How to send a reset token without the user using the endpoint

[cyzanfar]

Currently I have this implementation:

urlpatterns = [
    ...
    url(r'^api/password_reset/', include('django_rest_passwordreset.urls', namespace='password_reset')),
    ...
]

Then when a user requests a password reset I send an email using the Signal provided by the package:

@receiver(reset_password_token_created)
def password_reset_token_created(sender, instance, reset_password_token, *args, **kwargs):
    """
    Handles password reset tokens
    When a token is created, an e-mail needs to be sent to the user
    :param reset_password_token: Token Model Object
    :return:
    """
    # send an e-mail to the user
    context = {
        'email': reset_password_token.user.email,
        'reset_password_url': f"{BASE_URL}new-password?token={reset_password_token.key}"
    }
    send_reset_pwd_to_sendingblue.delay(context)

However, in my case, I want to programmatically create the token and send it to the user without the use of the endpoint meaning the user won't reset their password through the endpoint, rather my application will create the token and send it to the user.

[cyzanfar]

Any help here pleaseeee?

[nezhar]

Have you tried to create a custom token generator?

[nezhar]

Can you also describe your use case a bit? After looking a second time it sound more like you need another trigger for the reset, other then the rest endpoint.

[cyzanfar]

Yes my usecase is when a user signs up (without the need of a password) I would like to send them a welcome email containing the reset password link. How can I go about doing that by leveraging the current implementation of the package and without creating my own token generator?
Can one only create a token via the endpoint?

[nezhar]

At the moment the library supports the creation of the token only with the endpoint. The custom token generator won't help here. A refactoring of ResetPasswordRequestToken.post where the request and the serailizer are detached form the password resert logic is required in order to achieve it. This way code can be moved into a new function which can be included for a custom reset. Would you like to try this and provide a pull request?

[cyzanfar]

Yes Sure I can do that. Thanks for the help I was wondering if this was an out-of-the-box functionality but it appears not

[nezhar]

It seems that there is already a similar PR available #97

[nezhar]

In #143 you can find a draft for the implementation.
This would allow you to use generate_token_for_email without the need of a request.

[Elkasitu]

In case someone else runs into this issue, you can simply do something like this:

from django_rest_passwordreset.models import ResetPasswordToken
from django.contrib.auth.models import User

my_user = User.objects.get(pk=1)
token = ResetPasswordToken.objects.create(user=my_user)
# do whatever you want with token.key here