• Replies 11 replies
  • Subscribers 248 subscribers
  • Views 108 views
  • Users 0 members are here
Related

Reset Password with Token

Nick Insell
$organization

Hi Guys

I'm putting a proposal together to get our website to start using Tokens instead of clear text passwords in the Send Credentials email.  It all seems pretty straight forward to create a link in the email that will include the token.

Using this token I can login using the web API but I was wondering once you have logged in how you can update the current password.  If you don't know the password and you only have a token how do you update the current password.

The only methods I can see are UpdateLogin and UpdateLoginWithPromoCode and they require you to know the existing passwords.  So not sure how to do this.  Not sure if this is possible with the current SOAP API without creating a custom method.

How are you guys doing this?

Thanks

Nick

Parents
  • $organization

    Well, you learn something new every day!  Didn’t know GetVariables returned the password, that is why I posted this in the first place!

     

    From: Tessitura Web Forum [mailto:forums-tessitura-web@tessituranetwork.com] On Behalf Of Mark James
    Sent: 30 May 2013 17:23
    To: Nick Insell
    Subject: Re: [Tessitura Web Forum] Reset Password with Token

     

    Hi Nick,

    My last post is a little misleading on reflection - I'm actually using the GetVariables method after the user has logged in with the token which returns an object which includes the users password.

    I was actually quite suprised the password was returned in this way, but it seems to do the job for me!

    Mark

    From: Nick Insell <bounce-nicholasinsell2570@tessituranetwork.com>
    Sent: 5/30/2013 10:44:40 AM

    Hi Mark

    Which API method are you using to login to tessitura?  We couldn't get the password returned from SOAP API so we had to build a custom procedure for updating the password.  Maybe I was missing something so would be good to know.

    In the end I built a custom stored procedure that allows you to update the password based on the token that the customer uses to login.  So based on the token you can find the login and then update the login.  I can share the stored procedure with you if you would like?

    thanks

    Nick




    You were sent this email automatically because you subscribed to the Tessitura Web forum. You may reply to this message to post to the Web forum or visit the site to search, read and post to the forums. In the interest of keeping the forum posts from becoming cluttered, we encourage you to delete previous message text from your reply before sending. Thank you!

  • $organization in reply to Nick Insell

    But please don't rely on this as the password will not be stored in a session variable starting with v12.  The way to do this is to direct the token holder to a page where then can reset their password.  When you request the token you can have the temporary flag set on the login.  Then the constituent will be forced to change their password.

  • $organization in reply to Chuck Reif

    Hi Chuck,

    Thanks for this info, and apologies if I'm missing something obvious here, but can you explain to me how I enact this foreced password change without using the original password?

    I've tried setting the login status to temporary and then passing an empty string as the sPwd argument in the UpdateLoginWithPromoCode method, but no luck.

    Thanks

Reply
  • $organization in reply to Chuck Reif

    Hi Chuck,

    Thanks for this info, and apologies if I'm missing something obvious here, but can you explain to me how I enact this foreced password change without using the original password?

    I've tried setting the login status to temporary and then passing an empty string as the sPwd argument in the UpdateLoginWithPromoCode method, but no luck.

    Thanks

Children