Reset password, click link in email if you wanted to reset, otherwise ignore.

Question

Hi.  I am using the User Service and am implementing a password reset feature in case my users forget their passwords.  However, the way it is now, any user can enter the email of another user to have that users password reset.  A message is sent to the email with the new password.

What I need is that when a user requests to have their password reset, an email is sent to them saying that it was requested to have their password reset.  If they click the link provided, the password would be reset and another email sent to them with the new password.  Otherwise they can just ignore the email and their password would not be changed.  This way, the user has to actually have access to the email account to reset the password.

Comments

+Rhinosaurus Hello, the way you implemented this seems good enough for me. I'd sure like to hear how you did it.

Answer 1

To avoid the scenario where one user can not call the resetPassword for other user, you have to use ACL enabled app in this case. Please see complete tutorial here about the same.

Comments

Can we get an update on this?

---

It is done in development side, will hit the production by this weekend. Thanks for follow up.

---

Awesome; that's great news.  Thank you very much!

---

This is now available in the production. You have to pass meta header as mention below before calling resetPassword method

HashMap<String, String> otherMetaHeaders = new HashMap<String, String>();
otherMetaHeaders.put("emailVerification", "true");
userService.setOtherMetaHeaders(otherMetaHeaders);
userService.resetUserPassword

---

hi, this feature is working perfectly. Can we edit "confirm reset password" template like in "reset password".