Hi,
Is it possible to change a user password through frappe api?
You can trigger a password reset email like this:
GET /api/method/frappe.core.doctype.user.user.reset_password?user=mail@example.org
1 Like
yes i was aware of reset-password but i need a change_password api which is available in My settings->change password
Unfortunately the update password method is not white-listed. But you can create a white-list wrapper method for that
This works for changing the password from the command line:
curl --location --request PUT 'http://erp.my-company.com/api/resource/User/mail@example.org' \
--header 'Content-Type: application/json' \
--data-raw '{
"new_password": "My new password"
}'
Or, if you’re using FrappeClient:
from frappeclient import FrappeClient
conn = FrappeClient("example.org")
conn.login("mail@example.org", "password")
doc = conn.get_doc('User', 'mail@example.org')
doc['new_password'] = 'My new password'
conn.update(doc)
Keep in mind that it’s not a good idea to set passwords on behalf of your users, or handle passwords at all, if you don’t have to.
Thanks @rmeyer worked like a charm
how can i make this method
import frappe
from frappe.utils.password import update_password
@frappe.whitelist()
def change_user_password(user, new_password):
try:
if not frappe.db.exists(“User”, user):
return {
“status”: “error”,
“message”: f"User {user} not found"
}
update_password(user, new_password)
return {
“status”: “success”,
“message”: f"Password for {user} updated successfully"
}
except Exception as e:
frappe.log_error(frappe.get_traceback(), “Change User Password API Error”)
return {
“status”: “error”,
“message”: str(e)
}
@Savan120 with your code, any user could change the password of any other user. This would introduce a big security issue and really shouldn’t be done.