Reset password, click link in email if you wanted to reset, otherwise ignore.

+1 vote
Hi.  I am using the User Service and am implementing a password reset feature in case my users forget their passwords.  However, the way it is now, any user can enter the email of another user to have that users password reset.  A message is sent to the email with the new password.

What I need is that when a user requests to have their password reset, an email is sent to them saying that it was requested to have their password reset.  If they click the link provided, the password would be reset and another email sent to them with the new password.  Otherwise they can just ignore the email and their password would not be changed.  This way, the user has to actually have access to the email account to reset the password.
asked May 11, 2014 in App42 Cloud API-BaaS by Rhinosaurus (32 points)
+Rhinosaurus Hello, the way you implemented this seems good enough for me. I'd sure like to hear how you did it.

1 Answer

0 votes

To avoid the scenario where one user can not call the resetPassword for other user, you have to use ACL enabled app in this case. Please see complete tutorial here about the same.

answered May 11, 2014 by ajay123 (899 points)
Forgive me if I misunderstand, but this seems like it would require the user to be logged in in order to reset their password?

In my case, the user has forgotten their password so they can't log in and need to have it reset.
You have got it correctly. This looks like a valid comment. I hope this feature is not a road blocker for you however we will add this request in our product backlog. We will update you once it is out for release.
Thank you very much.  Well, it is not a road blocker for me right now because my game is not ready for release yet.  But I really need this feature available before I ship my game.  How long do you think it may take for this feature to be released?
This will take 4-5 weeks to hit the production. Tentatively it would be mid of Jun. I will comment tot his thread once in production.
Alright, thank you very much.
I now need this feature too. Any progress on this?
Can we get an update on this?
It is done in development side, will hit the production by this weekend. Thanks for follow up.
Awesome; that's great news.  Thank you very much!
This is now available in the production. You have to pass meta header as mention below before calling resetPassword method

HashMap<String, String> otherMetaHeaders = new HashMap<String, String>();
otherMetaHeaders.put("emailVerification", "true");
userService.setOtherMetaHeaders(otherMetaHeaders);
userService.resetUserPassword
hi, this feature is working perfectly. Can we edit "confirm reset password" template like in "reset password".
Download Widgets
Welcome to ShepHertz Product line forum, where you can ask questions and receive answers from the community. You can also reach out to us on support@shephertz.com
...