change user password REST API

I am trying to let a user change their password via the API. What it looks like here is that I can send a POST request to the users endpoint with their user ID at the end, sending the new password in the request body as JSON. So,

POST to : https://example.com/wp-json/wp/v2/users/123

And in the body:

{
    password: mySecretPassword
}

In this case, the user is authenticated via JWT and needs to send the token in the header of the request.

When I tried this in postman, the request hangs for a really long time but finally seems to go through and the password is updated.

I wanted to know if I am doing this correctly, and if so why does it take so long?

Topic rest-api password users Wordpress

Category Web

1
answered at

I am creating Forgot password api In wordpress realtime using

website link : Linuxtips

function frgpassword(){
   global $wpdb,$wp_hasher;
   
   $methode = $_GET; 
   if(empty($methode['username'])){
       $response = [ 'error' => true, 'code' => 400, "message" => "Enter username or Register email" ];
   } else {
       $custom_users_table = CUSTOM_USER_TABLE;
       $sql = $wpdb->prepare( "SELECT * FROM `{$custom_users_table}` WHERE `user_login` = %s OR `user_email` = %s;", array( $methode['username'], $methode['username'] ) );
       $userdata = $wpdb->get_results($sql);
       if(empty($userdata)){
          $response = [ 'error' => true, 'code' => 404, "message" => "User Not Found {$methode['username']}" ]; 
       } else {
           $user = $userdata['0'];
           
           $allow = apply_filters( 'allow_password_reset', (is_multisite() && is_user_spammy( $user )) ? false : true, $user->ID );
           if ( ! $allow ) {
               $response = [ 'error' => true, 'code' => 403, "message" => "Password reset is not allowed for this user" ]; 
           } else {
              $key = wp_generate_password( 20, false );  
              do_action( 'retrieve_password_key', $user->user_login, $key );
              if ( empty( $wp_hasher ) ) {
                   require_once ABSPATH . WPINC . '/class-phpass.php';
                   $wp_hasher = new PasswordHash( 8, true );
              }
              // update new password into database
              $wpdb->query($wpdb->prepare("UPDATE {$custom_users_table} SET user_activation_key= %s WHERE ID = %s"), array((time() . ':' . $wp_hasher->HashPassword( $key )), $user->ID));
              $link = home_url("wp-login.php?action=rp&key={$key}&login={$user->user_login}&wp_lang=en_US");
              
              $message = "Someone has requested a password reset for the following account: \n Site Name: ".get_bloginfo()." From Mobile App \n \n Username: {$user->user_login} \n If this was a mistake, ignore this email and nothing will happen. \n To reset your password, visit the following address: \n {$link} \n This password reset request originated from the IP address ".ns_wp_user_ip();
              $headers = array('From: '.get_bloginfo()." Mobile App ".' <accounts@'.$_SERVER['SERVER_NAME'].'>');
              
              wp_mail($user->user_email,"[".get_bloginfo()."] Password Reset",$message,$headers);
              $response = [ 'error' => false, 'code' => 200, "message" => "Password reset link has been sent to your registered email" ];
           }
       }
   }
   return new WP_REST_Response($response, $response['code']);
}

Creating rest router

register_rest_route('neoistone/v2', '/frgpassword', array(
      'methode' => "GET",
      'callback' => "frgpassword",
      "permission_callback" => "frgpassword"
  ));
1
answered at

This question is from 9 months ago and maybe it is solved right now. but I'll send the answer to help other people who may have this question:
You have to install JWT plugin. Then, you have to create Bearer Token by POSTing a username and password to this address:
https://example.com/wp-json/jwt-auth/v1/token
In postman, you have to insert your Bearer Token in Auth tab and change your password by posting this address:
http://example.com/wp-json/wp/v2/users/123?password=newpassword
(123 is the sample user id.)

About

Geeks Mental is a community that publishes articles and tutorials about Web, Android, Data Science, new techniques and Linux security.