Developer forum

Forum » Development » Reset password notification

Reset password notification

E-mail notifications
Roald Haahr
Reply
Posted on 28/05/2021 14:14:21

Is there a notification subscriber that can be used in order to catch when a password is reset? I have tried to implement a number of notification subscribers by now with no luck.

Kind regards,
Roald


Replies

 
Nicolai Pedersen
Posted on 28/05/2021 14:21:24
Reply
This post has been marked as an answer

This one I believe: Standard.User.OnBeforeForgotPassword

https://doc.dynamicweb.com/api/html/38e99bed-b879-1ff0-5294-97e4a88f9276.htm

BR Nicolai

Votes for this answer: 1
 
Alexandru Ciobanu
Posted on 19/11/2023 13:46:59
Reply

Hello,

Can you offer me some clarifications about this notification please?

What I am trying to achieve is, call an external service with the new password that has just been reset by the normal DW pw reset flow (email --> new password form).

I was expecting as the user inputs a new password and clicks submit, that this notification would get triggered, but it seems like this is not the case!?
At this moment, this notification is not being triggered neither when the user receives the password reset email nor when the user actually inputs a new pw and clicks submit.

In short, what I am looking for, is to get the new password everytime a DW user completes the password reset flow and succesfully changes his user pw.

Please advise, Thanks!

Alexandru Ciobanu
.NET Developer, Commergent

 
Nicolai Pedersen Dynamicweb Employee
Nicolai Pedersen
Posted on 20/11/2023 10:47:35
Reply
This post has been marked as an answer

Hi Alexandru

This notification is "BeforeForgotPassword" which happens when you use the "Send new password" option of the forgot password feature.

You have no access to new passwords and they are stored hashed in the database for security reasons - also you should really not broadcast passwords anywhere in clear text.

Either way, you have to listen for the post of the form where the user enters the new password - you can use Dynamicweb.Notifications.Standard.Page.AfterOutput to listen for it after it has been reset, or Dynamicweb.Notifications.Standard.Page.Loaded before th password has been reset.

The POST body will look something like this - the new password in clear text will be in the UserManagement_Form_NewPassword filed of the POST request.

LoginAction=ChangePassword&RecoveryToken={token}&UserManagement_Form_NewPassword={newpassword}

Be careful with that information.

 

Votes for this answer: 1
 
Alexandru Ciobanu
Posted on 21/11/2023 08:48:05
Reply

Hello,

Thank you for your input, it is indeed helpful.

Is there any way to get the associated email for that password reset from the request/token, or do I need to implement a similar method as FindUserByRecoveryToken() and get the email through the user?

I need both the email and password.

 
Nicolai Pedersen Dynamicweb Employee
Nicolai Pedersen
Posted on 21/11/2023 16:15:49
Reply
This post has been marked as an answer

You have to use the token to look up the user from the database.

Votes for this answer: 1

 

You must be logged in to post in the forum