Forum | Appery.io

Catch up wih the Appery.io community on our forum. Here you'll find information on the lastest questions and issues Appery.io developers are discussing.
https://forum.appery.io/

Forgot Password Service

https://forum.appery.io/viewtopic.php?t=15810

Page 5 of 6

Forgot Password Service

Posted: Fri Dec 06, 2013 6:57 pm
by fender

Yes, working fine so far, no issues that I know of. It uses username as the input. cheers

Forgot Password Service

Posted: Sun Dec 08, 2013 5:34 am
by cvc

It took me quite some time to tie the various pieces of the discussions about this topic so I thought I might share my solution following Katya's and fender's suggestions to help anyone who might want to quickly copy and paste and go..

Script 1 To send email with temporary password:
var responseBody = {},
//header request parameters
dbId = 'paste database ID',
masterKey = "Database master Key",//end of header parameters
requestParams = {},
paramKeys = request.keys();
for (var key = 0; key < paramKeys.length; key++) {
requestParams[paramKeys[key]] = request.get(paramKeys[key]);
}

// declare request parameters
var email = requestParams['email'];
var tempPass = Math.random().toString(36).slice(-12);

try {
//find the user
var XHRResponse = XHR.send("GET", "https://api.appery.io/rest/1/db/users/", {
"headers": {
"X-Appery-Database-Id": dbId,
"X-Appery-Master-Key": masterKey
},
"parameters": {
"where": encodeURIComponent('{"email": "' + email + '"}')
}
});

//
//hUpdate User collection for user with E - mail == 'email' (set secret_code = 'temtempPass')
if (XHRResponse.body.length) {

Code: Select all

 var userId = XHRResponse.body[0]["_id"]; 
 //update user info 
 var XHRResponse = XHR.send("PUT", "[url=https://api.appery.io/rest/1/db/users/]https://api.appery.io/rest/1/db/users/[/url]" + userId, { 
   "headers": { 
     "X-Appery-Database-Id": dbId, 
     "X-Appery-Master-Key": masterKey, 
     "Content-Type": "application/json" 
   }, 
   "body": { 
     "secrete_code": tempPass 
   } 
 }); 

 //send email if things are fine 
 if (XHRResponse.status == 200) { 
   var XHRResponse = XHR.send("POST", "[url=https://api.sendgrid.com/api/mail.send.json]https://api.sendgrid.com/api/mail.sen...[/url]", { 
     "parameters": { 
       "api_user": "sendgrid username", 
       "api_key": "send grid password", 
       "to": email, 
       "toname": "", 
       "subject": "Password Recovery", 
       "text": "Your temp password is: " + tempPass + ". Copy and this temporary password into the field provided.", 
       "from": "a href="mailto:xxxxxxxx@cevicapps.co.uk" rel="nofollow"xxxxxxxx@cevicapps.co.uk/a" 
     } 
   }); //end of XHRResonse 

   //Other messages you might want to see 
   responseBody.message = "An email with the temporary password has been sent to you. Please follow the instructions to reset your password"; 
 } else { 
   responseBody.message = "Database Error - unkown"; 
 }

} else {
responseBody.message = "User ID not found";
}
response.success(responseBody, "application/json");
} catch (e) {
response.success("message: " + e.message + "\ncode: " + e.code); //If something goes wrong error message will appear
}

Script 2: Change the password in the user collection

var responseBody = {},
//header request parameters
dbId = 'enter database ID ',
masterKey = "xxxxxxxxxxxx-xxxxxxxxx-xxxxxxx (master key)", //end of header parameters
requestParams = {},
paramKeys = request.keys();
for (var key = 0; key < paramKeys.length; key++) {
requestParams[paramKeys[key]] = request.get(paramKeys[key]);
}
// set request parameters
var email_user = requestParams['email'];
var newPass = requestParams['newPass'];
var tempPass = requestParams['tempPass'];

try {

//get the secrete code of the user
var XHRResponse = XHR.send("GET", "https://api.appery.io/rest/1/db/users/", {
"headers": {
"X-Appery-Database-Id": dbId,
"X-Appery-Master-Key": masterKey
},
"parameters": {
"where": encodeURIComponent('{"secrete_code": "' + tempPass + '"}')
}
});

if (XHRResponse.body.length) {

Code: Select all

 var userId = XHRResponse.body[0]["_id"]; 
 var email_DB = XHRResponse.body[0]["email"]; 
 var secrete_code = XHRResponse.body[0]["secrete_code"];

//
//Check if there is user with E-mail == 'email' && secret_code = 'code'
if (email_DB == email_user && secrete_code == tempPass) {
var XHRResponse = XHR.send("PUT", "https://api.appery.io/rest/1/db/users/" + userId, {
"headers": {
"X-Appery-Database-Id": dbId,
"X-Appery-Master-Key": masterKey,
"Content-Type": "application/json"
},
//"Update User collection" code. Set new password.
"body": {
"password": newPass
}
});
}

Code: Select all

 //send email if things are fine 
 if (XHRResponse.status == 200) { 
   var XHRResponse = XHR.send("POST", "[url=https://api.sendgrid.com/api/mail.send.json]https://api.sendgrid.com/api/mail.sen...[/url]", { 
     "parameters": { 
       "api_user": "username", 
       "api_key": "password", 
       "to": email_user, 
       "toname": "", 
       "subject": "Password Recovery Complete", 
       "text": "You have succesfully changed your password", 
       "from": "a href="mailto:xxxxxxxxx@cevicapps.co.uk" rel="nofollow"xxxxxxxxx@cevicapps.co.uk/a" 
     } 
   }); //end of XHRResonse 

   //other messages you might want to see 
   responseBody.message = "Your pasword change was successfull. A confirmation email has been sent to " + email_user; 
 } else { 
   responseBody.message = "Database Error - unkown"; 
 }

} else {
responseBody.message = "User was not found";
}
response.success(responseBody, "application/json");
} catch (e) {
response.success("message: " + e.message + "\ncode: " + e.code); //If something goes wrong error message will appear
}

Forgot Password Service

Posted: Sun Dec 08, 2013 7:05 am
by Illya Stepanov

Thank you for sharing this.

