SFS2X Docs / ExtensionsJava / signup-assistant-password-recovery
» Sign Up Assistant | Password recovery
Recovering a lost password is an integral part of any sign up process. In order to comply with this requirement the Sign Up Assistant offers a simple recovery system that can be configured via the component's settings.
In order to be able to send emails to clients, SmartFoxServer 2X must be configured appropriately. If you have skipped part 2 in this series we highly recommend to take a look at it right now.
» I have lost my password!
There are two modalities in which the Password Recovery service operates:
- SEND_OLD: this will send the old password stored in the database to the client. Unfortunately this solution will not work if the password has been stored in hashed or encrypted form in the DB.
- GENERATE_NEW: the system will generate a new password and send it to the client. This way the user is provided with a new temporary password that he will later be able to change with something more meaningful from inside the application itself (if this option is supported)
Let's see how we can setup the recovery service in our Extension code:
suac.getConfig().passwordRecovery.isActive = true; suac.getConfig().passwordRecovery.mode = RecoveryMode.SEND_OLD; suac.getConfig().passwordRecovery.email.fromAddress = "passwordRecovery@myapplication.com"; suac.getConfig().passwordRecovery.email.subject = "Password recovery service"; suac.getConfig().passwordRecovery.email.template = "SignUpEmailTemplates/PasswordRecovery.html";
If the component is configured to use PasswordMode.MD5 the password recovery service will work exclusively in GENERATE_NEW mode. Otherwise you can choose between the two recovery modalities.
Similarly to the activation step, the password recovery process allows you to configure an email template, stored under the Extension folder, that will be used to transmit the email back to the client.
Once the service is configured the client will be able to send his login name and receive the password back in his email box. This is what the client request looks like:
// Define SignUp extension command private string CMD_RECOVER = "$SignUp.Recover";
/** * Request password recovery. */ private void sendSignUpData() { ISFSObject sfso = SFSObject.NewInstance(); sfso.PutUtfString("username", "MyUserName"); sfs.Send(new Sfs2X.Requests.ExtensionRequest(CMD_RECOVER, sfso)); }
/** * Process extension response. */ private void OnExtensionResponse(BaseEvent evt) { string cmd = (string)evt.Params["cmd"]; SFSObject sfso = (SFSObject)evt.Params["params"]; if (cmd == CMD_RECOVER) { if (sfso.getBool("success")) Console.WriteLine("The password was sent to your email box"); else Console.WriteLine("Password Recovery error:" + (string)evt.Params["errorMessage"]); } }
// Define SignUp extension command var CMD_RECOVER = "$SignUp.Recover";
/** * Request password recovery. */ function sendSignUpData() { var sfso = new SFS2X.SFSObject(); sfso.putUtfString("username", "MyUserName"); sfs.send(new SFS2X.ExtensionRequest(CMD_RECOVER, sfso)); }
/** * Process extension response. */ function onExtensionResponse(evt) { var cmd = evt.cmd; var sfso = evt.params; if (cmd == CMD_RECOVER) { if (sfso.getBool("success")) console.log("The password was sent to your email box"); else console.warn("Password Recovery error:" + evt.errorMessage); } }
// Define SignUp extension command var CMD_RECOVER:String = "$SignUp.Recover";
/** * Request password recovery. */ private function sendSignUpData():void { var sfso:SFSObject = new SFSObject(); sfso.putUtfString("username", "MyUserName"); sfs.send(new ExtensionRequest(CMD_RECOVER, sfso)); }
/** * Process extension response. */ private function onExtensionResponse(evt:SFSEvent):void { var cmd:String = evt.params["cmd"]; var sfso:ISFSObject = evt.params["params"]; if (cmd == CMD_RECOVER) { if (sfso.getBool("success")) trace("The password was sent to your email box"); else trace("Password Recovery error:" + evt.params["errorMessage"]); } }
In the example we send username as the key for the client name. Please remember that the key must match the user name field in the database. The server will reply with a success parameter or otherwise will report a server error.
» Identifying users
Since SFS2X 2.12.0 we have added the possibility for the client to send one of several configured fields to identify him/herself and recover the password.
This means that developers can specify which fields in the DB should be used as a match for password recovery, instead of forcing the client to remember the login name. For example the client application may ask for either the login name or the email used for registration, or even some other ID that maybe was obtained by buying a physical good.
From the server side configuration we just need to specify the names of the fields in the DB that we allow as a match for password recovery:
suac.getConfig().passwordRecovery.isActive = true; suac.getConfig().passwordRecovery.allowedRecoveryFields = Arrays.asList("user_name", "user_email", "user_secret_code";
When the allowedRecoveryFields parameter is configured on the server side we will need to send a slightly different request to recover our password:
/** * Request password recovery. */ private void sendSignUpData() { ISFSObject sfso = SFSObject.NewInstance(); sfso.PutUtfString("field", "user_email"); sfso.PutUtfString("value", "kermit@muppets.com"); sfs.Send(new Sfs2X.Requests.ExtensionRequest(CMD_RECOVER, sfso)); }
/** * Request password recovery. */ function sendSignUpData() { var sfso = new SFS2X.SFSObject(); sfso.putUtfString("field", "user_email"); sfso.putUtfString("value", "kermit@muppets.com"); sfs.send(new SFS2X.ExtensionRequest(CMD_RECOVER, sfso)); }
/** * Request password recovery. */ private function sendSignUpData():void { var sfso:SFSObject = new SFSObject(); sfso.putUtfString("field", "user_email"); sfso.putUtfString("value", "kermit@muppets.com"); sfs.send(new ExtensionRequest(CMD_RECOVER, sfso)); }
The code looks exactly like the previous example but we've changed the parameters sent to the server
- 'field': species the name of the DB field to be use for matching
- 'value': specifies the name of the value that should be matched
Naturally the field parameter will be checked against those allowed by the configuration and rejected if it's not in provided list.
The server response will be the same as in the first example.
» Wrapping up
This article completes the tour of the features provided by the SignUpAssistant component. In the next we will learn how to customize the error messages.
Choose your next destination: