Creating an option to allow users to retrieve their password - Mendix Forum

Creating an option to allow users to retrieve their password

1

Good morning,

I have tried using the forgot password widget, but it was not working for me.

So I am trying to create one myself like…

ForgotPassword is a non persistante table so that I can store the email address of the user (input on a form by the user) 

Using that email address, I want to retrieve the password of the user 

and finally I will call my encrypted email microflow to send email to the user’s email address.

I am having trouble with the retrieve user account portion using the input email address

Any suggestions?

 

asked
3 answers
2

The forgot password module doesn’t seem to be compatible with Mendix 8.0 or 8.1!

answered
2

Hi Daniel,

The problem with what you are trying to achieve is the following step

> Using that email address, I want to retrieve the password of the user 

This is not possible as the password of the user is not stored on the server or in the database. For security reasons only a hash of the password is stored. This hash can be used to verify if a user has typed in the correct password, but it is not possible to obtain the password if you only know the hash.

Instead what you can do is let users choose a new password for their account after receiving a reset password link in the email that is associated with that account. This can be done easily with the forgot password module.

-Andrej

EDIT: Fixed typo

answered
1

You won’t be able to retrieve the user’s password as this is encrypted using a one way hash.

I would not recommend sending a new password in an email. You should probably look at providing the user with a one time and time limited link to set a new password themselves. Send this link to the registered account email. If you have any other information associated with the user’s account you could use this for additional validation.

answered