Forgot Password Service

Posted: Sun Dec 08, 2013 1:02 pm
by Doug Black

Team, is it secure to put the Master Key in the server code? I love this, but I want to make sure that it is safe for our people to use in the app.

Forgot Password Service

Posted: Sun Dec 08, 2013 5:14 pm
by maxkatz

Yes. Server Code is only accessible by you.

Forgot Password Service

Posted: Tue Dec 10, 2013 7:33 pm
by fender

Thanks ;-)

Forgot Password Service

Posted: Tue Dec 17, 2013 8:42 am
by Maryna Brodina

Hi all! Check new tutorial here http://docs.appery.io/tutorials/build...

Forgot Password Service

Posted: Tue Dec 17, 2013 2:14 pm
by Doug Black

Awesome!

Forgot Password Service

Posted: Thu Mar 06, 2014 1:19 am
by Yan Yi

Hello, I am using Mandrill API instead of sendGrid but keep getting "An error occured while sending the email" (error 500 for XHRResponse.status). My userId is same as email. Anyone knows what is the problem? I have followed the API at https://mandrillapp.com/api/docs/mess...

code
var responseBody = {},
requestParams = {},
paramKeys = request&#46;keys();
for (var key = 0; key < paramKeys&#46;length; key++) {
requestParams[paramKeys[key]] = request&#46;get(paramKeys[key]);
}

&#47;&#47; Declare database ID and Master key
var dbId = "****&quot
var masterKey = "****&quot

&#47;&#47; Get username from request parameters
var username = requestParams['username'];
&#47;&#47; Generate a random secret code
var secretCode = Math&#46;random()&#46;toString(36)&#46;slice(-12);
console&#46;log(secretCode);

try { &#47;&#47; Get the user with a given username from the database
var XHRResponse = XHR&#46;send("GET", "https:&#47;&#47;api&#46;appery&#46;io/rest/1/db/users/", {
"headers": {
"X-Appery-Database-Id": dbId,
"X-Appery-Master-Key": masterKey
},
"parameters": {
"where": '{"username":"' + username + '"}'
}
});

&#47;&#47; If the user exists update user's secret code with the generated value
if (XHRResponse&#46;body&#46;length) {
var userId = XHRResponse&#46;body[0]["_id"];

Code: Select all

 var XHRResponse = XHR&#46;send("PUT", "https:&#47;&#47;api&#46;appery&#46;io/rest/1/db/users/" + userId, { 
   "headers": { 
     "X-Appery-Database-Id": dbId, 
     "X-Appery-Master-Key": masterKey, 
     "Content-Type": "application/json" 
   }, 
   "body": { 
     "secret_code": secretCode 
   } 
 }); 

 &#47;&#47; If secret code was successfully updated, send email with the code to user with Mandrill API 
 if (XHRResponse&#46;status == 200 && userId) { 

   var XHRResponse = XHR&#46;send("POST", "https:&#47;&#47;mandrillapp&#46;com/api/1&#46;0/messages/send&#46;json", { 

     "key": "*******", 
     "message": { 
       "subject": "Password Recovery", 
       "text": "Your recovery code is: " + secretCode + "&#46; Copy and this code into the field provided&#46;", 
       "from_email": "support@test&#46;com", 
       "to": [{ 
         "email": userId, 
         "type": "to" 
       }] 
     } 
   }); 

   &#47;&#47; If the email was successfully sent, inform the user about it 
   if (XHRResponse&#46;status == 200) { 
     responseBody&#46;message = "An email with the recovery code has been sent to you&#46; Please follow the instructions to reset your password&quot 
   } else { 
     responseBody&#46;message = "An error occured while sending the email &quot 
   } 
 } else { 
   responseBody&#46;message = "Database error&quot 
 }

} else {
responseBody&#46;message = "User not found&quot
}
response&#46;success(responseBody, "application/json");
} catch (e) {
response&#46;success("message: " + e&#46;message + "\ncode: " + e&#46;code); &#47;&#47;If something goes wrong, error message appears
}

/code

Forgot Password Service

Posted: Thu Mar 06, 2014 1:26 am
by Yan Yi

have tried this format too but does not work:
code var XHRResponse = XHR&#46;send("POST", "https:&#47;&#47;mandrillapp&#46;com/api/1&#46;0/messages/send&#46;json", {
"parameters": {
"key": "************",
"message": {
"subject": "Password Recovery",
"text": "test",
"from_email": "support@test&#46;com",
"to": [{
"email": userId,
"type": "to"
}]
}
}
});

/code

All times are UTC
Page 5 of 6

Powered by phpBB® Forum Software © phpBB Limited