Auth - Forgot Password
/auth/forgotpassword?username={user}&password={token}&new_password={new_password}&test_token={true|false}
A 2 stage process to reset a user's password:
- Firstly, when only the username is specified, an email is sent to the specified user's registered email account. This email contains a link to the "forgotpassword" REST call, except contains a temporary token that is good for 24hours
- Secondly, when called with the token (in the password field), generates a random password for the user and sends that in an email to the user's registered address.
The "temporary" password can then be used to set the desired password via the Update Password call.
Alternatively:
If your system admin sets the api config variable "api.forgotpassword.url=" an alternative password reset flow will occur that allows redirecting to your own change password page. This config variable is typically found in your clusters /opt/infinite-home/config/infinite.api.properties file. This config variable can contain a substitution variable $$HASH$$ which will be replaced with the 24h token e.g. api.forgotpassword.url=http://www.mylogin.com?hash=$$HASH$$ will be replaced to http://www.mylogin.com?hash=my_hash_12345
The first email sent requesting if you want to do a password reset will now contain this link instead of the link back to the forgot password api. Typically you would use this so the user can be transferred to a password reset form on your ui. From your ui you can send a request to the password reset api with the passed on token to change the password to their requested new password e.g. http://infinite.ikanow.com/api/auth/forgotpassword?password=my_hash_12345&new_password=WZRHGrsBESr8wYFZ9sx0tPURuZgG2lmzyvWpwXPKz8U%3D
Additional config parameters you can setup to modify the sent email are:
api.forgotpassword.url={url to login ui you want} - supports replacing $$HASH$$ with the authentication token needed to change this users password
api.forgotpassword.subject={email subject line you want}
api.forgotpassword.body={email body you want} - supports replacing $$NAME$$ with users first + last name and $$LINK$$ for the url config param
The new_password is a SHA256 hashed password. This will change the users password to the passed in password.
Authentication
As described above, can be called without authentication, in order to send an email containing a "reset password" link to the user's registered address; or with authentication (password specified, not logged in normally ie with a cookie) to reset the user's password to a random string (again sent by email to the user's address).
Arguments
- username (step 1) - the username to reset.
- password (step 2) - if not present, will just send an email containing a link to the REST calling containing a 24hour token; if present, will reset the user's password and send a link containing that new password. This is not actually a password but a temporary token for resetting password received in step 1 (calling this function with only a username).
- new_password (optional - step 2) - if present, will set the users password to this, this must be SHA256 hashed (see create user page) This must be used in conjunction with the password parameter (being set to the token from step 1)
- test_token (option - step 2) - if set to true and "password" param has the token, will test if that token is still valid and return back a success=true|false message
Example
Stage 1
http://infinite.ikanow.com/api/auth/forgotpassword?username=user@ikanow.com
Stage 2
http://infinite.ikanow.com/api/auth/forgotpassword?password=WZRHGrsBESr8wYFZ9sx0tPURuZgG2lmzyvWpwXPKz8U%3D
Example Response
Stage 1:
{ response: { action: "Reset Password" success: true message: "Email has been sent containing link to reset password." time: 91 } }
Stage 2:
{ response: { action: "Reset Password" success: true message: "Password reset successfully, new password has been emailed to user." time: 91 } }