Post Reply
fender
Posts: 0
Joined: Sun Sep 01, 2013 9:03 am

Forgot Password Service

Yes, working fine so far, no issues that I know of. It uses username as the input. cheers

cvc
Posts: 0
Joined: Sat Nov 09, 2013 5:12 am

Forgot Password Service

It took me quite some time to tie the various pieces of the discussions about this topic so I thought I might share my solution following Katya's and fender's suggestions to help anyone who might want to quickly copy and paste and go..

Script 1 To send email with temporary password:
var responseBody = {},
//header request parameters
dbId = 'paste database ID',
masterKey = "Database master Key",//end of header parameters
requestParams = {},
paramKeys = request.keys();
for (var key = 0; key < paramKeys.length; key++) {
requestParams[paramKeys[key]] = request.get(paramKeys[key]);
}

// declare request parameters
var email = requestParams['email'];
var tempPass = Math.random().toString(36).slice(-12);

try {
//find the user
var XHRResponse = XHR.send("GET", "https://api.appery.io/rest/1/db/users/", {
"headers": {
"X-Appery-Database-Id": dbId,
"X-Appery-Master-Key": masterKey
},
"parameters": {
"where": encodeURIComponent('{"email": "' + email + '"}')
}
});

//
//hUpdate User collection for user with E - mail == 'email' (set secret_code = 'temtempPass')
if (XHRResponse.body.length) {

Code: Select all

 var userId = XHRResponse.body[0]["_id"]; 
 //update user info 
 var XHRResponse = XHR.send("PUT", "[url=https://api.appery.io/rest/1/db/users/]https://api.appery.io/rest/1/db/users/[/url]" + userId, { 
   "headers": { 
     "X-Appery-Database-Id": dbId, 
     "X-Appery-Master-Key": masterKey, 
     "Content-Type": "application/json" 
   }, 
   "body": { 
     "secrete_code": tempPass 
   } 
 }); 

 //send email if things are fine 
 if (XHRResponse.status == 200) { 
   var XHRResponse = XHR.send("POST", "[url=https://api.sendgrid.com/api/mail.send.json]https://api.sendgrid.com/api/mail.sen...[/url]", { 
     "parameters": { 
       "api_user": "sendgrid username", 
       "api_key": "send grid password", 
       "to": email, 
       "toname": "", 
       "subject": "Password Recovery", 
       "text": "Your temp password is: " + tempPass + ". Copy and this temporary password into the field provided.", 
       "from": "a href="mailto:xxxxxxxx@cevicapps.co.uk" rel="nofollow"xxxxxxxx@cevicapps.co.uk/a" 
     } 
   }); //end of XHRResonse 

   //Other messages you might want to see 
   responseBody.message = "An email with the temporary password has been sent to you. Please follow the instructions to reset your password"; 
 } else { 
   responseBody.message = "Database Error - unkown"; 
 }

} else {
responseBody.message = "User ID not found";
}
response.success(responseBody, "application/json");
} catch (e) {
response.success("message: " + e.message + "\ncode: " + e.code); //If something goes wrong error message will appear
}

Script 2: Change the password in the user collection

var responseBody = {},
//header request parameters
dbId = 'enter database ID ',
masterKey = "xxxxxxxxxxxx-xxxxxxxxx-xxxxxxx (master key)", //end of header parameters
requestParams = {},
paramKeys = request.keys();
for (var key = 0; key < paramKeys.length; key++) {
requestParams[paramKeys[key]] = request.get(paramKeys[key]);
}
// set request parameters
var email_user = requestParams['email'];
var newPass = requestParams['newPass'];
var tempPass = requestParams['tempPass'];

try {

//get the secrete code of the user
var XHRResponse = XHR.send("GET", "https://api.appery.io/rest/1/db/users/", {
"headers": {
"X-Appery-Database-Id": dbId,
"X-Appery-Master-Key": masterKey
},
"parameters": {
"where": encodeURIComponent('{"secrete_code": "' + tempPass + '"}')
}
});

if (XHRResponse.body.length) {

Code: Select all

 var userId = XHRResponse.body[0]["_id"]; 
 var email_DB = XHRResponse.body[0]["email"]; 
 var secrete_code = XHRResponse.body[0]["secrete_code"];

//
//Check if there is user with E-mail == 'email' && secret_code = 'code'
if (email_DB == email_user && secrete_code == tempPass) {
var XHRResponse = XHR.send("PUT", "https://api.appery.io/rest/1/db/users/" + userId, {
"headers": {
"X-Appery-Database-Id": dbId,
"X-Appery-Master-Key": masterKey,
"Content-Type": "application/json"
},
//"Update User collection" code. Set new password.
"body": {
"password": newPass
}
});
}

Code: Select all

 //send email if things are fine 
 if (XHRResponse.status == 200) { 
   var XHRResponse = XHR.send("POST", "[url=https://api.sendgrid.com/api/mail.send.json]https://api.sendgrid.com/api/mail.sen...[/url]", { 
     "parameters": { 
       "api_user": "username", 
       "api_key": "password", 
       "to": email_user, 
       "toname": "", 
       "subject": "Password Recovery Complete", 
       "text": "You have succesfully changed your password", 
       "from": "a href="mailto:xxxxxxxxx@cevicapps.co.uk" rel="nofollow"xxxxxxxxx@cevicapps.co.uk/a" 
     } 
   }); //end of XHRResonse 

   //other messages you might want to see 
   responseBody.message = "Your pasword change was successfull. A confirmation email has been sent to " + email_user; 
 } else { 
   responseBody.message = "Database Error - unkown"; 
 }

} else {
responseBody.message = "User was not found";
}
response.success(responseBody, "application/json");
} catch (e) {
response.success("message: " + e.message + "\ncode: " + e.code); //If something goes wrong error message will appear
}

Illya Stepanov
Posts: 0
Joined: Mon Mar 18, 2013 8:48 am

Forgot Password Service

Thank you for sharing this.

