Merge branch 'main' into password-reset-fix

CHANGELOG.md

@@ -2,7 +2,13 @@
 
 ## v0.4.25
 
-FIX: Updated password reset to handle multiple reset requests.
+FEATURE: The web console now supports revoking your current account token and generating a new one (https://github.com/openziti/zrok/issues/191)
+
+CHANGE: Creating a reserved share checks for token collision and returns a more appropriate error message (https://github.com/openziti/zrok/issues/531)
+
+CHANGE: Update UI to add a 'true' value on `reserved` boolean (https://github.com/openziti/zrok/issues/443)
+
+FIX: Fixed bug where a second password reset request would for any account would fail (https://github.com/openziti/zrok/issues/452)
 
 ## v0.4.24
 

controller/controller.go

@@ -49,6 +49,7 @@ func Run(inCfg *config.Config) error {
 	api.AccountRegisterHandler = newRegisterHandler(cfg)
 	api.AccountResetPasswordHandler = newResetPasswordHandler(cfg)
 	api.AccountResetPasswordRequestHandler = newResetPasswordRequestHandler()
+	api.AccountResetTokenHandler = newResetTokenHandler()
 	api.AccountVerifyHandler = newVerifyHandler()
 	api.AdminCreateFrontendHandler = newCreateFrontendHandler()
 	api.AdminCreateIdentityHandler = newCreateIdentityHandler()

controller/resetToken.go

@@ -0,0 +1,62 @@
+package controller
+
+import (
+	"github.com/go-openapi/runtime/middleware"
+	"github.com/openziti/zrok/rest_model_zrok"
+	"github.com/openziti/zrok/rest_server_zrok/operations/account"
+	"github.com/sirupsen/logrus"
+)
+
+type resetTokenHandler struct{}
+
+func newResetTokenHandler() *resetTokenHandler {
+	return &resetTokenHandler{}
+}
+
+func (handler *resetTokenHandler) Handle(params account.ResetTokenParams, principal *rest_model_zrok.Principal) middleware.Responder {
+	if params.Body.EmailAddress == "" {
+		logrus.Error("missing email")
+		return account.NewResetTokenNotFound()
+	}
+	logrus.Infof("received token reset request for email '%v'", params.Body.EmailAddress)
+
+	tx, err := str.Begin()
+	if err != nil {
+		logrus.Errorf("error starting transaction for '%v': %v", params.Body.EmailAddress, err)
+		return account.NewResetTokenInternalServerError()
+	}
+	defer tx.Rollback()
+
+	a, err := str.FindAccountWithEmail(params.Body.EmailAddress, tx)
+	if err != nil {
+		logrus.Errorf("error finding account for '%v': %v", params.Body.EmailAddress, err)
+		return account.NewResetTokenNotFound()
+	}
+	if a.Deleted {
+		logrus.Errorf("account '%v' for '%v' deleted", a.Email, a.Token)
+		return account.NewResetTokenNotFound()
+	}
+
+	// Need to create new token and invalidate all other resources
+	token, err := CreateToken()
+	if err != nil {
+		logrus.Errorf("error creating token for request '%v': %v", params.Body.EmailAddress, err)
+		return account.NewResetTokenInternalServerError()
+	}
+
+	a.Token = token
+
+	if _, err := str.UpdateAccount(a, tx); err != nil {
+		logrus.Errorf("error updating account for request '%v': %v", params.Body.EmailAddress, err)
+		return account.NewResetTokenInternalServerError()
+	}
+
+	if err := tx.Commit(); err != nil {
+		logrus.Errorf("error committing '%v' (%v): %v", params.Body.EmailAddress, a.Email, err)
+		return account.NewResetTokenInternalServerError()
+	}
+
+	logrus.Infof("reset token for '%v'", a.Email)
+
+	return account.NewResetTokenOK().WithPayload(&account.ResetTokenOKBody{Token: token})
+}

controller/share.go

@@ -72,6 +72,15 @@ func (h *shareHandler) Handle(params share.ShareParams, principal *rest_model_zr
 			logrus.Errorf("invalid unique name '%v' for account '%v'", uniqueName, principal.Email)
 			return share.NewShareUnprocessableEntity()
 		}
+		shareExists, err := str.ShareWithTokenExists(uniqueName, trx)
+		if err != nil {
+			logrus.Errorf("error checking share for token collision: %v", err)
+			return share.NewUpdateShareInternalServerError()
+		}
+		if shareExists {
+			logrus.Errorf("token '%v' already exists; cannot create share", uniqueName)
+			return share.NewShareConflict()
+		}
 		shrToken = uniqueName
 	}
 

controller/store/share.go

@@ -63,6 +63,14 @@ func (str *Store) FindShareWithToken(shrToken string, tx *sqlx.Tx) (*Share, erro
 	return shr, nil
 }
 
+func (str *Store) ShareWithTokenExists(shrToken string, tx *sqlx.Tx) (bool, error) {
+	count := 0
+	if err := tx.QueryRowx("select count(0) from shares where token = $1 and not deleted", shrToken).Scan(&count); err != nil {
+		return true, errors.Wrap(err, "error selecting share count by token")
+	}
+	return count > 0, nil
+}
+
 func (str *Store) FindShareWithZIdAndDeleted(zId string, tx *sqlx.Tx) (*Share, error) {
 	shr := &Share{}
 	if err := tx.QueryRowx("select * from shares where z_id = $1", zId).StructScan(shr); err != nil {

rest_client_zrok/account/account_client.go

@@ -40,6 +40,8 @@ type ClientService interface {
 
 	ResetPasswordRequest(params *ResetPasswordRequestParams, opts ...ClientOption) (*ResetPasswordRequestCreated, error)
 
+	ResetToken(params *ResetTokenParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*ResetTokenOK, error)
+
 	Verify(params *VerifyParams, opts ...ClientOption) (*VerifyOK, error)
 
 	SetTransport(transport runtime.ClientTransport)
@@ -235,6 +237,45 @@ func (a *Client) ResetPasswordRequest(params *ResetPasswordRequestParams, opts .
 	panic(msg)
 }
 
+/*
+ResetToken reset token API
+*/
+func (a *Client) ResetToken(params *ResetTokenParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*ResetTokenOK, error) {
+	// TODO: Validate the params before sending
+	if params == nil {
+		params = NewResetTokenParams()
+	}
+	op := &runtime.ClientOperation{
+		ID:                 "resetToken",
+		Method:             "POST",
+		PathPattern:        "/resetToken",
+		ProducesMediaTypes: []string{"application/zrok.v1+json"},
+		ConsumesMediaTypes: []string{"application/zrok.v1+json"},
+		Schemes:            []string{"http"},
+		Params:             params,
+		Reader:             &ResetTokenReader{formats: a.formats},
+		AuthInfo:           authInfo,
+		Context:            params.Context,
+		Client:             params.HTTPClient,
+	}
+	for _, opt := range opts {
+		opt(op)
+	}
+
+	result, err := a.transport.Submit(op)
+	if err != nil {
+		return nil, err
+	}
+	success, ok := result.(*ResetTokenOK)
+	if ok {
+		return success, nil
+	}
+	// unexpected success response
+	// safeguard: normally, absent a default response, unknown success responses return an error above: so this is a codegen issue
+	msg := fmt.Sprintf("unexpected success response for resetToken: API contract not enforced by server. Client expected to get an error, but got: %T", result)
+	panic(msg)
+}
+
 /*
 Verify verify API
 */

