python/fastapi-users
1
0
Fork 0
mirror of https://github.com/fastapi-users/fastapi-users.git synced 2025-11-04 06:37:51 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
fastapi-users/docs/configuration/routers/reset.md
François Voron d4227ae20f Fix #335: implement after_reset_password handler
2021-01-12 11:18:34 +01:00

2.5 KiB
Raw Blame History

Reset password router

The reset password router will generate /forgot-password (the user asks for a token to reset its password) and /reset-password (the user changes its password given the token) routes.

Check the routes usage to learn how to use them.

Setup

from fastapi import FastAPI
from fastapi_users import FastAPIUsers

fastapi_users = FastAPIUsers(
    user_db,
    auth_backends,
    User,
    UserCreate,
    UserUpdate,
    UserDB,
)

app = FastAPI()
app.include_router(
    fastapi_users.get_reset_password_router("SECRET"),
    prefix="/auth",
    tags=["auth"],
)

Parameters:

  • reset_password_token_secret: Secret to encode reset password token.
  • reset_password_token_lifetime_seconds: Lifetime of reset password token. Defaults to 3600.
  • after_forgot_password: Optional function called after a successful forgot password request. See below.

After forgot password

You can provide a custom function to be called after a successful forgot password request. It is called with three arguments:

  • The user which has requested to reset their password.
  • A ready-to-use JWT token that will be accepted by the reset password route.
  • The original Request object.

Typically, you'll want to send an e-mail with the link (and the token) that allows the user to reset their password.

You can define it as an async or standard method.

Example:

def on_after_forgot_password(user: UserDB, token: str, request: Request):
    print(f"User {user.id} has forgot their password. Reset token: {token}")

app.include_router(
    fastapi_users.get_reset_password_router("SECRET", after_forgot_password=on_after_forgot_password),
    prefix="/auth",
    tags=["auth"],
)

After reset password

You can provide a custom function to be called after a successful password reset. It is called with two arguments:

  • The user which has reset their password.
  • The original Request object.

For example, you may want to send an e-mail to the concerned user to warn him that their password has been changed and that they should take action if they think they have been hacked.

You can define it as an async or standard method.

Example:

def on_after_reset_password(user: UserDB, request: Request):
    print(f"User {user.id} has reset their password.")

app.include_router(
    fastapi_users.get_reset_password_router("SECRET", after_reset_password=on_after_reset_password),
    prefix="/auth",
    tags=["auth"],
)