cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Community Tip - You can change your system assigned username to something more personal in your community settings. X

Change a user password from frontend

Go to solution
jMachovec
12-Amethyst
12-Amethyst
‎Apr 08, 2020 05:21 AM
‎Apr 08, 2020 05:21 AM

Change a user password from frontend

Hello everyone, 

I am trying to change a user password from the frontend of my application, to keep it secure I need the user to first provide the old password and then compare the provided password to the stored password. Is there a way to do it? Where is the user password stored? Do I need to encrypt the provided password first? How do I achieve that the password is safely transfered from the users browser to server? 

Thanks in advance for all the provided help and pointers, 
Jiri

0 Kudos
Notify Moderator
ACCEPTED SOLUTION

Accepted Solutions
iguerra
15-Moonstone
15-Moonstone
(To:jMachovec)
‎Apr 08, 2020 06:29 AM
‎Apr 08, 2020 06:29 AM

The "User" entity has a service called ChangePassword

It requires oldPassword and also newPassword+newPasswordConfirm

you can add a Dynamic user on the mashup (and set its EntityName with a service getting currentuser name), and then call the ChangePassword passing the 3 parameters from 3 textboxes (configured as password input by enabling MaskInputCharacters), no need to encrypt before. It works fine.

 

As I know all is managed internally into thingworx, there is no passw saved as cleartext.

 

If browser connects to thingworx with SSL, all the data is encrypted automatically

 

 

View solution in original post

Notify Moderator
3 REPLIES 3
khayes1
15-Moonstone
15-Moonstone
(To:jMachovec)
‎Apr 08, 2020 06:07 AM
‎Apr 08, 2020 06:07 AM

Hi,

you can write your own service (and mashup) to wrap the in-built in functionality via snippets. You might want to add some conformity checks. Be warned, the in built function doesn't return any value to show success/fail.

You change the highlighted code to take the user's name.

 

khayes1_0-1586340290475.png

 

Notify Moderator
iguerra
15-Moonstone
15-Moonstone
(To:jMachovec)
‎Apr 08, 2020 06:29 AM
‎Apr 08, 2020 06:29 AM

The "User" entity has a service called ChangePassword

It requires oldPassword and also newPassword+newPasswordConfirm

you can add a Dynamic user on the mashup (and set its EntityName with a service getting currentuser name), and then call the ChangePassword passing the 3 parameters from 3 textboxes (configured as password input by enabling MaskInputCharacters), no need to encrypt before. It works fine.

 

As I know all is managed internally into thingworx, there is no passw saved as cleartext.

 

If browser connects to thingworx with SSL, all the data is encrypted automatically

 

 

Notify Moderator
jMachovec
12-Amethyst
12-Amethyst
(To:iguerra)
‎Apr 14, 2020 03:12 AM
‎Apr 14, 2020 03:12 AM

Thank you all for the replies!

0 Kudos
Notify Moderator
Announcements


Contact Community Management
Top Tags