darkhelm/notifications-api
1
0
Fork 0
mirror of https://github.com/GSA/notifications-api.git synced 2025-12-16 02:02:13 -05:00
Code Issues Packages Projects Releases Wiki Activity

Allow admin app to specify domain for password reset

Browse Source 
This follows the pattern for invite emails where the admin app tells the
API which domain to use when generating the link.

This will starting working once this admin change is merged:
- [ ] https://github.com/alphagov/notifications-admin/pull/4150/files

It won’t break anything if it’s merged before the admin change.
This commit is contained in:
Chris Hill-Scott
2022-02-02 16:42:55 +00:00
parent ac5967bc5a
commit 07f584e1d5
2 changed files with 39 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
app/user/rest.py
View File

@@ -499,10 +499,9 @@ def find_users_by_email():
@user_blueprint.route('/reset-password', methods=['POST'])
def send_user_reset_password():
email, errors = email_data_request_schema.load(request.get_json())
request_json = request.get_json()
email, errors = email_data_request_schema.load(request_json)
user_to_send_to = get_user_by_email(email['email'])
template = dao_get_template_by_id(current_app.config['PASSWORD_RESET_TEMPLATE_ID'])
service = Service.query.get(current_app.config['NOTIFY_SERVICE_ID'])
saved_notification = persist_notification(
@@ -514,7 +513,8 @@ def send_user_reset_password():
'user_name': user_to_send_to.name,
'url': _create_reset_password_url(
user_to_send_to.email_address,
next_redirect=request.get_json().get('next')
base_url=request_json.get('admin_base_url'),
next_redirect=request_json.get('next')
)
},
notification_type=template.template_type,
@@ -547,10 +547,10 @@ def get_organisations_and_services_for_user(user_id):
return jsonify(data)
def _create_reset_password_url(email, next_redirect):
def _create_reset_password_url(email, next_redirect, base_url=None):
data = json.dumps({'email': email, 'created_at': str(datetime.utcnow())})
static_url_part = '/new-password/'
full_url = url_with_token(data, static_url_part, current_app.config)
full_url = url_with_token(data, static_url_part, current_app.config, base_url=base_url)
if next_redirect:
full_url += '?{}'.format(urlencode({'next': next_redirect}))
return full_url