Hi admin,
I appreciate the Sign Up/ Login assistant component but I think that we should support more operation "change password" in the Login component. It is necessary.
Please give your comment.
Regards,
Thong
Login Assistant component should support change password
-
- Posts: 35
- Joined: 22 Aug 2015, 16:20
Re: Login Assistant component should support change passwor
Thanks for the suggestion.
We may be adding this in a future release.
At the moment you can change the password before-login, if you have lost it, by auto-generating a new one.
What you are asking is more of an after-login, "modify your profile" type of operation, which could allow the User to change not just the password but also other details, probably.
I've added it to our todo list
Meanwhile this can be easily implemented via an Extension request. If you're using SFS2X 2.10 I'd recommend turning on the protocol encryption to secure the transaction.
thanks
We may be adding this in a future release.
At the moment you can change the password before-login, if you have lost it, by auto-generating a new one.
What you are asking is more of an after-login, "modify your profile" type of operation, which could allow the User to change not just the password but also other details, probably.
I've added it to our todo list
Meanwhile this can be easily implemented via an Extension request. If you're using SFS2X 2.10 I'd recommend turning on the protocol encryption to secure the transaction.
thanks
-
- Posts: 35
- Joined: 22 Aug 2015, 16:20
Re: Login Assistant component should support change passwor
Thanks for your comment. I look forward to in new release.
-
- Posts: 35
- Joined: 22 Aug 2015, 16:20
Re: Login Assistant component should support change passwor
Hi Lapo,
I try to implementing a module to change password with the following code:
Client:
Server side:
The method getApi().checkSecurePassword(session, dbPword, oldPassword) does NOT work exactly with the session got from user.
Please give your comment?
Regards,
Thong Le
I try to implementing a module to change password with the following code:
Client:
Code: Select all
public void changePassword(String userName, String oldPassword, String newPassword) {
SFSObject param = new SFSObject();
param.putUtfString("userName", getUserName());
param.putUtfString("oldPassword", oldPassword);
param.putUtfString("newPassword", newPassword);
sfsClient.send(new ExtensionRequest(CHANGE_PASS, param));
}
Server side:
Code: Select all
public class ChangePasswordHandler extends BaseClientRequestHandler {
@Override
public void handleClientRequest(User user, ISFSObject params) {
String userName = params.getUtfString("userName");
String oldPassword = params.getUtfString("oldPassword");
String newPassword = params.getUtfString("newPassword");
ISession session = user.getSession();
.....
if (!getApi().checkSecurePassword(session, dbPassword, oldPassword)) {
trace("Old password is incorrect !");
return;
}
The method getApi().checkSecurePassword(session, dbPword, oldPassword) does NOT work exactly with the session got from user.
Please give your comment?
Regards,
Thong Le
-
- Posts: 35
- Joined: 22 Aug 2015, 16:20
Re: Login Assistant component should support change passwor
Anyone help me?
Re: Login Assistant component should support change passwor
Sorry for the late reply.
I don't understand your question:
There is only one session for a connected User, so I am not sure what you're referring to.
What is the problem exactly? What is not working?
thanks
I don't understand your question:
The method getApi().checkSecurePassword(session, dbPword, oldPassword) does NOT work exactly with the session got from user.
There is only one session for a connected User, so I am not sure what you're referring to.
What is the problem exactly? What is not working?
thanks
-
- Posts: 35
- Joined: 22 Aug 2015, 16:20
Re: Login Assistant component should support change passwor
Problem: getApi().checkSecurePassword(session, dbPword, oldPassword) always returns false although oldPassword is sent correctly.
For example: registered an account A with password is "123456789" and oldPassword is "123456789". The method getApi().checkSecurePassword(session, "25f9e794323b453885f5181f1b624d0b, "123456789") returns false.
Note: dbPword is encode, 123456789 = 25f9e794323b453885f5181f1b624d0b.
For example: registered an account A with password is "123456789" and oldPassword is "123456789". The method getApi().checkSecurePassword(session, "25f9e794323b453885f5181f1b624d0b, "123456789") returns false.
Note: dbPword is encode, 123456789 = 25f9e794323b453885f5181f1b624d0b.
Re: Login Assistant component should support change passwor
The password is encoded every time with a unique session token.
In other words every time the user connects he gets a different unique token and the password is never sent in clear, it is sent as MD5(token + password).
The server takes the original password from the DB, makes the same hash with the client's token and matches them.
If you use checkSecurePassword(...) method out of context it won't work.
Hope it helps
In other words every time the user connects he gets a different unique token and the password is never sent in clear, it is sent as MD5(token + password).
The server takes the original password from the DB, makes the same hash with the client's token and matches them.
If you use checkSecurePassword(...) method out of context it won't work.
Hope it helps
-
- Posts: 35
- Joined: 22 Aug 2015, 16:20
Re: Login Assistant component should support change passwor
Do we have any solution to change password when user loged-in?
Re: Login Assistant component should support change passwor
I think I have replied to the question in the response at the top, right after the opening post.
cheers
cheers
-
- Posts: 35
- Joined: 22 Aug 2015, 16:20
Re: Login Assistant component should support change passwor
Thanks Lapo,
I think I will build a new Login/Register Assistant component.
I think I will build a new Login/Register Assistant component.
Return to “SFS2X Java / Android API”
Who is online
Users browsing this forum: No registered users and 36 guests