Configure the 'Forgot password' function

Triggering event: Reset requested

The functionality for automatic e-mailing of password change tokens to users who have forgotten their password requires the configuration of Ereignisbehandlung for this purpose.

images/download/attachments/62850893/image2018-5-25_12_15_56-version-1-modificationdate-1603694207373-api-v2.png

The event handling must react to the Passwort-Ereignis Reset requested (1).


images/download/attachments/62850893/image2018-5-28_8_12_4-version-1-modificationdate-1603694207371-api-v2.png

Checking rule: Static 'true'

You can use a Static rule with the value ON (1) or true (that is, 'true', always fulfilled) as a check rule, since event handling should only be triggered by the event Reset requested, which requires no additional checks.

NOTE◄ The event Reset requested is only triggered if the link Forgot password? has been selected in the login dialog and plausible user account information has been entered (for details, see 'Forgot password' function). At this point, there is no 'session', that is, no specific logon context to which Resolvers (e.g. Company of session, Role of session, User of session) could refer within event handling.

Action: E-mail

As an action (1) the E-mail (3) action from the Export (2) group should be added.

images/download/attachments/62850893/image2018-5-28_8_13_49-version-1-modificationdate-1603694207368-api-v2.png

Content for message text (token, link)

As a rule, a link should be provided to the user in the e-mail message, which allows the user to change the password directly. This link must be structured as follows:

  • <SCM_URL> /[<Start page>] ?pwdRequestToken = <generated token> )

Component

Description

Example

<SCM_URL>

Base URL for calling Lobster Data Platform / Orchestration (without start page)

http://scm_portal.lobster.de

[<Start page>]

OPTIONAL: Start page for calling Lobster Data Platform / Orchestration

desktop.html

?pwdRequestToken =

Call parameter pwdRequestToken, to which the generated token is assigned as a value

?pwdRequestToken= (always exactly this text)

<generated token>

String of the token automatically generated by the event

MTY4amZyZHhqa2x5ayMxNTM2NTY8QTg3MDA0I0tJTExNRTI%3D

The data for components for this link are provided in the context of the Reset requested event via the following variables (some in combinations):

Variable names

Components

Example

PASSWORD_FORGOTTEN_REQUEST_TOKEN

<generated token>

MTY4amZyZHhqa2x5ayMxNTM2NTY8QTg3MDA0I0tJTExNRTI%3D

PASSWORD_FORGOTTEN_SCM_URL

<SCM_URL>

http://scm_portal.lobster.de

PASSWORD_FORGOTTEN_SCM_URL_COMPLETE

<SCM_URL> ?pwdRequestToken= <generated token>

http://scm_portal.lobster.de?pwdRequestToken=MTY4amZyZHhqa2x5ayMxNTM2NTY8QTg3MDA0I0tJTExNRTI%3D

PASSWORD_FORGOTTEN_SCM_URL_COMPLETE_DESKTOP

<SCM_URL> ?pwdRequestToken= <generated token>

http://scm_portal.lobster.de/desktop-html?pwdRequestToken=MTY4amZyZHhqa2x5ayMxNTM2NTY8QTg3MDA0I0tJTExNRTI%3D

NOTE◄ The specification of the 'Start page' can be omitted without replacement since Lobster Data Platform / Orchestration version 4.0.0, since only the default start page (desktop.html) is supported from this version onwards.

Example for the structure of the mail body with these variables

images/download/attachments/62850893/image2018-5-28_8_14_27-version-1-modificationdate-1603694207364-api-v2.png

In the example, the mail Subject (1) is set as static text. The Body content type (2) is set to 'text/plain'.

To access the generated token, the content creator Template can be selected for the Mail body creator (3).
The user's print XML is passed to this Content builder, which also contains the values of the variables (as 'storage entries'). The access to the values variables is then done via XPath expressions, with the variable name as 'key'.

In the above example, the following expressions were used:

Nr.

Expression

1

http://localhost:9080/SCM/desktop.html?pwdRequestToken={/core:Print/storage/entry[key='PASSWORD_FORGOTTEN_REQUEST_TOKEN']/value}

2

{/core:Print/storage/entry[key='PASSWORD_FORGOTTEN_SCM_URL']/value}/desktop.html?pwdRequestToken={/core:Print/storage/entry[key='PASSWORD_FORGOTTEN_REQUEST_TOKEN']/value}

3

{/core:Print/storage/entry[key='PASSWORD_FORGOTTEN_SCM_URL_COMPLETE']/value}

4

{/core:Print/storage/entry[key='PASSWORD_FORGOTTEN_SCM_URL_COMPLETE_DESKTOP']/value}


Mail generation result (1):

images/download/attachments/62850893/image2017-5-23_9_15_10-version-1-modificationdate-1603694207354-api-v2.png
The URL (2) is of course different on each Lobster Data Platform / Orchestration system.

NOTE◄ If "text/html" (instead of "text/plain") is used for the Body content type, the link can be 'hidden' with the token in an anchor element and provided with arbitrarily formatted plain text, for example:

images/download/attachments/62850893/image2018-9-10_16_3_27-version-1-modificationdate-1603694207381-api-v2.png

Result:
images/download/attachments/62850893/image2018-9-10_16_4_11-version-1-modificationdate-1603694207384-api-v2.png

Addressing the e-mail

images/download/attachments/62850893/image2018-5-28_8_20_41-version-1-modificationdate-1603694207347-api-v2.png

The recipient address for the mail dispatch is provided by a separate variable 'PASSWORD_FORGOTTEN_REQUEST_MAIL'.

The variable does not contain the mail address directly as a string, but the entire data element of the Type 'Communication information' from the user account with which the match was made when the token was requested.

To 'resolve' the string of the mail address, a value resolver of the variable type (1) with the variable Name (2) 'PASSWORD_FORGOTTEN_REQUEST_MAIL' and the Type (3) 'Communication infos' data type must be used.

The mail address then returns the field 'Value (communicationValue)' (4).