Hey guys quick question here, as a user without an admin profile is there a way to change your password?
Hi,
Natively in Bonita BPM Portal it is not possible but I can suggest two options:
- You can create a new process definition with new password as contract input and use a Groovy script connector on process instance start to call Bonita Engine API to update the password (see updateUser)
- Second option would be to build a REST API extension, use the same API method as the previous solution and call the REST API extension from your application page.
Thnx for answering just another little question, for security purpose I would like to make the person write their old password before they can change their password so I was thinking to create a custome API that connect to the user database of bonita and compare the introduced password with the one stored in the database but I understand that for security reason bonita store their password with a hash so I was wondering what kind of hash does it use?
Default hash is MD5 (see MD5CredentialsEncrypter.java).
Also you might try to use LoginAPI to perform the verification (not sure how it behave if user is already logged in).
Awesome thnx a lot Antoine!