问题
Using flask-security, I want my flow to be similar to as follows:
- admin creates user
- admin sends user notification email they've been created
- user uses link in notification email to set password
I tried using the forgot_password view from the admin account for step 2, but https://github.com/jwag956/flask-security/blob/743be9c979b558b4ecfb177dc8117c0bf55e38ed/flask_security/views.py#L464 requires anonymous user and therefore redirects.
I see https://stackoverflow.com/a/31228170/799921 but it's a bit vague. Is this the best solution?
回答1:
I was looking through flask-security-too, and think I found an answer. I'm not sure if the function I used is intended to be part of an open api, but it works for my needs.
I created an admin create user view which adds the user email (and name, etc) to the database. As part of creating the user, the view calls the function normally called when the user clicks on "forgot password", i.e., send_reset_password_instructions. So now as part of the admin's create user process, the user is sent an email with a link at which the user can set their own password.
from flask_security.recoverable import send_reset_password_instructions
# my code is maintains self.created_id after creating the user record
# this is due to some complex class involved which handles my crudapi stuff
# your code may vary
user = User.query.filter_by(id=self.created_id).one()
send_reset_password_instructions(user)
来源:https://stackoverflow.com/questions/59590183/flask-security-admin-create-user-force-user-to-choose-password