rest_client_zrok/account/reset_token_parameters.go

@@ -0,0 +1,146 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package account
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+	"net/http"
+	"time"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/runtime"
+	cr "github.com/go-openapi/runtime/client"
+	"github.com/go-openapi/strfmt"
+)
+
+// NewResetTokenParams creates a new ResetTokenParams object,
+// with the default timeout for this client.
+//
+// Default values are not hydrated, since defaults are normally applied by the API server side.
+//
+// To enforce default values in parameter, use SetDefaults or WithDefaults.
+func NewResetTokenParams() *ResetTokenParams {
+	return &ResetTokenParams{
+		timeout: cr.DefaultTimeout,
+	}
+}
+
+// NewResetTokenParamsWithTimeout creates a new ResetTokenParams object
+// with the ability to set a timeout on a request.
+func NewResetTokenParamsWithTimeout(timeout time.Duration) *ResetTokenParams {
+	return &ResetTokenParams{
+		timeout: timeout,
+	}
+}
+
+// NewResetTokenParamsWithContext creates a new ResetTokenParams object
+// with the ability to set a context for a request.
+func NewResetTokenParamsWithContext(ctx context.Context) *ResetTokenParams {
+	return &ResetTokenParams{
+		Context: ctx,
+	}
+}
+
+// NewResetTokenParamsWithHTTPClient creates a new ResetTokenParams object
+// with the ability to set a custom HTTPClient for a request.
+func NewResetTokenParamsWithHTTPClient(client *http.Client) *ResetTokenParams {
+	return &ResetTokenParams{
+		HTTPClient: client,
+	}
+}
+
+/*
+ResetTokenParams contains all the parameters to send to the API endpoint
+
+	for the reset token operation.
+
+	Typically these are written to a http.Request.
+*/
+type ResetTokenParams struct {
+
+	// Body.
+	Body ResetTokenBody
+
+	timeout    time.Duration
+	Context    context.Context
+	HTTPClient *http.Client
+}
+
+// WithDefaults hydrates default values in the reset token params (not the query body).
+//
+// All values with no default are reset to their zero value.
+func (o *ResetTokenParams) WithDefaults() *ResetTokenParams {
+	o.SetDefaults()
+	return o
+}
+
+// SetDefaults hydrates default values in the reset token params (not the query body).
+//
+// All values with no default are reset to their zero value.
+func (o *ResetTokenParams) SetDefaults() {
+	// no default values defined for this parameter
+}
+
+// WithTimeout adds the timeout to the reset token params
+func (o *ResetTokenParams) WithTimeout(timeout time.Duration) *ResetTokenParams {
+	o.SetTimeout(timeout)
+	return o
+}
+
+// SetTimeout adds the timeout to the reset token params
+func (o *ResetTokenParams) SetTimeout(timeout time.Duration) {
+	o.timeout = timeout
+}
+
+// WithContext adds the context to the reset token params
+func (o *ResetTokenParams) WithContext(ctx context.Context) *ResetTokenParams {
+	o.SetContext(ctx)
+	return o
+}
+
+// SetContext adds the context to the reset token params
+func (o *ResetTokenParams) SetContext(ctx context.Context) {
+	o.Context = ctx
+}
+
+// WithHTTPClient adds the HTTPClient to the reset token params
+func (o *ResetTokenParams) WithHTTPClient(client *http.Client) *ResetTokenParams {
+	o.SetHTTPClient(client)
+	return o
+}
+
+// SetHTTPClient adds the HTTPClient to the reset token params
+func (o *ResetTokenParams) SetHTTPClient(client *http.Client) {
+	o.HTTPClient = client
+}
+
+// WithBody adds the body to the reset token params
+func (o *ResetTokenParams) WithBody(body ResetTokenBody) *ResetTokenParams {
+	o.SetBody(body)
+	return o
+}
+
+// SetBody adds the body to the reset token params
+func (o *ResetTokenParams) SetBody(body ResetTokenBody) {
+	o.Body = body
+}
+
+// WriteToRequest writes these params to a swagger request
+func (o *ResetTokenParams) WriteToRequest(r runtime.ClientRequest, reg strfmt.Registry) error {
+
+	if err := r.SetTimeout(o.timeout); err != nil {
+		return err
+	}
+	var res []error
+	if err := r.SetBodyParam(o.Body); err != nil {
+		return err
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}

