Module Description
New Rest Plugins to use REST for forgot / change password. and Email template.
This provides a way to for people gone the headless route. a few things 1) creates a new email template (see below) which you can edit at /admin/config/people/accounts
that contains a custom token: [user:rest-temp-password]
this is triggered via
ENABLE THESE WITH RESTUI https://www.drupal.org/project/restui
ENDPOINT: Lost password Content-Type: application/json Method: POST
SITE + /user/lost-password?_format=json { "mail": "your@yoursite.email" }
This token can ONLY be used in 2 ways....
1) USED to reset the user password to a new password VIA
ENDPOINT: Reset Lost password Via Temp password Content-Type: application/json Method: POST SITE + /user/lost-password-reset?_format=json { "name": "DRUPALUSERNAME", "temp_pass":"TEMP_PASSWORD_SENT_IN_EMAIL" "new_pass":"NEW_PASS_WORD" }
or by logging in via "user/login?_format=json" (but you will get an extra key in user_data: called "temp_password")
{ "name":"admin", "pass":"TEMPSENTPASS", "temp_pass": "TEMPSENTPASS" }
which you should then redirect the user to reset there real password..
The temp password can not be used to log in to the "normal" Drupal front end The temp password will expire in 7days The temp password is no longer valid once a user resets their password.
Big Note on why you need to clear your Drupal cache, because this module ships with a route subscriber that removes all permissions ect from the use of the end point. So you may see a custom permission but you don't need to tick it as the subscriber alters this.
UPDATE 3 Jan 20 If using the email registration module then ... use the [user:mail] token, and {"name": "email@email.com" ...
This provides a way to for people gone the headless route. a few things 1) creates a new email template (see below) which you can edit at /admin/config/people/accounts
that contains a custom token: [user:rest-temp-password]
this is triggered via
ENABLE THESE WITH RESTUI https://www.drupal.org/project/restui
ENDPOINT: Lost password Content-Type: application/json Method: POST
SITE + /user/lost-password?_format=json { "mail": "your@yoursite.email" }
This token can ONLY be used in 2 ways....
1) USED to reset the user password to a new password VIA
ENDPOINT: Reset Lost password Via Temp password Content-Type: application/json Method: POST SITE + /user/lost-password-reset?_format=json { "name": "DRUPALUSERNAME", "temp_pass":"TEMP_PASSWORD_SENT_IN_EMAIL" "new_pass":"NEW_PASS_WORD" }
or by logging in via "user/login?_format=json" (but you will get an extra key in user_data: called "temp_password")
{ "name":"admin", "pass":"TEMPSENTPASS", "temp_pass": "TEMPSENTPASS" }
which you should then redirect the user to reset there real password..
The temp password can not be used to log in to the "normal" Drupal front end The temp password will expire in 7days The temp password is no longer valid once a user resets their password.
Big Note on why you need to clear your Drupal cache, because this module ships with a route subscriber that removes all permissions ect from the use of the end point. So you may see a custom permission but you don't need to tick it as the subscriber alters this.
UPDATE 3 Jan 20 If using the email registration module then ... use the [user:mail] token, and {"name": "email@email.com" ...
Module Link
Project Usage
522
Security Covered
Not Covered By Security Advisory
Version Available
Production
Module Summary
This module provides new REST plugins for forgot/change password functionality, including email templates and custom tokens, enabling users to reset passwords via REST endpoints in a headless Drupal setup.
Data Name
rest_password
OPENAI CHATBOT
OPENAI CHATBOT
