add endpoint to send password reset emails

Author: GalMunGral

backend/app/keycloak_auth.py

@@ -2,7 +2,7 @@
 import json
 import logging
 from datetime import datetime
-from typing import Optional
+from typing import List, Optional
 
 from fastapi import Depends, HTTPException, Security
 from fastapi.security import APIKeyCookie, APIKeyHeader, OAuth2AuthorizationCodeBearer
@@ -473,6 +473,22 @@ async def update_user(
     return updated_user
 
 
+def send_update_account(email: str, actions: List[str]):
+    """Send an update account email to the user."""
+    keycloak_admin = KeycloakAdmin(
+        server_url=settings.auth_server_url,
+        username=settings.keycloak_username,
+        password=settings.keycloak_password,
+        realm_name=settings.keycloak_realm_name,
+        user_realm_name=settings.keycloak_user_realm_name,
+        # client_secret_key=settings.auth_client_secret,
+        # client_id=settings.keycloak_client_id,
+        verify=True,
+    )
+    user_id = keycloak_admin.get_user_id(username=email)
+    keycloak_admin.send_update_account(user_id, actions)
+
+
 def delete_user(email: str):
     """Create a user in Keycloak."""
     keycloak_admin = KeycloakAdmin(

backend/app/routers/keycloak.py

@@ -9,6 +9,7 @@
     keycloak_openid,
     oauth2_scheme,
     retreive_refresh_token,
+    send_update_account,
 )
 from app.models.tokens import TokenDB
 from app.models.users import UserDB, UserLogin
@@ -17,6 +18,7 @@
 from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer
 from jose import ExpiredSignatureError, JWTError, jwt
 from keycloak.exceptions import KeycloakAuthenticationError, KeycloakGetError
+from pydantic import EmailStr
 from starlette.responses import RedirectResponse
 
 router = APIRouter()
@@ -42,6 +44,11 @@ async def loginGet() -> RedirectResponse:
     )
 
 
+@router.post("/reset-password")
+async def reset_password(email: EmailStr):
+    send_update_account(email, ["UPDATE_PASSWORD"])
+
+
 @router.get("/logout")
 async def logout(
     credentials: HTTPAuthorizationCredentials = Security(security),

frontend/src/openapi/v2/services/AuthService.ts

@@ -53,6 +53,27 @@ export class AuthService {
         });
     }
 
+    /**
+     * Reset Password
+     * @param email
+     * @returns any Successful Response
+     * @throws ApiError
+     */
+    public static resetPasswordApiV2AuthResetPasswordPost(
+        email: string,
+    ): CancelablePromise<any> {
+        return __request({
+            method: 'POST',
+            path: `/api/v2/auth/reset-password`,
+            query: {
+                'email': email,
+            },
+            errors: {
+                422: `Validation Error`,
+            },
+        });
+    }
+
     /**
      * Logout
      * Logout of keycloak.

openapi.json

@@ -11992,6 +11992,47 @@
         }
       }
     },
+    "/api/v2/auth/reset-password": {
+      "post": {
+        "tags": [
+          "auth"
+        ],
+        "summary": "Reset Password",
+        "operationId": "reset_password_api_v2_auth_reset_password_post",
+        "parameters": [
+          {
+            "required": true,
+            "schema": {
+              "title": "Email",
+              "type": "string",
+              "format": "email"
+            },
+            "name": "email",
+            "in": "query"
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Successful Response",
+            "content": {
+              "application/json": {
+                "schema": {}
+              }
+            }
+          },
+          "422": {
+            "description": "Validation Error",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/HTTPValidationError"
+                }
+              }
+            }
+          }
+        }
+      }
+    },
     "/api/v2/auth/logout": {
       "get": {
         "tags": [