rest_client_zrok/account/reset_token_responses.go

@@ -0,0 +1,303 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package account
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+	"fmt"
+	"io"
+
+	"github.com/go-openapi/runtime"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// ResetTokenReader is a Reader for the ResetToken structure.
+type ResetTokenReader struct {
+	formats strfmt.Registry
+}
+
+// ReadResponse reads a server response into the received o.
+func (o *ResetTokenReader) ReadResponse(response runtime.ClientResponse, consumer runtime.Consumer) (interface{}, error) {
+	switch response.Code() {
+	case 200:
+		result := NewResetTokenOK()
+		if err := result.readResponse(response, consumer, o.formats); err != nil {
+			return nil, err
+		}
+		return result, nil
+	case 404:
+		result := NewResetTokenNotFound()
+		if err := result.readResponse(response, consumer, o.formats); err != nil {
+			return nil, err
+		}
+		return nil, result
+	case 500:
+		result := NewResetTokenInternalServerError()
+		if err := result.readResponse(response, consumer, o.formats); err != nil {
+			return nil, err
+		}
+		return nil, result
+	default:
+		return nil, runtime.NewAPIError("[POST /resetToken] resetToken", response, response.Code())
+	}
+}
+
+// NewResetTokenOK creates a ResetTokenOK with default headers values
+func NewResetTokenOK() *ResetTokenOK {
+	return &ResetTokenOK{}
+}
+
+/*
+ResetTokenOK describes a response with status code 200, with default header values.
+
+token reset
+*/
+type ResetTokenOK struct {
+	Payload *ResetTokenOKBody
+}
+
+// IsSuccess returns true when this reset token o k response has a 2xx status code
+func (o *ResetTokenOK) IsSuccess() bool {
+	return true
+}
+
+// IsRedirect returns true when this reset token o k response has a 3xx status code
+func (o *ResetTokenOK) IsRedirect() bool {
+	return false
+}
+
+// IsClientError returns true when this reset token o k response has a 4xx status code
+func (o *ResetTokenOK) IsClientError() bool {
+	return false
+}
+
+// IsServerError returns true when this reset token o k response has a 5xx status code
+func (o *ResetTokenOK) IsServerError() bool {
+	return false
+}
+
+// IsCode returns true when this reset token o k response a status code equal to that given
+func (o *ResetTokenOK) IsCode(code int) bool {
+	return code == 200
+}
+
+// Code gets the status code for the reset token o k response
+func (o *ResetTokenOK) Code() int {
+	return 200
+}
+
+func (o *ResetTokenOK) Error() string {
+	return fmt.Sprintf("[POST /resetToken][%d] resetTokenOK  %+v", 200, o.Payload)
+}
+
+func (o *ResetTokenOK) String() string {
+	return fmt.Sprintf("[POST /resetToken][%d] resetTokenOK  %+v", 200, o.Payload)
+}
+
+func (o *ResetTokenOK) GetPayload() *ResetTokenOKBody {
+	return o.Payload
+}
+
+func (o *ResetTokenOK) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
+
+	o.Payload = new(ResetTokenOKBody)
+
+	// response payload
+	if err := consumer.Consume(response.Body(), o.Payload); err != nil && err != io.EOF {
+		return err
+	}
+
+	return nil
+}
+
+// NewResetTokenNotFound creates a ResetTokenNotFound with default headers values
+func NewResetTokenNotFound() *ResetTokenNotFound {
+	return &ResetTokenNotFound{}
+}
+
+/*
+ResetTokenNotFound describes a response with status code 404, with default header values.
+
+account not found
+*/
+type ResetTokenNotFound struct {
+}
+
+// IsSuccess returns true when this reset token not found response has a 2xx status code
+func (o *ResetTokenNotFound) IsSuccess() bool {
+	return false
+}
+
+// IsRedirect returns true when this reset token not found response has a 3xx status code
+func (o *ResetTokenNotFound) IsRedirect() bool {
+	return false
+}
+
+// IsClientError returns true when this reset token not found response has a 4xx status code
+func (o *ResetTokenNotFound) IsClientError() bool {
+	return true
+}
+
+// IsServerError returns true when this reset token not found response has a 5xx status code
+func (o *ResetTokenNotFound) IsServerError() bool {
+	return false
+}
+
+// IsCode returns true when this reset token not found response a status code equal to that given
+func (o *ResetTokenNotFound) IsCode(code int) bool {
+	return code == 404
+}
+
+// Code gets the status code for the reset token not found response
+func (o *ResetTokenNotFound) Code() int {
+	return 404
+}
+
+func (o *ResetTokenNotFound) Error() string {
+	return fmt.Sprintf("[POST /resetToken][%d] resetTokenNotFound ", 404)
+}
+
+func (o *ResetTokenNotFound) String() string {
+	return fmt.Sprintf("[POST /resetToken][%d] resetTokenNotFound ", 404)
+}
+
+func (o *ResetTokenNotFound) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
+
+	return nil
+}
+
+// NewResetTokenInternalServerError creates a ResetTokenInternalServerError with default headers values
+func NewResetTokenInternalServerError() *ResetTokenInternalServerError {
+	return &ResetTokenInternalServerError{}
+}
+
+/*
+ResetTokenInternalServerError describes a response with status code 500, with default header values.
+
+internal server error
+*/
+type ResetTokenInternalServerError struct {
+}
+
+// IsSuccess returns true when this reset token internal server error response has a 2xx status code
+func (o *ResetTokenInternalServerError) IsSuccess() bool {
+	return false
+}
+
+// IsRedirect returns true when this reset token internal server error response has a 3xx status code
+func (o *ResetTokenInternalServerError) IsRedirect() bool {
+	return false
+}
+
+// IsClientError returns true when this reset token internal server error response has a 4xx status code
+func (o *ResetTokenInternalServerError) IsClientError() bool {
+	return false
+}
+
+// IsServerError returns true when this reset token internal server error response has a 5xx status code
+func (o *ResetTokenInternalServerError) IsServerError() bool {
+	return true
+}
+
+// IsCode returns true when this reset token internal server error response a status code equal to that given
+func (o *ResetTokenInternalServerError) IsCode(code int) bool {
+	return code == 500
+}
+
+// Code gets the status code for the reset token internal server error response
+func (o *ResetTokenInternalServerError) Code() int {
+	return 500
+}
+
+func (o *ResetTokenInternalServerError) Error() string {
+	return fmt.Sprintf("[POST /resetToken][%d] resetTokenInternalServerError ", 500)
+}
+
+func (o *ResetTokenInternalServerError) String() string {
+	return fmt.Sprintf("[POST /resetToken][%d] resetTokenInternalServerError ", 500)
+}
+
+func (o *ResetTokenInternalServerError) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
+
+	return nil
+}
+
+/*
+ResetTokenBody reset token body
+swagger:model ResetTokenBody
+*/
+type ResetTokenBody struct {
+
+	// email address
+	EmailAddress string `json:"emailAddress,omitempty"`
+}
+
+// Validate validates this reset token body
+func (o *ResetTokenBody) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// ContextValidate validates this reset token body based on context it is used
+func (o *ResetTokenBody) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (o *ResetTokenBody) MarshalBinary() ([]byte, error) {
+	if o == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(o)
+}
+
+// UnmarshalBinary interface implementation
+func (o *ResetTokenBody) UnmarshalBinary(b []byte) error {
+	var res ResetTokenBody
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*o = res
+	return nil
+}
+
+/*
+ResetTokenOKBody reset token o k body
+swagger:model ResetTokenOKBody
+*/
+type ResetTokenOKBody struct {
+
+	// token
+	Token string `json:"token,omitempty"`
+}
+
+// Validate validates this reset token o k body
+func (o *ResetTokenOKBody) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// ContextValidate validates this reset token o k body based on context it is used
+func (o *ResetTokenOKBody) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (o *ResetTokenOKBody) MarshalBinary() ([]byte, error) {
+	if o == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(o)
+}
+
+// UnmarshalBinary interface implementation
+func (o *ResetTokenOKBody) UnmarshalBinary(b []byte) error {
+	var res ResetTokenOKBody
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*o = res
+	return nil
+}

rest_client_zrok/share/share_responses.go

@@ -41,6 +41,12 @@ func (o *ShareReader) ReadResponse(response runtime.ClientResponse, consumer run
 			return nil, err
 		}
 		return nil, result
+	case 409:
+		result := NewShareConflict()
+		if err := result.readResponse(response, consumer, o.formats); err != nil {
+			return nil, err
+		}
+		return nil, result
 	case 422:
 		result := NewShareUnprocessableEntity()
 		if err := result.readResponse(response, consumer, o.formats); err != nil {
@@ -238,6 +244,62 @@ func (o *ShareNotFound) readResponse(response runtime.ClientResponse, consumer r
 	return nil
 }
 
+// NewShareConflict creates a ShareConflict with default headers values
+func NewShareConflict() *ShareConflict {
+	return &ShareConflict{}
+}
+
+/*
+ShareConflict describes a response with status code 409, with default header values.
+
+conflict
+*/
+type ShareConflict struct {
+}
+
+// IsSuccess returns true when this share conflict response has a 2xx status code
+func (o *ShareConflict) IsSuccess() bool {
+	return false
+}
+
+// IsRedirect returns true when this share conflict response has a 3xx status code
+func (o *ShareConflict) IsRedirect() bool {
+	return false
+}
+
+// IsClientError returns true when this share conflict response has a 4xx status code
+func (o *ShareConflict) IsClientError() bool {
+	return true
+}
+
+// IsServerError returns true when this share conflict response has a 5xx status code
+func (o *ShareConflict) IsServerError() bool {
+	return false
+}
+
+// IsCode returns true when this share conflict response a status code equal to that given
+func (o *ShareConflict) IsCode(code int) bool {
+	return code == 409
+}
+
+// Code gets the status code for the share conflict response
+func (o *ShareConflict) Code() int {
+	return 409
+}
+
+func (o *ShareConflict) Error() string {
+	return fmt.Sprintf("[POST /share][%d] shareConflict ", 409)
+}
+
+func (o *ShareConflict) String() string {
+	return fmt.Sprintf("[POST /share][%d] shareConflict ", 409)
+}
+
+func (o *ShareConflict) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
+
+	return nil
+}
+
 // NewShareUnprocessableEntity creates a ShareUnprocessableEntity with default headers values
 func NewShareUnprocessableEntity() *ShareUnprocessableEntity {
 	return &ShareUnprocessableEntity{}

rest_server_zrok/embedded_spec.go

@@ -832,6 +832,50 @@ func init() {
         }
       }
     },
+    "/resetToken": {
+      "post": {
+        "security": [
+          {
+            "key": []
+          }
+        ],
+        "tags": [
+          "account"
+        ],
+        "operationId": "resetToken",
+        "parameters": [
+          {
+            "name": "body",
+            "in": "body",
+            "schema": {
+              "properties": {
+                "emailAddress": {
+                  "type": "string"
+                }
+              }
+            }
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "token reset",
+            "schema": {
+              "properties": {
+                "token": {
+                  "type": "string"
+                }
+              }
+            }
+          },
+          "404": {
+            "description": "account not found"
+          },
+          "500": {
+            "description": "internal server error"
+          }
+        }
+      }
+    },
     "/share": {
       "post": {
         "security": [
@@ -865,6 +909,9 @@ func init() {
           "404": {
             "description": "not found"
           },
+          "409": {
+            "description": "conflict"
+          },
           "422": {
             "description": "unprocessable"
           },
@@ -2456,6 +2503,50 @@ func init() {
         }
       }
     },
+    "/resetToken": {
+      "post": {
+        "security": [
+          {
+            "key": []
+          }
+        ],
+        "tags": [
+          "account"
+        ],
+        "operationId": "resetToken",
+        "parameters": [
+          {
+            "name": "body",
+            "in": "body",
+            "schema": {
+              "properties": {
+                "emailAddress": {
+                  "type": "string"
+                }
+              }
+            }
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "token reset",
+            "schema": {
+              "properties": {
+                "token": {
+                  "type": "string"
+                }
+              }
+            }
+          },
+          "404": {
+            "description": "account not found"
+          },
+          "500": {
+            "description": "internal server error"
+          }
+        }
+      }
+    },
     "/share": {
       "post": {
         "security": [
@@ -2489,6 +2580,9 @@ func init() {
           "404": {
             "description": "not found"
           },
+          "409": {
+            "description": "conflict"
+          },
           "422": {
             "description": "unprocessable"
           },

