is sent to the user by e-mail or Mattermost.
The user submits the new password together with the token.
The token is marked as used to prevent replay attacks.
Rate limiting: 3 requests per minute per IP.
Prefix: /password_reset | Tag: pw_reset
- backend.routers.password_reset.mark_token_as_used(db, token)[Quellcode]
Record a password-reset token as consumed.
Stores the SHA-256 hash of token in
models.UsedPasswordResetTokenso that the same token cannot be used twice.- Parameter:
db (Session) – Active database session.
token (str) – The raw password-reset JWT string.
- backend.routers.password_reset.verify_reset_token(request, auth_data=Depends(dependency=<function verify_password_reset_token>, use_cache=True, scope=None), db=Depends(dependency=<function get_db>, use_cache=True, scope=None))[Quellcode]
- backend.routers.password_reset.set_new_password(request, data, auth_data=Depends(dependency=<function verify_password_reset_token>, use_cache=True, scope=None), db=Depends(dependency=<function get_db>, use_cache=True, scope=None))[Quellcode]