cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Learn all about PTC Community Badges. Engage with PTC and see how many you can earn! X

Change a user password from frontend

jMachovec
12-Amethyst

Change a user password from frontend

Hello everyone, 

I am trying to change a user password from the frontend of my application, to keep it secure I need the user to first provide the old password and then compare the provided password to the stored password. Is there a way to do it? Where is the user password stored? Do I need to encrypt the provided password first? How do I achieve that the password is safely transfered from the users browser to server? 

Thanks in advance for all the provided help and pointers, 
Jiri

ACCEPTED SOLUTION

Accepted Solutions
iguerra
15-Moonstone
(To:jMachovec)

The "User" entity has a service called ChangePassword

It requires oldPassword and also newPassword+newPasswordConfirm

you can add a Dynamic user on the mashup (and set its EntityName with a service getting currentuser name), and then call the ChangePassword passing the 3 parameters from 3 textboxes (configured as password input by enabling MaskInputCharacters), no need to encrypt before. It works fine.

 

As I know all is managed internally into thingworx, there is no passw saved as cleartext.

 

If browser connects to thingworx with SSL, all the data is encrypted automatically

 

 

View solution in original post

3 REPLIES 3
khayes1
15-Moonstone
(To:jMachovec)

Hi,

you can write your own service (and mashup) to wrap the in-built in functionality via snippets. You might want to add some conformity checks. Be warned, the in built function doesn't return any value to show success/fail.

You change the highlighted code to take the user's name.

 

khayes1_0-1586340290475.png

 

iguerra
15-Moonstone
(To:jMachovec)

The "User" entity has a service called ChangePassword

It requires oldPassword and also newPassword+newPasswordConfirm

you can add a Dynamic user on the mashup (and set its EntityName with a service getting currentuser name), and then call the ChangePassword passing the 3 parameters from 3 textboxes (configured as password input by enabling MaskInputCharacters), no need to encrypt before. It works fine.

 

As I know all is managed internally into thingworx, there is no passw saved as cleartext.

 

If browser connects to thingworx with SSL, all the data is encrypted automatically

 

 

jMachovec
12-Amethyst
(To:iguerra)

Thank you all for the replies!

Announcements


Top Tags