rest_server_zrok/operations/account/reset_token.go

@@ -0,0 +1,148 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package account
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the generate command
+
+import (
+	"context"
+	"net/http"
+
+	"github.com/go-openapi/runtime/middleware"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+
+	"github.com/openziti/zrok/rest_model_zrok"
+)
+
+// ResetTokenHandlerFunc turns a function with the right signature into a reset token handler
+type ResetTokenHandlerFunc func(ResetTokenParams, *rest_model_zrok.Principal) middleware.Responder
+
+// Handle executing the request and returning a response
+func (fn ResetTokenHandlerFunc) Handle(params ResetTokenParams, principal *rest_model_zrok.Principal) middleware.Responder {
+	return fn(params, principal)
+}
+
+// ResetTokenHandler interface for that can handle valid reset token params
+type ResetTokenHandler interface {
+	Handle(ResetTokenParams, *rest_model_zrok.Principal) middleware.Responder
+}
+
+// NewResetToken creates a new http.Handler for the reset token operation
+func NewResetToken(ctx *middleware.Context, handler ResetTokenHandler) *ResetToken {
+	return &ResetToken{Context: ctx, Handler: handler}
+}
+
+/*
+	ResetToken swagger:route POST /resetToken account resetToken
+
+ResetToken reset token API
+*/
+type ResetToken struct {
+	Context *middleware.Context
+	Handler ResetTokenHandler
+}
+
+func (o *ResetToken) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
+	route, rCtx, _ := o.Context.RouteInfo(r)
+	if rCtx != nil {
+		*r = *rCtx
+	}
+	var Params = NewResetTokenParams()
+	uprinc, aCtx, err := o.Context.Authorize(r, route)
+	if err != nil {
+		o.Context.Respond(rw, r, route.Produces, route, err)
+		return
+	}
+	if aCtx != nil {
+		*r = *aCtx
+	}
+	var principal *rest_model_zrok.Principal
+	if uprinc != nil {
+		principal = uprinc.(*rest_model_zrok.Principal) // this is really a rest_model_zrok.Principal, I promise
+	}
+
+	if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params
+		o.Context.Respond(rw, r, route.Produces, route, err)
+		return
+	}
+
+	res := o.Handler.Handle(Params, principal) // actually handle the request
+	o.Context.Respond(rw, r, route.Produces, route, res)
+
+}
+
+// ResetTokenBody reset token body
+//
+// swagger:model ResetTokenBody
+type ResetTokenBody struct {
+
+	// email address
+	EmailAddress string `json:"emailAddress,omitempty"`
+}
+
+// Validate validates this reset token body
+func (o *ResetTokenBody) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// ContextValidate validates this reset token body based on context it is used
+func (o *ResetTokenBody) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (o *ResetTokenBody) MarshalBinary() ([]byte, error) {
+	if o == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(o)
+}
+
+// UnmarshalBinary interface implementation
+func (o *ResetTokenBody) UnmarshalBinary(b []byte) error {
+	var res ResetTokenBody
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*o = res
+	return nil
+}
+
+// ResetTokenOKBody reset token o k body
+//
+// swagger:model ResetTokenOKBody
+type ResetTokenOKBody struct {
+
+	// token
+	Token string `json:"token,omitempty"`
+}
+
+// Validate validates this reset token o k body
+func (o *ResetTokenOKBody) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// ContextValidate validates this reset token o k body based on context it is used
+func (o *ResetTokenOKBody) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (o *ResetTokenOKBody) MarshalBinary() ([]byte, error) {
+	if o == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(o)
+}
+
+// UnmarshalBinary interface implementation
+func (o *ResetTokenOKBody) UnmarshalBinary(b []byte) error {
+	var res ResetTokenOKBody
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*o = res
+	return nil
+}

rest_server_zrok/operations/account/reset_token_parameters.go

@@ -0,0 +1,74 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package account
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"net/http"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/runtime"
+	"github.com/go-openapi/runtime/middleware"
+	"github.com/go-openapi/validate"
+)
+
+// NewResetTokenParams creates a new ResetTokenParams object
+//
+// There are no default values defined in the spec.
+func NewResetTokenParams() ResetTokenParams {
+
+	return ResetTokenParams{}
+}
+
+// ResetTokenParams contains all the bound params for the reset token operation
+// typically these are obtained from a http.Request
+//
+// swagger:parameters resetToken
+type ResetTokenParams struct {
+
+	// HTTP Request Object
+	HTTPRequest *http.Request `json:"-"`
+
+	/*
+	  In: body
+	*/
+	Body ResetTokenBody
+}
+
+// BindRequest both binds and validates a request, it assumes that complex things implement a Validatable(strfmt.Registry) error interface
+// for simple values it will use straight method calls.
+//
+// To ensure default values, the struct must have been initialized with NewResetTokenParams() beforehand.
+func (o *ResetTokenParams) BindRequest(r *http.Request, route *middleware.MatchedRoute) error {
+	var res []error
+
+	o.HTTPRequest = r
+
+	if runtime.HasBody(r) {
+		defer r.Body.Close()
+		var body ResetTokenBody
+		if err := route.Consumer.Consume(r.Body, &body); err != nil {
+			res = append(res, errors.NewParseError("body", "body", "", err))
+		} else {
+			// validate body object
+			if err := body.Validate(route.Formats); err != nil {
+				res = append(res, err)
+			}
+
+			ctx := validate.WithOperationRequest(r.Context())
+			if err := body.ContextValidate(ctx, route.Formats); err != nil {
+				res = append(res, err)
+			}
+
+			if len(res) == 0 {
+				o.Body = body
+			}
+		}
+	}
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}