Doug Black
Posts: 0
Joined: Wed Aug 14, 2013 11:36 am

Forgot Password Service

Team, is it secure to put the Master Key in the server code? I love this, but I want to make sure that it is safe for our people to use in the app.

maxkatz
Posts: 0
Joined: Fri Aug 13, 2010 3:24 pm

Forgot Password Service

Yes. Server Code is only accessible by you.

fender
Posts: 0
Joined: Sun Sep 01, 2013 9:03 am

Forgot Password Service

Thanks ;-)

Maryna Brodina
Posts: 0
Joined: Thu Apr 05, 2012 7:27 am

Forgot Password Service

Hi all! Check new tutorial here http://docs.appery.io/tutorials/build...

Doug Black
Posts: 0
Joined: Wed Aug 14, 2013 11:36 am

Forgot Password Service

Awesome!

Yan Yi
Posts: 0
Joined: Sat Jan 25, 2014 7:38 pm

Forgot Password Service

Hello, I am using Mandrill API instead of sendGrid but keep getting "An error occured while sending the email" (error 500 for XHRResponse.status). My userId is same as email. Anyone knows what is the problem? I have followed the API at https://mandrillapp.com/api/docs/mess...

code
var responseBody = {},
requestParams = {},
paramKeys = request&#46;keys();
for (var key = 0; key < paramKeys&#46;length; key++) {
requestParams[paramKeys[key]] = request&#46;get(paramKeys[key]);
}

&#47;&#47; Declare database ID and Master key
var dbId = "****&quot
var masterKey = "****&quot

&#47;&#47; Get username from request parameters
var username = requestParams['username'];
&#47;&#47; Generate a random secret code
var secretCode = Math&#46;random()&#46;toString(36)&#46;slice(-12);
console&#46;log(secretCode);

try { &#47;&#47; Get the user with a given username from the database
var XHRResponse = XHR&#46;send("GET", "https:&#47;&#47;api&#46;appery&#46;io/rest/1/db/users/", {
"headers": {
"X-Appery-Database-Id": dbId,
"X-Appery-Master-Key": masterKey
},
"parameters": {
"where": '{"username":"' + username + '"}'
}
});

&#47;&#47; If the user exists update user's secret code with the generated value
if (XHRResponse&#46;body&#46;length) {
var userId = XHRResponse&#46;body[0]["_id"];

Code: Select all

 var XHRResponse = XHR&#46;send("PUT", "https:&#47;&#47;api&#46;appery&#46;io/rest/1/db/users/" + userId, { 
   "headers": { 
     "X-Appery-Database-Id": dbId, 
     "X-Appery-Master-Key": masterKey, 
     "Content-Type": "application/json" 
   }, 
   "body": { 
     "secret_code": secretCode 
   } 
 }); 

 &#47;&#47; If secret code was successfully updated, send email with the code to user with Mandrill API 
 if (XHRResponse&#46;status == 200 && userId) { 

   var XHRResponse = XHR&#46;send("POST", "https:&#47;&#47;mandrillapp&#46;com/api/1&#46;0/messages/send&#46;json", { 

     "key": "*******", 
     "message": { 
       "subject": "Password Recovery", 
       "text": "Your recovery code is: " + secretCode + "&#46; Copy and this code into the field provided&#46;", 
       "from_email": "support@test&#46;com", 
       "to": [{ 
         "email": userId, 
         "type": "to" 
       }] 
     } 
   }); 

   &#47;&#47; If the email was successfully sent, inform the user about it 
   if (XHRResponse&#46;status == 200) { 
     responseBody&#46;message = "An email with the recovery code has been sent to you&#46; Please follow the instructions to reset your password&quot 
   } else { 
     responseBody&#46;message = "An error occured while sending the email &quot 
   } 
 } else { 
   responseBody&#46;message = "Database error&quot 
 }

} else {
responseBody&#46;message = "User not found&quot
}
response&#46;success(responseBody, "application/json");
} catch (e) {
response&#46;success("message: " + e&#46;message + "\ncode: " + e&#46;code); &#47;&#47;If something goes wrong, error message appears
}

/code

Yan Yi
Posts: 0
Joined: Sat Jan 25, 2014 7:38 pm

Forgot Password Service

have tried this format too but does not work:
code var XHRResponse = XHR&#46;send("POST", "https:&#47;&#47;mandrillapp&#46;com/api/1&#46;0/messages/send&#46;json", {
"parameters": {
"key": "************",
"message": {
"subject": "Password Recovery",
"text": "test",
"from_email": "support@test&#46;com",
"to": [{
"email": userId,
"type": "to"
}]
}
}
});

/code

Post Reply

Return to “Issues”