unregister requires the user password?

[dirkmoors]

When implementing the mod_restful api, I noticed that I would require the user's password to remove an ejabberd user-account?

The use case -were I needed mod_restful for in the first place- was to be able to have my user management system (written in Python/Django) create and remove ejabberd user-accounts, to keep them in sync with the Django user accounts.
Since I do not know the user passwords in my backend (and for security reasons, I don't want to know them), I'm not able to supply the password to the "unregister" function. Is there no way around this? I would like to use the mod_restful module as an administrator interface, it won't be exposed to the outside world. Moreover, only "admin" accounts (or when I use the shared key) would be able to call the mod_restful api's)

[dirkmoors]

Also, the same goes for the change_password command; I want to be able to reset a user's password without know his current password.

[jadahl]

I see three options:

Either you create new request types to mod_restful_register (for example "force_change_password" and "force_remove_account") which handles changes when the old password is not known

Or you add an option making the existing API not take password parameters.

Or you use the interface that talks directly to ejabberd admin API.

The API was designed to act as a backend to a change password forms, where the user may only change the password/remove an account if he/she know the current password.