rest_server_zrok/operations/account/reset_token_responses.go

@@ -0,0 +1,107 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package account
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"net/http"
+
+	"github.com/go-openapi/runtime"
+)
+
+// ResetTokenOKCode is the HTTP code returned for type ResetTokenOK
+const ResetTokenOKCode int = 200
+
+/*
+ResetTokenOK token reset
+
+swagger:response resetTokenOK
+*/
+type ResetTokenOK struct {
+
+	/*
+	  In: Body
+	*/
+	Payload *ResetTokenOKBody `json:"body,omitempty"`
+}
+
+// NewResetTokenOK creates ResetTokenOK with default headers values
+func NewResetTokenOK() *ResetTokenOK {
+
+	return &ResetTokenOK{}
+}
+
+// WithPayload adds the payload to the reset token o k response
+func (o *ResetTokenOK) WithPayload(payload *ResetTokenOKBody) *ResetTokenOK {
+	o.Payload = payload
+	return o
+}
+
+// SetPayload sets the payload to the reset token o k response
+func (o *ResetTokenOK) SetPayload(payload *ResetTokenOKBody) {
+	o.Payload = payload
+}
+
+// WriteResponse to the client
+func (o *ResetTokenOK) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+
+	rw.WriteHeader(200)
+	if o.Payload != nil {
+		payload := o.Payload
+		if err := producer.Produce(rw, payload); err != nil {
+			panic(err) // let the recovery middleware deal with this
+		}
+	}
+}
+
+// ResetTokenNotFoundCode is the HTTP code returned for type ResetTokenNotFound
+const ResetTokenNotFoundCode int = 404
+
+/*
+ResetTokenNotFound account not found
+
+swagger:response resetTokenNotFound
+*/
+type ResetTokenNotFound struct {
+}
+
+// NewResetTokenNotFound creates ResetTokenNotFound with default headers values
+func NewResetTokenNotFound() *ResetTokenNotFound {
+
+	return &ResetTokenNotFound{}
+}
+
+// WriteResponse to the client
+func (o *ResetTokenNotFound) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+
+	rw.Header().Del(runtime.HeaderContentType) //Remove Content-Type on empty responses
+
+	rw.WriteHeader(404)
+}
+
+// ResetTokenInternalServerErrorCode is the HTTP code returned for type ResetTokenInternalServerError
+const ResetTokenInternalServerErrorCode int = 500
+
+/*
+ResetTokenInternalServerError internal server error
+
+swagger:response resetTokenInternalServerError
+*/
+type ResetTokenInternalServerError struct {
+}
+
+// NewResetTokenInternalServerError creates ResetTokenInternalServerError with default headers values
+func NewResetTokenInternalServerError() *ResetTokenInternalServerError {
+
+	return &ResetTokenInternalServerError{}
+}
+
+// WriteResponse to the client
+func (o *ResetTokenInternalServerError) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+
+	rw.Header().Del(runtime.HeaderContentType) //Remove Content-Type on empty responses
+
+	rw.WriteHeader(500)
+}

rest_server_zrok/operations/account/reset_token_urlbuilder.go

@@ -0,0 +1,87 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package account
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the generate command
+
+import (
+	"errors"
+	"net/url"
+	golangswaggerpaths "path"
+)
+
+// ResetTokenURL generates an URL for the reset token operation
+type ResetTokenURL struct {
+	_basePath string
+}
+
+// WithBasePath sets the base path for this url builder, only required when it's different from the
+// base path specified in the swagger spec.
+// When the value of the base path is an empty string
+func (o *ResetTokenURL) WithBasePath(bp string) *ResetTokenURL {
+	o.SetBasePath(bp)
+	return o
+}
+
+// SetBasePath sets the base path for this url builder, only required when it's different from the
+// base path specified in the swagger spec.
+// When the value of the base path is an empty string
+func (o *ResetTokenURL) SetBasePath(bp string) {
+	o._basePath = bp
+}
+
+// Build a url path and query string
+func (o *ResetTokenURL) Build() (*url.URL, error) {
+	var _result url.URL
+
+	var _path = "/resetToken"
+
+	_basePath := o._basePath
+	if _basePath == "" {
+		_basePath = "/api/v1"
+	}
+	_result.Path = golangswaggerpaths.Join(_basePath, _path)
+
+	return &_result, nil
+}
+
+// Must is a helper function to panic when the url builder returns an error
+func (o *ResetTokenURL) Must(u *url.URL, err error) *url.URL {
+	if err != nil {
+		panic(err)
+	}
+	if u == nil {
+		panic("url can't be nil")
+	}
+	return u
+}
+
+// String returns the string representation of the path with query string
+func (o *ResetTokenURL) String() string {
+	return o.Must(o.Build()).String()
+}
+
+// BuildFull builds a full url with scheme, host, path and query string
+func (o *ResetTokenURL) BuildFull(scheme, host string) (*url.URL, error) {
+	if scheme == "" {
+		return nil, errors.New("scheme is required for a full url on ResetTokenURL")
+	}
+	if host == "" {
+		return nil, errors.New("host is required for a full url on ResetTokenURL")
+	}
+
+	base, err := o.Build()
+	if err != nil {
+		return nil, err
+	}
+
+	base.Scheme = scheme
+	base.Host = host
+	return base, nil
+}
+
+// StringFull returns the string representation of a complete url
+func (o *ResetTokenURL) StringFull(scheme, host string) string {
+	return o.Must(o.BuildFull(scheme, host)).String()
+}

rest_server_zrok/operations/share/share_responses.go

@@ -108,6 +108,31 @@ func (o *ShareNotFound) WriteResponse(rw http.ResponseWriter, producer runtime.P
 	rw.WriteHeader(404)
 }
 
+// ShareConflictCode is the HTTP code returned for type ShareConflict
+const ShareConflictCode int = 409
+
+/*
+ShareConflict conflict
+
+swagger:response shareConflict
+*/
+type ShareConflict struct {
+}
+
+// NewShareConflict creates ShareConflict with default headers values
+func NewShareConflict() *ShareConflict {
+
+	return &ShareConflict{}
+}
+
+// WriteResponse to the client
+func (o *ShareConflict) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+
+	rw.Header().Del(runtime.HeaderContentType) //Remove Content-Type on empty responses
+
+	rw.WriteHeader(409)
+}
+
 // ShareUnprocessableEntityCode is the HTTP code returned for type ShareUnprocessableEntity
 const ShareUnprocessableEntityCode int = 422
 

rest_server_zrok/operations/zrok_api.go

@@ -115,6 +115,9 @@ func NewZrokAPI(spec *loads.Document) *ZrokAPI {
 		AccountResetPasswordRequestHandler: account.ResetPasswordRequestHandlerFunc(func(params account.ResetPasswordRequestParams) middleware.Responder {
 			return middleware.NotImplemented("operation account.ResetPasswordRequest has not yet been implemented")
 		}),
+		AccountResetTokenHandler: account.ResetTokenHandlerFunc(func(params account.ResetTokenParams, principal *rest_model_zrok.Principal) middleware.Responder {
+			return middleware.NotImplemented("operation account.ResetToken has not yet been implemented")
+		}),
 		ShareShareHandler: share.ShareHandlerFunc(func(params share.ShareParams, principal *rest_model_zrok.Principal) middleware.Responder {
 			return middleware.NotImplemented("operation share.Share has not yet been implemented")
 		}),
@@ -230,6 +233,8 @@ type ZrokAPI struct {
 	AccountResetPasswordHandler account.ResetPasswordHandler
 	// AccountResetPasswordRequestHandler sets the operation handler for the reset password request operation
 	AccountResetPasswordRequestHandler account.ResetPasswordRequestHandler
+	// AccountResetTokenHandler sets the operation handler for the reset token operation
+	AccountResetTokenHandler account.ResetTokenHandler
 	// ShareShareHandler sets the operation handler for the share operation
 	ShareShareHandler share.ShareHandler
 	// ShareUnaccessHandler sets the operation handler for the unaccess operation
@@ -391,6 +396,9 @@ func (o *ZrokAPI) Validate() error {
 	if o.AccountResetPasswordRequestHandler == nil {
 		unregistered = append(unregistered, "account.ResetPasswordRequestHandler")
 	}
+	if o.AccountResetTokenHandler == nil {
+		unregistered = append(unregistered, "account.ResetTokenHandler")
+	}
 	if o.ShareShareHandler == nil {
 		unregistered = append(unregistered, "share.ShareHandler")
 	}
@@ -602,6 +610,10 @@ func (o *ZrokAPI) initHandlerCache() {
 	if o.handlers["POST"] == nil {
 		o.handlers["POST"] = make(map[string]http.Handler)
 	}
+	o.handlers["POST"]["/resetToken"] = account.NewResetToken(o.context, o.AccountResetTokenHandler)
+	if o.handlers["POST"] == nil {
+		o.handlers["POST"] = make(map[string]http.Handler)
+	}
 	o.handlers["POST"]["/share"] = share.NewShare(o.context, o.ShareShareHandler)
 	if o.handlers["DELETE"] == nil {
 		o.handlers["DELETE"] = make(map[string]http.Handler)

