Login Assistant component should support change password

Post here your questions about the Java client / Android API for SFS2X

Moderators: Lapo, Bax

hoanghuybao
Posts: 35
Joined: 22 Aug 2015, 16:20

Login Assistant component should support change password

Postby hoanghuybao » 08 Sep 2015, 15:39

Hi admin,

I appreciate the Sign Up/ Login assistant component but I think that we should support more operation "change password" in the Login component. It is necessary.
Please give your comment.

Regards,
Thong
User avatar
Lapo
Site Admin
Posts: 23008
Joined: 21 Mar 2005, 09:50
Location: Italy

Re: Login Assistant component should support change passwor

Postby Lapo » 08 Sep 2015, 16:54

Thanks for the suggestion.
We may be adding this in a future release.

At the moment you can change the password before-login, if you have lost it, by auto-generating a new one.

What you are asking is more of an after-login, "modify your profile" type of operation, which could allow the User to change not just the password but also other details, probably.

I've added it to our todo list

Meanwhile this can be easily implemented via an Extension request. If you're using SFS2X 2.10 I'd recommend turning on the protocol encryption to secure the transaction.

thanks
Lapo
--
gotoAndPlay()
...addicted to flash games
hoanghuybao
Posts: 35
Joined: 22 Aug 2015, 16:20

Re: Login Assistant component should support change passwor

Postby hoanghuybao » 08 Sep 2015, 17:12

Thanks for your comment. I look forward to in new release.
hoanghuybao
Posts: 35
Joined: 22 Aug 2015, 16:20

Re: Login Assistant component should support change passwor

Postby hoanghuybao » 13 Oct 2015, 15:44

Hi Lapo,

I try to implementing a module to change password with the following code:
Client:

Code: Select all

public void changePassword(String userName, String oldPassword, String newPassword) {
        SFSObject param = new SFSObject();
        param.putUtfString("userName", getUserName());
        param.putUtfString("oldPassword", oldPassword);
        param.putUtfString("newPassword", newPassword);
        sfsClient.send(new ExtensionRequest(CHANGE_PASS, param));
    }

Server side:

Code: Select all

public class ChangePasswordHandler extends BaseClientRequestHandler {

    @Override
    public void handleClientRequest(User user, ISFSObject params) {
        String userName = params.getUtfString("userName");
        String oldPassword = params.getUtfString("oldPassword");
        String newPassword = params.getUtfString("newPassword");
        ISession session = user.getSession();

        .....
       if (!getApi().checkSecurePassword(session, dbPassword, oldPassword)) {
                trace("Old password is incorrect !");
                return;
       }


The method getApi().checkSecurePassword(session, dbPword, oldPassword) does NOT work exactly with the session got from user.
Please give your comment?

Regards,
Thong Le
hoanghuybao
Posts: 35
Joined: 22 Aug 2015, 16:20

Re: Login Assistant component should support change passwor

Postby hoanghuybao » 24 Oct 2015, 03:53

Anyone help me?
User avatar
Lapo
Site Admin
Posts: 23008
Joined: 21 Mar 2005, 09:50
Location: Italy

Re: Login Assistant component should support change passwor

Postby Lapo » 24 Oct 2015, 06:37

Sorry for the late reply.
I don't understand your question:
The method getApi().checkSecurePassword(session, dbPword, oldPassword) does NOT work exactly with the session got from user.


There is only one session for a connected User, so I am not sure what you're referring to.
What is the problem exactly? What is not working?

thanks
Lapo

--

gotoAndPlay()

...addicted to flash games
hoanghuybao
Posts: 35
Joined: 22 Aug 2015, 16:20

Re: Login Assistant component should support change passwor

Postby hoanghuybao » 28 Oct 2015, 16:34

Problem: getApi().checkSecurePassword(session, dbPword, oldPassword) always returns false although oldPassword is sent correctly.
For example: registered an account A with password is "123456789" and oldPassword is "123456789". The method getApi().checkSecurePassword(session, "25f9e794323b453885f5181f1b624d0b, "123456789") returns false.
Note: dbPword is encode, 123456789 = 25f9e794323b453885f5181f1b624d0b.
User avatar
Lapo
Site Admin
Posts: 23008
Joined: 21 Mar 2005, 09:50
Location: Italy

Re: Login Assistant component should support change passwor

Postby Lapo » 28 Oct 2015, 16:51

The password is encoded every time with a unique session token.

In other words every time the user connects he gets a different unique token and the password is never sent in clear, it is sent as MD5(token + password).
The server takes the original password from the DB, makes the same hash with the client's token and matches them.

If you use checkSecurePassword(...) method out of context it won't work.

Hope it helps
Lapo

--

gotoAndPlay()

...addicted to flash games
hoanghuybao
Posts: 35
Joined: 22 Aug 2015, 16:20

Re: Login Assistant component should support change passwor

Postby hoanghuybao » 29 Oct 2015, 10:33

Do we have any solution to change password when user loged-in?
User avatar
Lapo
Site Admin
Posts: 23008
Joined: 21 Mar 2005, 09:50
Location: Italy

Re: Login Assistant component should support change passwor

Postby Lapo » 29 Oct 2015, 10:54

I think I have replied to the question in the response at the top, right after the opening post.

cheers
Lapo

--

gotoAndPlay()

...addicted to flash games
hoanghuybao
Posts: 35
Joined: 22 Aug 2015, 16:20

Re: Login Assistant component should support change passwor

Postby hoanghuybao » 29 Oct 2015, 15:06

Thanks Lapo,
I think I will build a new Login/Register Assistant component.

Return to “SFS2X Java / Android API”

Who is online

Users browsing this forum: No registered users and 11 guests