cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Change a user password from frontend

SOLVED
jMachovec
Participant

Change a user password from frontend

Hello everyone, 

I am trying to change a user password from the frontend of my application, to keep it secure I need the user to first provide the old password and then compare the provided password to the stored password. Is there a way to do it? Where is the user password stored? Do I need to encrypt the provided password first? How do I achieve that the password is safely transfered from the users browser to server? 

Thanks in advance for all the provided help and pointers, 
Jiri

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Change a user password from frontend

The "User" entity has a service called ChangePassword

It requires oldPassword and also newPassword+newPasswordConfirm

you can add a Dynamic user on the mashup (and set its EntityName with a service getting currentuser name), and then call the ChangePassword passing the 3 parameters from 3 textboxes (configured as password input by enabling MaskInputCharacters), no need to encrypt before. It works fine.

 

As I know all is managed internally into thingworx, there is no passw saved as cleartext.

 

If browser connects to thingworx with SSL, all the data is encrypted automatically

 

 

View solution in original post

3 REPLIES 3

Re: Change a user password from frontend

Hi,

you can write your own service (and mashup) to wrap the in-built in functionality via snippets. You might want to add some conformity checks. Be warned, the in built function doesn't return any value to show success/fail.

You change the highlighted code to take the user's name.

 

khayes1_0-1586340290475.png

 

Re: Change a user password from frontend

The "User" entity has a service called ChangePassword

It requires oldPassword and also newPassword+newPasswordConfirm

you can add a Dynamic user on the mashup (and set its EntityName with a service getting currentuser name), and then call the ChangePassword passing the 3 parameters from 3 textboxes (configured as password input by enabling MaskInputCharacters), no need to encrypt before. It works fine.

 

As I know all is managed internally into thingworx, there is no passw saved as cleartext.

 

If browser connects to thingworx with SSL, all the data is encrypted automatically

 

 

View solution in original post

Re: Change a user password from frontend

Thank you all for the replies!

Announcements

Check out the upcoming Expert Session: Understanding ThingWorx Navigate Licensing in Community "Customer Events" section.