Sign Up Assistant | Password Recovery
Recovering a lost password is an integral part of any sign up process. In order to comply with this requirement the Sign Up Assistant offers a simple recovery system that can be configured via the component's settings.
In order to be able to send emails to clients, SmartFoxServer 3 must be configured appropriately. If you have skipped part 2 in this series we highly recommend to take a look at it right now.
I have lost my password!
When recovering a lost password the system will generate a new password and send it to the client. This way the user is provided with a new temporary password that can be changed later from inside the application itself (if this option is supported).
Let's see how we can setup the recovery service in our Extension code:
suac.getConfig().passwordRecovery.isActive = true;
suac.getConfig().passwordRecovery.email.fromAddress = "passwordRecovery@myapplication.com";
suac.getConfig().passwordRecovery.email.subject = "Password recovery service";
suac.getConfig().passwordRecovery.email.template = "SignUpEmailTemplates/PasswordRecovery.html";
Similar to the activation step, the password recovery process allows to configure an email template, stored under the Extension folder, and used to send the email back to the client.
Once the service is configured the client will be able to send his login name and receive the password back in his email box. This is what the client request looks like:
/**
* Request password recovery.
*/
private void sendSignUpData()
{
var sfso = new SFSObject();
sfso.PutShortString("username", "MyUserName");
sfs.Send(new ExtensionRequest(CMD_RECOVER, sfso));
}
/**
* Process extension response.
*/
private void OnExtensionResponse(BaseEvent evt)
{
var cmd = (string) evt.Params["cmd"];
var sfso = (SFSObject) evt.Params["params"];
if (cmd == CMD_RECOVER)
{
if (sfso.GetBool("success"))
Console.WriteLine("The password was sent to your email box");
else
Console.WriteLine("Password Recovery error:" + (string)evt.Params["errorMessage"]);
}
}
In the example we send username as the key for the client name. Please remember that the key must match the user name field in the database. The server will reply with a success parameter or otherwise will report a server error.
Identifying users
It is possible for the client to send one of several configured fields to identify themselves and recover the password.
This means that developers can specify which fields in the DB should be used as a match for password recovery, instead of forcing the client to remember the login name. For example the application may ask for either the login name or the email used for registration.
From the server side configuration we just need to specify the names of the fields in the DB that we allow as a match for password recovery:
When the allowedRecoveryFields parameter is configured on the server side we will need to send a slightly different request to recover our password:
The code looks exactly like the previous example, but we've changed the parameters sent to the server:
- field: specifies the name of the DB field to be use for matching
- value: specifies the name of the value that should be matched
The field parameter will be checked against those allowed by the configuration and rejected if it's not in the provided list.
The server response will be the same as in the first example.
Wrapping up
This article completes the tour of the features provided by the SignUpAssistant. In the next article we will learn how to customize the error messages.
Choose your next destination: