Change user pass word Process
Hello,
I created a process that allows users to change their PW. Actualy i am seeking the groovy code that can check, before starting my process and let the user change his pass word, if user will introduce the same PW as the one in the Bonita database.
So what is the code that can compare the old pass word with the one introduced by the user to allow him to change it ?
Thanks
1 answer
Well, you don't have to be expert for that.
Create a Web Service with JAVA or C# (as you want).
Add REST library (RestSharp for C#, JaxRS for JAVA) as reference.
I did it using C# so i'll give you an example in C#. This is the web method to verify an user credentials :
public class MyWebservice: System.Web.Services.WebService
{
public MyHeaderWebService SecuredHeader { get; set; }
[SoapHeader("SecuredHeader")]
[WebMethod]
public bool VerifyUser()
{
RestSharp.RestClient client = new RestSharp.RestClient("http://[Server]:[Port]/bonita");
IRestRequest req = null;
IRestResponse response = null;
req = new RestRequest("loginservice", Method.POST);
req.AddParameter("username",SecuredHeader.Username);
req.AddParameter("password", SecuredHeader.Password);
req.AddParameter("redirect", "false");
response = client.Execute(req);
//Look at the response and return true or false
....
}
}
{
public MyHeaderWebService SecuredHeader { get; set; }
[SoapHeader("SecuredHeader")]
[WebMethod]
public bool VerifyUser()
{
RestSharp.RestClient client = new RestSharp.RestClient("http://[Server]:[Port]/bonita");
IRestRequest req = null;
IRestResponse response = null;
req = new RestRequest("loginservice", Method.POST);
req.AddParameter("username",SecuredHeader.Username);
req.AddParameter("password", SecuredHeader.Password);
req.AddParameter("redirect", "false");
response = client.Execute(req);
//Look at the response and return true or false
....
}
}
MyHeaderWebService is a class which inherits to SoapHeader. It contains the parameters of the soapHeader :
public class MyHeaderWebService : SoapHeader
{
public string Username{ get; set; }
public string Password{ get; set; }
}
{
public string Username{ get; set; }
public string Password{ get; set; }
}
Comments
I search in the javadoc but it doesn't seem to have a function to read the password of a user. I don't know if it is possible to check a user's password in version 6.3.X.
Actualy i found this :
But as you said it returns "Null" every time !!! i am using the 6.2.6 community version ?
It's strange, because if it doesn't works why they suggess it , i read somewhere that it is a deprecated method too but it means that is not adviced to use it, not that we couldn't use it !!!!
It is said that the method is deprecated : http://documentation.bonitasoft.com/javadoc/api/6.3/org/bonitasoft/engin...
As you say, I don't know why they don't delete this if the method doesn't work.
Dont you think that there is an other way to get the user PW, perhaps with an other method ?
We could change the pass word with groovy, so why not get it !!!
Try to autenticate (login) the user. Login=same pass, don't login= wrong pass
I didn't get what do you mean ! What i want is to put in my form (wich includes two widgets at this moment : New Pass Word and Confirmation of New Pass Word, i can change the user Pass Word so my process works), an other widget : Introduce your old Pass Word ( as we do generaly), and if i could do this i have to compare the pass word introduced by the user with the old pass word in Bonita DB before let him change his PW.
So my problem is : How to get the old pass word to compare ?
If you could get the password through groovy script, this would be a security problem, you could have the password of everyone. Of course you can change it, but do you know one admin that can get password of users ? On any application ?
To secure my Web Services, i'm trying to connect to Bonita with Rest API. You could do a simple Web service with the webmethod : public bool VerifyCredentials(); and call this webmethod with a SOAP Connector. You just have to pass credentials into the SOAP Header.
RestAPI documentation : http://documentation.bonitasoft.com/product-bos-sp/web-rest-api-1
Hope this will help :)
Hello, Yes of corse the admin can get the pass word, but coded, that's what we do for exemple in Java application when we want change user pass word , we get the PW coded from DB and compare with the one introduced by the user (after coding it), so the admin will never know what is the real Pass word of the user he knows only the PW coded. I taught that Bonita works like this but apparently it's not the cas . May you give more details or example for your methode i am not a web services expert !
Thank you.