Send email address in the data rather than the user_id as a path param.

Remove unused OldRequestVerifyCodeSchema.

app/schemas.py

@@ -1,5 +1,4 @@
 import re
-from flask import current_app
 from flask_marshmallow.fields import fields
 from . import ma
 from . import models
@@ -102,18 +101,6 @@ class JobSchema(BaseSchema):
         model = models.Job
 
 
-# TODO: Remove this schema once the admin app has stopped using the /user/<user_id>code endpoint
-class OldRequestVerifyCodeSchema(ma.Schema):
-
-    code_type = fields.Str(required=True)
-    to = fields.Str(required=False)
-
-    @validates('code_type')
-    def validate_code_type(self, code):
-        if code not in models.VERIFY_CODE_TYPES:
-            raise ValidationError('Invalid code type')
-
-
 class RequestVerifyCodeSchema(ma.Schema):
     to = fields.Str(required=False)
 
@@ -195,6 +182,14 @@ class PermissionSchema(BaseSchema):
         exclude = ("created_at",)
 
 
+class EmailDataSchema(ma.Schema):
+    email = fields.Str(required=False)
+
+    @validates('email')
+    def validate_to(self, value):
+        if not email_regex.match(value):
+            raise ValidationError('Invalid email')
+
 user_schema = UserSchema()
 user_schema_load_json = UserSchema(load_json=True)
 service_schema = ServiceSchema()
@@ -205,7 +200,6 @@ api_key_schema = ApiKeySchema()
 api_key_schema_load_json = ApiKeySchema(load_json=True)
 job_schema = JobSchema()
 job_schema_load_json = JobSchema(load_json=True)
-old_request_verify_code_schema = OldRequestVerifyCodeSchema()
 request_verify_code_schema = RequestVerifyCodeSchema()
 sms_admin_notification_schema = SmsAdminNotificationSchema()
 sms_template_notification_schema = SmsTemplateNotificationSchema()
@@ -216,3 +210,4 @@ notification_status_schema = NotificationStatusSchema()
 notification_status_schema_load_json = NotificationStatusSchema(load_json=True)
 invited_user_schema = InvitedUserSchema()
 permission_schema = PermissionSchema()
+email_data_request_schema = EmailDataSchema()

app/user/rest.py

@@ -17,7 +17,7 @@ from app.dao.permissions_dao import permission_dao
 from app.dao.services_dao import dao_fetch_service_by_id
 
 from app.schemas import (
-    old_request_verify_code_schema,
+    email_data_request_schema,
     user_schema,
     request_verify_code_schema,
     user_schema_load_json,
@@ -191,19 +191,23 @@ def get_by_email():
     email = request.args.get('email')
     if not email:
         return jsonify(result="error", message="invalid request"), 400
-    user = get_user_by_email(email)
-    if not user:
-        return jsonify(result="error", message="not found"), 404
-    result = user_schema.dump(user)
+    fetched_user = get_user_by_email(email)
+    if not fetched_user:
+        return _user_not_found_for_email(email)
+    result = user_schema.dump(fetched_user)
 
     return jsonify(data=result.data)
 
 
-@user.route('/<int:user_id>/reset-password', methods=['POST'])
-def send_reset_password(user_id):
-    user_to_send_to = get_model_users(user_id=user_id)
+@user.route('/reset-password', methods=['POST'])
+def send_reset_password():
+    email, errors = email_data_request_schema.load(request.get_json())
+    if errors:
+        return jsonify(result="error", message=errors), 400
+
+    user_to_send_to = get_user_by_email(email['email'])
     if not user_to_send_to:
-        return _user_not_found(user_id)
+        return _user_not_found_for_email(email['email'])
 
     reset_password_message = {'to': user_to_send_to.email_address,
                               'reset_password_url': _create_reset_password_url(user_to_send_to.email_address)}
@@ -216,6 +220,10 @@ def _user_not_found(user_id):
     return abort(404, 'User not found for id: {}'.format(user_id))
 
 
+def _user_not_found_for_email(email):
+    return abort(404, 'User not found for email address: {}'.format(email))
+
+
 def _create_reset_password_url(email):
     from utils.url_safe_token import generate_token
     token = generate_token(email, current_app.config['SECRET_KEY'], current_app.config['DANGEROUS_SALT'])