cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Your Friends List is a way to easily have access to the community members that you interact with the most! X

Change a user password from frontend

jMachovec
4-Participant

Change a user password from frontend

Hello everyone, 

I am trying to change a user password from the frontend of my application, to keep it secure I need the user to first provide the old password and then compare the provided password to the stored password. Is there a way to do it? Where is the user password stored? Do I need to encrypt the provided password first? How do I achieve that the password is safely transfered from the users browser to server? 

Thanks in advance for all the provided help and pointers, 
Jiri

1 ACCEPTED SOLUTION

Accepted Solutions
iguerra
14-Alexandrite
(To:jMachovec)

The "User" entity has a service called ChangePassword

It requires oldPassword and also newPassword+newPasswordConfirm

you can add a Dynamic user on the mashup (and set its EntityName with a service getting currentuser name), and then call the ChangePassword passing the 3 parameters from 3 textboxes (configured as password input by enabling MaskInputCharacters), no need to encrypt before. It works fine.

 

As I know all is managed internally into thingworx, there is no passw saved as cleartext.

 

If browser connects to thingworx with SSL, all the data is encrypted automatically

 

 

View solution in original post

3 REPLIES 3
khayes1
13-Aquamarine
(To:jMachovec)

Hi,

you can write your own service (and mashup) to wrap the in-built in functionality via snippets. You might want to add some conformity checks. Be warned, the in built function doesn't return any value to show success/fail.

You change the highlighted code to take the user's name.

 

khayes1_0-1586340290475.png

 

iguerra
14-Alexandrite
(To:jMachovec)

The "User" entity has a service called ChangePassword

It requires oldPassword and also newPassword+newPasswordConfirm

you can add a Dynamic user on the mashup (and set its EntityName with a service getting currentuser name), and then call the ChangePassword passing the 3 parameters from 3 textboxes (configured as password input by enabling MaskInputCharacters), no need to encrypt before. It works fine.

 

As I know all is managed internally into thingworx, there is no passw saved as cleartext.

 

If browser connects to thingworx with SSL, all the data is encrypted automatically

 

 

jMachovec
4-Participant
(To:iguerra)

Thank you all for the replies!

Top Tags