Hi,
I am using the Abp Web Api in an external app. When authenticating, using the 'Authenticate' request, I recieve the same response regardless as to whether the ShouldChangePasswordOnNextLogin flag is set.
Is there an easy way to determine, at login, whether this flag is set?
Also, could you give me some guidance as to how I would change the user password using the Web api.
Many thanks
14 Answer(s)
-
0
Hi,
Authenticate method should return shouldResetPassword as true.
It should return something like this:
-
0
Hi,
Apologies for my lack of understanding here. I am getting an encrypted result, as below. How would I un-encrypt this to obtain the data above?
{ "result": "ZGczQCd9iH2DTcH8cEBOfwObxcz44YKChhVoSwx6f-JB3HVtbY06MLF6OnKjrpus52e4Sa4JTPnRKzsN3bQ5SfxJt_wBEkvRwiRgokN69qy6G37D2EXBwM9_L2hvDRvJoT_GIzJuGtOPCUrY2MsCenmNsAjcm4xmGzOeXDpUizdffR88lflj-p_MLTAdbtP8oainBtNk_Rma_oJ1vTBDiPvhor_AoxWqx--Is8GkS7E_4SrtdQPrZ5GFJC3CieCKyVGR4O1C0M4FfXYN4kqKhfcM5Q5IMIcIrkZN15_Sccjj7NPbY_rphR0H704Vnht7zsSP1brG3CXi2oP3JfB6SHpzRS2UCkVaiATofwKH8wn9Vm6Eaxfow-MTdKxjVuNChQIdmceYTuvkFlXO-z-3ohwkc286MkOGS6IwkJOyWPoYGRsa-KHHX5JpoBufCxBi4TOc9hA3XdQI4DNMr752XCGGV9oCmBUbBUkEKYDpFphHPDz23Otr1X-dXjDJ7vaHyWl_ixsdcvy6k_Q_xbzNOzj7PRC8JsTiGT_BXdMkZFonld6qy5Mh8jXwu82ZBVY7r3arGMhIZrKgJ26mJdHhPmnd7M-5Efyiyh3uMnLLWdN12g0IxD1wURW1LGOuQlHrwbd3hp4981kb3d_SvWdNbw", "targetUrl": null, "success": true, "error": null, "unAuthorizedRequest": false, "__abp": true } -
0
@philwynn The return content you currently get indicates that your login is successful, and the encrypted JWT token
-
0
Hi, I realise that my login is successful. However, I need to know if the user is required to change his password. How can I un-encrypt the token to get this information?
If this is not possible, how would you recommend I fulifll this requirement?
Many thanks
-
0
see: https://github.com/aspnetzero/aspnet-zero-core/blob/dev/aspnet-core/src/MyCompanyName.AbpZeroTemplate.Web.Core/Controllers/TokenAuthController.cs#L128
-
0
Hi @maliming
Thank you, but I seem to have lost my access to the git hub repository.
-
0
Hi @philwynn
I have added your user back to GitHub agin, so now you have access for two GitHub users (PhilipWynn and PhilipWynn2).
In order to get shouldResetPassword as true, set it to true while creating or editing the user:
-
0
Hi,
Thanks for the info, but I'm afraid you haven't answered my originial question.
When I log into the system using the "Authenticate" request (as detailed in https://docs.aspnetzero.com/documents/aspnet-mvc-jquery/latest/Development-Guide-Mvc-Angularjs#token-based-authentication) I get an encrypted token back. How do I determine from this whether or not the user is required to change his password?
A previous post indicated the information contained within the encrypted token, but how do I access this information?
Regards
-
0
Hi, we have not implemented the
Authenticatemethod to includeshouldResetPasswordin its response for WebApi project.see https://github.com/aspnetzero/aspnet-zero/blob/12aa34c15797a886ee68492b77380ee5e9fbdd8c/src/MyCompanyName.AbpZeroTemplate.WebApi/WebApi/Controllers/AccountController.cs#L38-L53
-
0
Hi,
I realise that this is not currently implemented in the Authenicate method.
I have a situation where I would like to communicate, to the consumer of the Authenticate method, that the password needs resetting.
My question to you is: how do I return the ShouldResetPassword flag to the consumer? If it is to be contained within the encrypted ticket, how can this be viewed?
Many thanks
-
0
You can refer to the aspnet-zero-core version of the code, the principle is the same.
https://github.com/aspnetzero/aspnet-zero-core/blob/dev/aspnet-core/src/MyCompanyName.AbpZeroTemplate.Web.Core/Controllers/TokenAuthController.cs#L127
-
0
Hi,
Apologies, but I will need a little mor guidance. The code written for the Core version of the controller differs too much from the MVC version.
Please could I request some sample code to give me guidance as to how I can modifiy the Authenticate method.
Many thanks
-
0
These codes are generic.
When the token is requested, the system finds that the user needs to change the password before logging in. At this time, the model returned to the front end has a flag (shouldResetPassword), which means that the user needs to change the password, and then you can guide the user to reset the password.
-
0
Thank you for the prompt response. I will give this some more thought.