sdk/python/sdk/zrok/.swagger-codegen/VERSION

@@ -1 +1 @@
-3.0.51
+3.0.52

sdk/python/sdk/zrok/requirements.txt

@@ -3,4 +3,3 @@ six >= 1.10
 python_dateutil >= 2.5.3
 setuptools >= 21.0.0
 urllib3 >= 1.15.1
-openziti >= 0.8.1

sdk/python/sdk/zrok/zrok_api/__init__.py

@@ -41,6 +41,7 @@ from zrok_api.models.error_message import ErrorMessage
 from zrok_api.models.frontend import Frontend
 from zrok_api.models.frontends import Frontends
 from zrok_api.models.identity_body import IdentityBody
+from zrok_api.models.inline_response200 import InlineResponse200
 from zrok_api.models.inline_response201 import InlineResponse201
 from zrok_api.models.invite_request import InviteRequest
 from zrok_api.models.invite_token_generate_request import InviteTokenGenerateRequest
@@ -57,6 +58,7 @@ from zrok_api.models.register_request import RegisterRequest
 from zrok_api.models.register_response import RegisterResponse
 from zrok_api.models.reset_password_request import ResetPasswordRequest
 from zrok_api.models.reset_password_request_body import ResetPasswordRequestBody
+from zrok_api.models.reset_token_body import ResetTokenBody
 from zrok_api.models.share import Share
 from zrok_api.models.share_request import ShareRequest
 from zrok_api.models.share_response import ShareResponse

sdk/python/sdk/zrok/zrok_api/api/account_api.py

@@ -493,6 +493,99 @@ class AccountApi(object):
             _request_timeout=params.get('_request_timeout'),
             collection_formats=collection_formats)
 
+    def reset_token(self, **kwargs):  # noqa: E501
+        """reset_token  # noqa: E501
+
+        This method makes a synchronous HTTP request by default. To make an
+        asynchronous HTTP request, please pass async_req=True
+        >>> thread = api.reset_token(async_req=True)
+        >>> result = thread.get()
+
+        :param async_req bool
+        :param ResetTokenBody body:
+        :return: InlineResponse200
+                 If the method is called asynchronously,
+                 returns the request thread.
+        """
+        kwargs['_return_http_data_only'] = True
+        if kwargs.get('async_req'):
+            return self.reset_token_with_http_info(**kwargs)  # noqa: E501
+        else:
+            (data) = self.reset_token_with_http_info(**kwargs)  # noqa: E501
+            return data
+
+    def reset_token_with_http_info(self, **kwargs):  # noqa: E501
+        """reset_token  # noqa: E501
+
+        This method makes a synchronous HTTP request by default. To make an
+        asynchronous HTTP request, please pass async_req=True
+        >>> thread = api.reset_token_with_http_info(async_req=True)
+        >>> result = thread.get()
+
+        :param async_req bool
+        :param ResetTokenBody body:
+        :return: InlineResponse200
+                 If the method is called asynchronously,
+                 returns the request thread.
+        """
+
+        all_params = ['body']  # noqa: E501
+        all_params.append('async_req')
+        all_params.append('_return_http_data_only')
+        all_params.append('_preload_content')
+        all_params.append('_request_timeout')
+
+        params = locals()
+        for key, val in six.iteritems(params['kwargs']):
+            if key not in all_params:
+                raise TypeError(
+                    "Got an unexpected keyword argument '%s'"
+                    " to method reset_token" % key
+                )
+            params[key] = val
+        del params['kwargs']
+
+        collection_formats = {}
+
+        path_params = {}
+
+        query_params = []
+
+        header_params = {}
+
+        form_params = []
+        local_var_files = {}
+
+        body_params = None
+        if 'body' in params:
+            body_params = params['body']
+        # HTTP header `Accept`
+        header_params['Accept'] = self.api_client.select_header_accept(
+            ['application/zrok.v1+json'])  # noqa: E501
+
+        # HTTP header `Content-Type`
+        header_params['Content-Type'] = self.api_client.select_header_content_type(  # noqa: E501
+            ['application/zrok.v1+json'])  # noqa: E501
+
+        # Authentication setting
+        auth_settings = ['key']  # noqa: E501
+
+        return self.api_client.call_api(
+            '/resetToken', 'POST',
+            path_params,
+            query_params,
+            header_params,
+            body=body_params,
+            post_params=form_params,
+            files=local_var_files,
+            response_type='InlineResponse200',  # noqa: E501
+            auth_settings=auth_settings,
+            async_req=params.get('async_req'),
+            _return_http_data_only=params.get('_return_http_data_only'),
+            _preload_content=params.get('_preload_content', True),
+            _request_timeout=params.get('_request_timeout'),
+            collection_formats=collection_formats)
+
     def verify(self, **kwargs):  # noqa: E501
         """verify  # noqa: E501
 

sdk/python/sdk/zrok/zrok_api/configuration.py

@@ -219,9 +219,12 @@ class Configuration(six.with_metaclass(TypeWithDefault, object)):
 
         :return: The token for basic HTTP authentication.
         """
-        return urllib3.util.make_headers(
+        token = ""
-            basic_auth=self.username + ':' + self.password
+        if self.username or self.password:
-        ).get('authorization')
+            token = urllib3.util.make_headers(
+                basic_auth=self.username + ':' + self.password
+            ).get('authorization')
+        return token
 
     def auth_settings(self):
         """Gets Auth Settings dict for api client.

sdk/python/sdk/zrok/zrok_api/models/__init__.py

@@ -31,6 +31,7 @@ from zrok_api.models.error_message import ErrorMessage
 from zrok_api.models.frontend import Frontend
 from zrok_api.models.frontends import Frontends
 from zrok_api.models.identity_body import IdentityBody
+from zrok_api.models.inline_response200 import InlineResponse200
 from zrok_api.models.inline_response201 import InlineResponse201
 from zrok_api.models.invite_request import InviteRequest
 from zrok_api.models.invite_token_generate_request import InviteTokenGenerateRequest
@@ -47,6 +48,7 @@ from zrok_api.models.register_request import RegisterRequest
 from zrok_api.models.register_response import RegisterResponse
 from zrok_api.models.reset_password_request import ResetPasswordRequest
 from zrok_api.models.reset_password_request_body import ResetPasswordRequestBody
+from zrok_api.models.reset_token_body import ResetTokenBody
 from zrok_api.models.share import Share
 from zrok_api.models.share_request import ShareRequest
 from zrok_api.models.share_response import ShareResponse

