cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Did you get an answer that solved your problem? Please mark it as an Accepted Solution so others with the same problem can find the answer easily. X

How to enable a user to change his password safely?

Michail
9-Granite

How to enable a user to change his password safely?

I removed 'Users' user group from 'Everyone' organisation in order to implement granular visibility as suggested in ThingWorx documentation. There is no associated user or user group in 'Users' and 'User Groups' collections. Service invoke is enabled via override.

From the code below, one can conclude that in order to change his/hers password, a user must be able to 'see' his own user entity. For that to happen, an entity must have a 'Visibility' set to a particular organisational unit. A user must be a member of that organisational unit.

As a result, he/she would be able to acquire a list of ALL users linked to that organisational unit simply by modifying a url ('https://myapp.twx.com/ThingWorx/Users'). Surely, there must be an alternative way without compromising on sensitive information. Thank you.

var params = {

     newPasswordConfirm: newPasswordConfirm /* STRING */,

     oldPassword: oldPassword /* STRING */,

     newPassword: newPassword /* STRING */

};

// no return

Users[userName].ChangePassword(params);

2 REPLIES 2
supandey
19-Tanzanite
(To:Michail)

Hi mnudel​ wondering if you have already seen this blog on setting up such a password reset functionality in the From login : How to set up the Reset Password feature in the Form login

Please let us know if this does not address your question.

Sushant Pandey​, thank you for your reply. That seems like a suitable solution, however, whilst implementing it I stumbled upon a problem. Please see my comment to the following post.

Top Tags