cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Community Tip - You can subscribe to a forum, label or individual post and receive email notifications when someone posts a new topic or reply. Learn more! X

Is it possible to generate a user reset password token / link via rest api call ?

ADickinson
4-Participant

Is it possible to generate a user reset password token / link via rest api call ?

Hi All

 

I'm writing some Test Automation for Thingworx in Selenium Webdriver with the aim to completely automate some basic platform tests. Part of what I have been testing is the reset password functionality.  I can trigger the generation of emails to reset passwords via Unirest in java , but I still need access to an email address to get the tokens to carryout my testing .

 

Can the user password reset tokens / links be generated directly from the platform using the right credentials ?

 

If not, is there a process which can be followed to allow test automation to create reset password link to check that the correct password settings have been implemented on that part of the platform.

ACCEPTED SOLUTION

Accepted Solutions

Hello,

 

My understanding is that the only thing you need to do is create an AppKey for this user programmatically and compose the correct URL, that's it. As soon as you reset the password, ThingWorx will automatically delete the AppKey.

 

Here's a service, which seems to emulate password reset behavior on 7.4. You'll have to run it as Administrator, passing username as parameter. I did not validate it with PTC, so use it on your own risk:

var tokenName = 'temp-' + generateGUID();
Resources["EntityServices"].CreateApplicationKey({ name: tokenName, user: username });
var tokenValue = ApplicationKeys[tokenName].GetKeyID();
var result = "http://URL/Thingworx/FormLogin/reset/APLLICATIONNAME?Summary=" + tokenValue + "&thingworx-form-userid=" + username;

 

Regards,
Constantine

View solution in original post

5 REPLIES 5
slangley
23-Emerald II
(To:ADickinson)

Hi @ADickinson.

 

Have you looked at using the ChangePassword service?  Another option if you're using the Form login page allows you to add a change password link.

 

Please let us know if you have further questions.

 

Regards.

 

--Sharon

ADickinson
4-Participant
(To:slangley)

Hi @slangley 

 

Thanks for replying to me so quickly. I Have discussed this service with our developers and I'm not sure if I was clear in what I was asking before, but it might just be my experience with the platform so please bare with me if i haven't understood your reply correctly.

 

When i carryout a password reset on my automation test account the email i get back has a link in that looks like this :-

 

https://URL/Thingworx/FormLogin/reset/APLLICATIONNAME?Summary=429e948f-39e2-4104-bad6-cf95b476ecba&thingworx-form-userid=USERNAME

 

What I would like to know if its it possible to generate the reset passord token from an api call or externally to Thingworx in a script i can automate.

 

From talking to my college we weren't sure if that can be done with the change password service. Is this correct or have i misunderstood your reply ?

Hello,

 

My understanding is that the only thing you need to do is create an AppKey for this user programmatically and compose the correct URL, that's it. As soon as you reset the password, ThingWorx will automatically delete the AppKey.

 

Here's a service, which seems to emulate password reset behavior on 7.4. You'll have to run it as Administrator, passing username as parameter. I did not validate it with PTC, so use it on your own risk:

var tokenName = 'temp-' + generateGUID();
Resources["EntityServices"].CreateApplicationKey({ name: tokenName, user: username });
var tokenValue = ApplicationKeys[tokenName].GetKeyID();
var result = "http://URL/Thingworx/FormLogin/reset/APLLICATIONNAME?Summary=" + tokenValue + "&thingworx-form-userid=" + username;

 

Regards,
Constantine

slangley
23-Emerald II
(To:slangley)

Hi @ADickinson.

 

There is not an API request to automate this.  The only use case for this scenario is not something that can be predicted--it was designed to allow a user to reset a forgotten password, and not something that can be automated.

 

Regards.

 

--Sharon

 

slangley
23-Emerald II
(To:slangley)

Hi @ADickinson.

 

If one of the previous responses answered your question, please mark the appropriate one as the Accepted Solution for the benefit of others with the same question.

 

Regards.

 

--Sharon

Announcements


Top Tags