password-reset-service
Service icon

Password Reset Service

Stable version 0.3.1 (Compatible with OutSystems 11)
Published on 28 Jan by 
3.7
 (3 ratings)
password-reset-service

Password Reset Service

Documentation
0.3.1

Password Reset Service

Server side service to help your apps manage user tokens typically used for password recovery via email.

Check the demo for implementation details


Methods

UserToken_Create

Returns a recovery URL from email, domain, module, page and parameter.

If the URL returns empty, it means the system couldn't identify a single user associated with the email. You can use this to decide if an email should be sent anyway just in case the user has multiple email accounts and can't remember which one was used. 

The domain for the URL must be pre authorized.

The module must exist in the espace table.

There is a limit to how many requests can be performed from a single IP address.

There is a limit to how many request can be performed for a valid email.

ALWAYS use a server side method to call this API.

Parameters:

  • ClientIPAddress
    • This represents the client IP address, you can use the getIP from the HTTPRequestHandler library.
    • Since this is a service methods always use a server method to call this API.
  • UserToken_Request
    • Email - The email to be searched
    • Domain - A pre-registered domain authorized to use this service.
    • Module - the Name of the module
    • Page - The name of the page
    • Parameter - The parameter to accept the token


The URL will be created as:

https://domain/module/page?parameter=token


UserToken_PasswordUpdate

Updates the user password associated with the token if valid.

ALWAYS use a server side method to call this API.

Parameters:

  • ClientIPAddress
    • This represents the client IP address, you can use the getIP from the HTTPRequestHandler library.
    • Since this is a service methods always use a server method to call this API.
  • Token - The token accepted by your reset password page used to validate the request
  • Password - The plain text new password 


The password update will complete if:

  • The token exists and is not expired
    • Make sure you add the desired password length and complexity verification.


UserToken_Validate

Validates a token.

ALWAYS use a server side method to call this API.

Parameters:

  • ClientIPAddress
    • This represents the client IP address, you can use the getIP from the HTTPRequestHandler library.
    • Since this is a service methods always use a server method to call this API.
  • Token - The token accepted by your reset password page used to validate the request


Use this method when loading the reset page before allowing the user to enter any inputs.


UserToken_RegisterDomain

Registers a domain as an authorized domain for password recovery URL

ALWAYS use an server side method to call this API.

Requires user to have the PasswordResetService role


UserToken_UnRegisterDomain

Unregisters a domain as an authorized domain for password recovery URL.

ALWAYS use an server side method to call this API.

Requires user to have the PasswordResetService role.


Site Properties

IP_Expiration

Seconds until ip address log expires, default 5

IP_MaxRequests

Maximum number of requests acceptable before IP address log expires, default 20.

Token_Expiration

Minutes until token expires, default 1440 (24hrs)

Token_MaxRequests

Maximum number of requests acceptable for the same email before the token expires


Timers

Token_Purge

Remove expired tokens

ServiceUser_Create

A service user can be automatically created by this module, and grated the PasswordResetService role.