sdk/python/sdk/zrok/zrok_api/models/inline_response200.py

@@ -0,0 +1,110 @@
+# coding: utf-8
+
+"""
+    zrok
+
+    zrok client access  # noqa: E501
+
+    OpenAPI spec version: 0.3.0
+    
+    Generated by: https://github.com/swagger-api/swagger-codegen.git
+"""
+
+import pprint
+import re  # noqa: F401
+
+import six
+
+class InlineResponse200(object):
+    """NOTE: This class is auto generated by the swagger code generator program.
+
+    Do not edit the class manually.
+    """
+    """
+    Attributes:
+      swagger_types (dict): The key is attribute name
+                            and the value is attribute type.
+      attribute_map (dict): The key is attribute name
+                            and the value is json key in definition.
+    """
+    swagger_types = {
+        'token': 'str'
+    }
+
+    attribute_map = {
+        'token': 'token'
+    }
+
+    def __init__(self, token=None):  # noqa: E501
+        """InlineResponse200 - a model defined in Swagger"""  # noqa: E501
+        self._token = None
+        self.discriminator = None
+        if token is not None:
+            self.token = token
+
+    @property
+    def token(self):
+        """Gets the token of this InlineResponse200.  # noqa: E501
+
+
+        :return: The token of this InlineResponse200.  # noqa: E501
+        :rtype: str
+        """
+        return self._token
+
+    @token.setter
+    def token(self, token):
+        """Sets the token of this InlineResponse200.
+
+
+        :param token: The token of this InlineResponse200.  # noqa: E501
+        :type: str
+        """
+
+        self._token = token
+
+    def to_dict(self):
+        """Returns the model properties as a dict"""
+        result = {}
+
+        for attr, _ in six.iteritems(self.swagger_types):
+            value = getattr(self, attr)
+            if isinstance(value, list):
+                result[attr] = list(map(
+                    lambda x: x.to_dict() if hasattr(x, "to_dict") else x,
+                    value
+                ))
+            elif hasattr(value, "to_dict"):
+                result[attr] = value.to_dict()
+            elif isinstance(value, dict):
+                result[attr] = dict(map(
+                    lambda item: (item[0], item[1].to_dict())
+                    if hasattr(item[1], "to_dict") else item,
+                    value.items()
+                ))
+            else:
+                result[attr] = value
+        if issubclass(InlineResponse200, dict):
+            for key, value in self.items():
+                result[key] = value
+
+        return result
+
+    def to_str(self):
+        """Returns the string representation of the model"""
+        return pprint.pformat(self.to_dict())
+
+    def __repr__(self):
+        """For `print` and `pprint`"""
+        return self.to_str()
+
+    def __eq__(self, other):
+        """Returns true if both objects are equal"""
+        if not isinstance(other, InlineResponse200):
+            return False
+
+        return self.__dict__ == other.__dict__
+
+    def __ne__(self, other):
+        """Returns true if both objects are not equal"""
+        return not self == other

sdk/python/sdk/zrok/zrok_api/models/reset_token_body.py

@@ -0,0 +1,110 @@
+# coding: utf-8
+
+"""
+    zrok
+
+    zrok client access  # noqa: E501
+
+    OpenAPI spec version: 0.3.0
+    
+    Generated by: https://github.com/swagger-api/swagger-codegen.git
+"""
+
+import pprint
+import re  # noqa: F401
+
+import six
+
+class ResetTokenBody(object):
+    """NOTE: This class is auto generated by the swagger code generator program.
+
+    Do not edit the class manually.
+    """
+    """
+    Attributes:
+      swagger_types (dict): The key is attribute name
+                            and the value is attribute type.
+      attribute_map (dict): The key is attribute name
+                            and the value is json key in definition.
+    """
+    swagger_types = {
+        'email_address': 'str'
+    }
+
+    attribute_map = {
+        'email_address': 'emailAddress'
+    }
+
+    def __init__(self, email_address=None):  # noqa: E501
+        """ResetTokenBody - a model defined in Swagger"""  # noqa: E501
+        self._email_address = None
+        self.discriminator = None
+        if email_address is not None:
+            self.email_address = email_address
+
+    @property
+    def email_address(self):
+        """Gets the email_address of this ResetTokenBody.  # noqa: E501
+
+
+        :return: The email_address of this ResetTokenBody.  # noqa: E501
+        :rtype: str
+        """
+        return self._email_address
+
+    @email_address.setter
+    def email_address(self, email_address):
+        """Sets the email_address of this ResetTokenBody.
+
+
+        :param email_address: The email_address of this ResetTokenBody.  # noqa: E501
+        :type: str
+        """
+
+        self._email_address = email_address
+
+    def to_dict(self):
+        """Returns the model properties as a dict"""
+        result = {}
+
+        for attr, _ in six.iteritems(self.swagger_types):
+            value = getattr(self, attr)
+            if isinstance(value, list):
+                result[attr] = list(map(
+                    lambda x: x.to_dict() if hasattr(x, "to_dict") else x,
+                    value
+                ))
+            elif hasattr(value, "to_dict"):
+                result[attr] = value.to_dict()
+            elif isinstance(value, dict):
+                result[attr] = dict(map(
+                    lambda item: (item[0], item[1].to_dict())
+                    if hasattr(item[1], "to_dict") else item,
+                    value.items()
+                ))
+            else:
+                result[attr] = value
+        if issubclass(ResetTokenBody, dict):
+            for key, value in self.items():
+                result[key] = value
+
+        return result
+
+    def to_str(self):
+        """Returns the string representation of the model"""
+        return pprint.pformat(self.to_dict())
+
+    def __repr__(self):
+        """For `print` and `pprint`"""
+        return self.to_str()
+
+    def __eq__(self, other):
+        """Returns true if both objects are equal"""
+        if not isinstance(other, ResetTokenBody):
+            return False
+
+        return self.__dict__ == other.__dict__
+
+    def __ne__(self, other):
+        """Returns true if both objects are not equal"""
+        return not self == other

sdk/python/sdk/zrok/zrok_api/rest.py

@@ -42,11 +42,11 @@ class RESTResponse(io.IOBase):
 
     def getheaders(self):
         """Returns a dictionary of the response headers."""
-        return self.urllib3_response.getheaders()
+        return self.urllib3_response.headers
 
     def getheader(self, name, default=None):
         """Returns a given response header."""
-        return self.urllib3_response.getheader(name, default)
+        return self.urllib3_response.headers.get(name, default)
 
 
 class RESTClientObject(object):

specs/zrok.yml

@@ -121,6 +121,32 @@ paths:
         500:
           description: internal server error
 
+  /resetToken:
+    post:
+      tags:
+        - account
+      security:
+        - key: []
+      operationId: resetToken
+      parameters:
+        - name: body
+          in: body
+          schema:
+            properties:
+              emailAddress:
+                type: string
+      responses:
+        200:
+          description: token reset
+          schema:
+            properties:
+              token:
+                type: string
+        404:
+          description: account not found
+        500:
+          description: internal server error
+
   /verify:
     post:
       tags:
@@ -577,6 +603,8 @@ paths:
           description: unauthorized
         404:
           description: not found
+        409:
+          description: conflict
         422:
           description: unprocessable
         500:

ui/package-lock.json

@@ -6196,9 +6196,9 @@
       }
     },
     "node_modules/caniuse-lite": {
-      "version": "1.0.30001519",
+      "version": "1.0.30001587",
-      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001519.tgz",
+      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001587.tgz",
-      "integrity": "sha512-0QHgqR+Jv4bxHMp8kZ1Kn8CH55OikjKJ6JmKkZYP1F3D7w+lnFXF70nG5eNfsZS89jadi5Ywy5UCSKLAglIRkg==",
+      "integrity": "sha512-HMFNotUmLXn71BQxg8cijvqxnIAofforZOwGsxyXJ0qugTdspUF4sPSJ2vhgprHCB996tIDzEq1ubumPDV8ULA==",
       "funding": [
         {
           "type": "opencollective",
@@ -24274,9 +24274,9 @@
       }
     },
     "caniuse-lite": {
-      "version": "1.0.30001519",
+      "version": "1.0.30001587",
-      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001519.tgz",
+      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001587.tgz",
-      "integrity": "sha512-0QHgqR+Jv4bxHMp8kZ1Kn8CH55OikjKJ6JmKkZYP1F3D7w+lnFXF70nG5eNfsZS89jadi5Ywy5UCSKLAglIRkg=="
+      "integrity": "sha512-HMFNotUmLXn71BQxg8cijvqxnIAofforZOwGsxyXJ0qugTdspUF4sPSJ2vhgprHCB996tIDzEq1ubumPDV8ULA=="
     },
     "canvas-color-tracker": {
       "version": "1.1.6",

ui/src/App.js

@@ -9,12 +9,21 @@ const App = () => {
     const [user, setUser] = useState();
 
     useEffect(() => {
-        const localUser = localStorage.getItem("user");
+        function checkUserData() {
-        if(localUser) {
+            const localUser = localStorage.getItem("user");
-            setUser(JSON.parse(localUser));
+            if(localUser) {
-            console.log("reloaded user", localUser);
+                console.log(localUser)
+                setUser(JSON.parse(localUser));
+                console.log("reloaded user", localUser);
+            }
         }
-    }, []);
+      
+        document.addEventListener('storage', checkUserData)
+      
+        return () => {
+          document.removeEventListener('storage', checkUserData)
+        }
+      }, []);
 
     const logout = () => {
         setUser(null);

ui/src/api/account.js

@@ -77,6 +77,21 @@ export function resetPasswordRequest(options) {
   return gateway.request(resetPasswordRequestOperation, parameters)
 }
 
