2

I wish to make a route for "forgot password"-functionality, while using Flask-Restless. My idea was that the request could look like this:

POST /api/user/<id>/forgot_password

and Flask-Restless would send this request to a custom "forgot password"-route which I provided. This way, I could define my own complex operations here on the user object (store intermediate stuff in DB, email password reset link, etc.)

I have not been able to find such functionality in the docs for Flask-Restless. Also, while trying to make a quick (hacky) separate route (outside of Flask-Restless) which simply corresponded to the above route, Flask-Restless still picked up on the request and returned a 405 (Method Not Allowed).

One can imagine this kind of functionality for other complex operations as well (e.g. change password, change email).

Is it possible to achieve this routing scheme somehow? If so, how?

If not, what would be an alternative? An ordinary route in a separate blueprint?

luk2302
  • 55,258
  • 23
  • 97
  • 137
haeger
  • 623
  • 5
  • 14
  • I don't know `flask-restless` but in `flask` that's doable. Are you sure that you've included `methods=['POST']` in your `apimanager.create_api()` call? That sounds like what you're forgetting. – Daniel Timberlake Feb 20 '15 at 20:26
  • I'm positive that POST is included and works. The issue is really to be able to add custom functionality to the auto generated end-points of Flask-Restless. As you mention, it's possible in Flask, but creating separate routes would slightly defeat the purpose of Flask-Restless. – haeger Feb 20 '15 at 20:43
  • In my view, using a POST to reset the password seems wrong. See [here](http://restcookbook.com/HTTP%20Methods/put-vs-post/) for some info. If you implement this via a PUT instead, restless should work without changes. – vikramls Feb 20 '15 at 21:41
  • @vikramls Regardless of the verb used, the question still stands. A simple PUT doesn't really cut it, as I don't want to update the model with a new password directly. I want to, in this case, send an email to the user with a password reset link, but this could differ (e.g. if you wanted to have a "change email" route, which sent verification emails, stored stuff in DB, etc). (A bit OT: I used POST because of the semantic found [here](http://stackoverflow.com/questions/3077229/restful-password-reset)) – haeger Feb 20 '15 at 22:24

1 Answers1

0

This is not possible within the Flask-Restless extension. One might be able to add it manually.

I made a feature request for this on the Flask-Restless issue tracker, and it was determined to be out of scope by the author.

haeger
  • 623
  • 5
  • 14