Page 1 of 1

Login Assistant component should support change password

Posted: 08 Sep 2015, 15:39
by hoanghuybao
Hi admin,

I appreciate the Sign Up/ Login assistant component but I think that we should support more operation "change password" in the Login component. It is necessary.
Please give your comment.

Regards,
Thong

Re: Login Assistant component should support change passwor

Posted: 08 Sep 2015, 16:54
by Lapo
Thanks for the suggestion.
We may be adding this in a future release.

At the moment you can change the password before-login, if you have lost it, by auto-generating a new one.

What you are asking is more of an after-login, "modify your profile" type of operation, which could allow the User to change not just the password but also other details, probably.

I've added it to our todo list

Meanwhile this can be easily implemented via an Extension request. If you're using SFS2X 2.10 I'd recommend turning on the protocol encryption to secure the transaction.

thanks

Re: Login Assistant component should support change passwor

Posted: 08 Sep 2015, 17:12
by hoanghuybao
Thanks for your comment. I look forward to in new release.

Re: Login Assistant component should support change passwor

Posted: 13 Oct 2015, 15:44
by hoanghuybao
Hi Lapo,

I try to implementing a module to change password with the following code:
Client:

Code: Select all

public void changePassword(String userName, String oldPassword, String newPassword) {
        SFSObject param = new SFSObject();
        param.putUtfString("userName", getUserName());
        param.putUtfString("oldPassword", oldPassword);
        param.putUtfString("newPassword", newPassword);
        sfsClient.send(new ExtensionRequest(CHANGE_PASS, param));
    }

Server side:

Code: Select all

public class ChangePasswordHandler extends BaseClientRequestHandler {

    @Override
    public void handleClientRequest(User user, ISFSObject params) {
        String userName = params.getUtfString("userName");
        String oldPassword = params.getUtfString("oldPassword");
        String newPassword = params.getUtfString("newPassword");
        ISession session = user.getSession();

        .....
       if (!getApi().checkSecurePassword(session, dbPassword, oldPassword)) {
                trace("Old password is incorrect !");
                return;
       }


The method getApi().checkSecurePassword(session, dbPword, oldPassword) does NOT work exactly with the session got from user.
Please give your comment?

Regards,
Thong Le

Re: Login Assistant component should support change passwor

Posted: 24 Oct 2015, 03:53
by hoanghuybao
Anyone help me?

Re: Login Assistant component should support change passwor

Posted: 24 Oct 2015, 06:37
by Lapo
Sorry for the late reply.
I don't understand your question:
The method getApi().checkSecurePassword(session, dbPword, oldPassword) does NOT work exactly with the session got from user.


There is only one session for a connected User, so I am not sure what you're referring to.
What is the problem exactly? What is not working?

thanks

Re: Login Assistant component should support change passwor

Posted: 28 Oct 2015, 16:34
by hoanghuybao
Problem: getApi().checkSecurePassword(session, dbPword, oldPassword) always returns false although oldPassword is sent correctly.
For example: registered an account A with password is "123456789" and oldPassword is "123456789". The method getApi().checkSecurePassword(session, "25f9e794323b453885f5181f1b624d0b, "123456789") returns false.
Note: dbPword is encode, 123456789 = 25f9e794323b453885f5181f1b624d0b.

Re: Login Assistant component should support change passwor

Posted: 28 Oct 2015, 16:51
by Lapo
The password is encoded every time with a unique session token.

In other words every time the user connects he gets a different unique token and the password is never sent in clear, it is sent as MD5(token + password).
The server takes the original password from the DB, makes the same hash with the client's token and matches them.

If you use checkSecurePassword(...) method out of context it won't work.

Hope it helps

Re: Login Assistant component should support change passwor

Posted: 29 Oct 2015, 10:33
by hoanghuybao
Do we have any solution to change password when user loged-in?

Re: Login Assistant component should support change passwor

Posted: 29 Oct 2015, 10:54
by Lapo
I think I have replied to the question in the response at the top, right after the opening post.

cheers

Re: Login Assistant component should support change passwor

Posted: 29 Oct 2015, 15:06
by hoanghuybao
Thanks Lapo,
I think I will build a new Login/Register Assistant component.