+/**
+ * @param {object} options Optional options
+ * @param {object} [options.body] 
+ * @return {Promise<object>} token reset
+ */
+export function resetToken(options) {
+  if (!options) options = {}
+  const parameters = {
+    body: {
+      body: options.body
+    }
+  }
+  return gateway.request(resetTokenOperation, parameters)
+}
+
 /**
  * @param {object} options Optional options
  * @param {module:types.verifyRequest} [options.body] 
@@ -122,6 +137,17 @@ const resetPasswordRequestOperation = {
   method: 'post'
 }
 
+const resetTokenOperation = {
+  path: '/resetToken',
+  contentTypes: ['application/zrok.v1+json'],
+  method: 'post',
+  security: [
+    {
+      id: 'key'
+    }
+  ]
+}
+
 const verifyOperation = {
   path: '/verify',
   contentTypes: ['application/zrok.v1+json'],

ui/src/console/PropertyTable.js

@@ -18,7 +18,7 @@ const rowToValue = (row) => {
     if(row.property.endsWith("At")) {
         return new Date(row.value).toLocaleString();
     }
-    return row.value;
+    return row.value.toString();
 };
 
 const PropertyTable = (props) => {

ui/src/console/detail/account/AccountDetail.js

@@ -6,6 +6,7 @@ import SecretToggle from "../../SecretToggle";
 import React from "react";
 import MetricsTab from "./MetricsTab";
 import EnvironmentsTab from "./EnvironmentsTab";
+import ActionsTab from "./ActionsTab";
 
 const AccountDetail = (props) => {
     const customProperties = {
@@ -25,6 +26,9 @@ const AccountDetail = (props) => {
                 <Tab eventKey={"metrics"} title={"Metrics"}>
                     <MetricsTab />
                 </Tab>
+                <Tab eventKey={"actions"} title={"Actions"}>
+                      <ActionsTab user={props.user}/>
+                  </Tab>
             </Tabs>
         </div>
     );

ui/src/console/detail/account/ActionsTab.js

@@ -0,0 +1,34 @@
+import React, {useState} from "react";
+import ResetToken from "./actions/ResetToken";
+import {Button} from "react-bootstrap";
+
+const ActionsTab = (props) => {
+    const [showResetTokenModal, setShowResetTokenModal] = useState(false);
+    const openResetTokenModal = () => setShowResetTokenModal(true);
+    const closeResetTokenModal = () => setShowResetTokenModal(false);
+
+    return (
+        <div className={"actions-tab"}>
+            <h3>Regenerate your account token <strong>(DANGER!)</strong>?</h3>
+            <p>
+                Regenerating your account token will stop all environments and shares from operating properly!
+            </p>
+            <p>
+                You will need to <strong>manually</strong> edit your
+                <code> &#36;&#123;HOME&#125;/.zrok/environment.json</code> files (in each environment) to use the new
+                <code> zrok_token</code> . Updating these files will restore the functionality of your environments.
+            </p>
+            <p>
+                Alternatively, you can just <code>zrok disable</code> any enabled environments and re-enable using the
+                new account token. Running <code>zrok disable</code> will <strong>delete</strong> your environments and
+                any shares they contain (including reserved shares). So if you have environments and reserved shares you
+                need to preserve, your best bet is to update the <code>zrok_token</code> in those environments as
+                described above.
+            </p>
+            <Button variant={"danger"} onClick={openResetTokenModal}>Regenerate Account Token</Button>
+            <ResetToken show={showResetTokenModal} onHide={closeResetTokenModal} user={props.user}/>
+        </div>
+    )
+}
+
+export default ActionsTab;

ui/src/console/detail/account/actions/ResetToken.js

@@ -0,0 +1,95 @@
+import React, {useRef, useState} from "react";
+import Modal from "react-bootstrap/Modal";
+import {mdiContentCopy} from "@mdi/js";
+import Icon from "@mdi/react";
+import { Button, Overlay, Tooltip } from "react-bootstrap";
+import * as account from "../../../../api/account";
+
+const ResetToken = (props) => {
+    const target = useRef(null);
+    const [showTooltip, setShowTooltip] = useState(false);
+
+    const handleCopy = async () => {
+        let copiedText = document.getElementById("zrok-token").innerHTML;
+        try {
+            await navigator.clipboard.writeText(copiedText);
+
+            setShowTooltip(true);
+            setTimeout(() => setShowTooltip(false), 1000);
+
+        } catch(err) {
+            console.error("failed to copy", err);
+        }
+    }
+
+    let resetToken = () => {
+        account.resetToken({ body: { "emailAddress": props.user.email } }).then(resp => {
+            console.log(resp)
+            let user = JSON.parse(localStorage.getItem('user'))
+            localStorage.setItem('user', JSON.stringify({
+                "email": user.email,
+                "token": resp.data.token
+            }));
+            document.dispatchEvent(new Event('storage'))
+            setModalBody((
+                <div>
+                    <p>
+                        You will need to update your environment files <code> &#36;&#123;HOME&#125;/.zrok/environment.json </code>
+                        with the new <code> zrok_token </code>.
+                    </p>
+                    <p>
+                        Your new <code> zrok_token </code> is: <code><span id={"zrok-token"}>{resp.data.token}</span></code>{' '}
+                        <Icon ref={target} path={mdiContentCopy} size={0.7} onClick={handleCopy}/>
+                    </p>
+
+                </div>
+            ));
+            setModalHeader((
+                <span>Account Token Regenerated!</span>
+            ))
+        }).catch(err => {
+            console.log("err", err);
+        });
+    }
+
+    let hide = () => {
+        setModalHeader(defaultHeader)
+        setModalBody(defaultModal)
+        props.onHide()
+    }
+
+    let defaultHeader = (<span>Are you sure?</span>)
+    let defaultModal = (
+        <div>
+            <p>Did you read the warning on the previous screen? This action will reset all of your active environments and shares!</p>
+            <p>You will need to update each of your <code> &#36;&#123;HOME&#125;/.zrok/environments.yml</code> files with your new token!</p>
+            <p align={"right"}>
+                <Button onClick={props.onHide}>Cancel</Button>
+                <Button variant={"danger"} onClick={resetToken}>Regenerate Token</Button>
+            </p>
+        </div>
+    );
+
+    const [modalBody, setModalBody] = useState(defaultModal);
+    const [modalHeader, setModalHeader] = useState(defaultHeader);
+
+    return (
+        <div>
+            <Modal show={props.show} onHide={hide} centered>
+                <Modal.Header closeButton>{modalHeader}</Modal.Header>
+                <Modal.Body>
+                    {modalBody}
+                </Modal.Body>
+            </Modal>
+            <Overlay target={target.current} show={showTooltip} placement={"bottom"}>
+                {(props) => (
+                    <Tooltip id={"copy-tooltip"} {...props}>
+                        Copied!
+                    </Tooltip>
+                )}
+            </Overlay>
+        </div>
+    )
+}
+
+export default ResetToken;

ui/src/console/login/Login.js

@@ -40,6 +40,7 @@ const Login = (props) => {
                     localStorage.setItem('user', JSON.stringify(user))
                     console.log(user)
                     console.log('login succeeded', resp)
+                    document.dispatchEvent(new Event('storage'))
                 } else {
                     console.log('login failed')
                     setMessage(errorMessage);