Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

Table of Contents
maxLevel2
minLevel2
excludeTable of Contents

 

The password reset API consists in 2 mandatory and 1 optional step. The mandatory steps are the initiation of the password reset request and its confirmation. The optional step is to check the status of a previously submitted request. 

...

  1. Creates a token with a short lifespan (2 10 minutes).
  2. Creates an entry in a PasswordResetRequest table associating the token and the email id of the user that is initiating the request. This association prevents any valid token (other than the one that was specifically created for this purpose) to reset a user's password and/or pin. 
  3. Optionally emails the user a link that can be used to reset his/her password. (the link contains the generated token and the email id of the user)

The output of this operation is:

  1. A 'success' status of 'false' and a corresponding 'failMessage' if:
    1. The provided email user doesn't exist.
    2. There is some internal error in the operation.
  2. A 'success' status of 'true' if the operation was successfully completed in addition of the following information:
    1. token: The generated token in case it is needed by the client.
    2. resetURL: The original URL sent by the client but with any additional information added by the server (like the placeholder replaced with the correct token).

...

NameTypeMandatoryDescription
emailusernameStringYesThe email username of the user initiating the request.
resetURLStringNo

DEFAULT: null

The URL that will be sent to the user via email. This URL may have 2 placeholders: {token} and {emailuserId} that this service will replace with the generated token for the request and the email id of the initiating user.

sendEmailBooleanNo

DEFAULT: 'false'

Indicates whether an notification email should be sent to the user.

...

http://192.168.1.126:8080/PresentationServices/passwordReset/init?emailusername=e@e.com15&resetURL=http%3A%2F%2F127.0.0.1%3A8888%2Fportal.html%3Fpage%3Dreset%26resettoken%3D%7Btoken%7D

Code Block
languagejs
titleResult
collapsetrue
{
data: {
token: "19c65444-324a-4449-a8de-706ebe9cf8a9",
resetURL: "http://127.0.0.1:8888/portal.html?page=reset&resettoken=19c65444-324a-4449-a8de-706ebe9cf8a9"
},
statusFact: {
success: true
}
}

Non existing

...

user

http://192.168.1.126:8080/PresentationServices/passwordReset/init?emailusername=non-existing@e.comexisting&resetURL=http%3A%2F%2F127.0.0.1%3A8888%2Fportal.html%3Fpage%3Dreset%26resettoken%3D%7Btoken%7D

Code Block
languagejs
titleResult
collapsetrue
{
statusFact: {
failMessage: "Unknown user for provided emailusername",
success: false
}
}

 

Password Reset Request Status

...

  1. Check if an entry in PasswordResetRequest table exists for a provided email user id and token.

The output of this operation is:

...

NameTypeMandatoryDescription
emailuserIdStringYesThe email id of the user we want to check. (please not confuse the username used in the previous operation with the user id used in this one)
tokenStringYesThe token generated in the previous step. Only tokens generated by the 'initiate password/pin' operation are allowed by this operation.

...

http://192.168.1.126:8080/PresentationServices/passwordReset/status?emailuserId=e@e.compoda&token=93254c85-be0d-4eed-9d17-e6aada743c5f

Code Block
languagejs
titleResult
collapsetrue
{
data: {
pending: true
},
statusFact: {
success: true
}
}

Non-existing

...

user/pending operation/wrong token

http://192.168.1.126:8080/PresentationServices/passwordReset/status?emailuserId=e@e.compodc&token=93254c85-be0d-4eed-9d17-e6aada743c5f

...

  1. A 'success' status of 'false' if:
    1. There is not entry for the provided token in PasswordResetRequest.
    2. If the provided email user id  and token don't match the existing PasswordResetRequest entry.
    3. There is some internal error in the operation.
  2. A 'success' status of 'true' if the operation was successfully completed.

...

NameTypeMandatoryDescription
emailuserIdStringYesThe email id of the user we want to modify.
tokenStringYesThe password reset token associated with the provided emailuser id.
passwordStringNo, unless pin is not providedThe new password we want to assign to the user. If this parameter is not provided, the original password of the user is not modified.
pinStringNo, unless password is not providedThe new pin we want to assign to the user. If this parameter is not provided, the original pin of the user is not modified.

...

http://192.168.1.126:8080/PresentationServices/passwordReset/confirm?emailuserId=e@e.compoda&token=573e3b16-8acb-462a-8713-3aa63fda7395&password=newPass&pin=newPin

...