Solved: Forgot password link Token validation

uldis · ‎07-24-2018

Hi experts,

is there a way to validate the token in for the password reset. Right now i am just using the

customerFacade.updatePassword(form.getToken(), form.getPwd());

and use a catch to get the TokenInvalidatedException
is there a better way to do this?

Thanks,
Uldis

former_member1014349 · ‎07-24-2018

Hi Uldis,

Yes you can use the SecureTokenService to validate the password reset token. Here is how to do it:

 final SecureToken data = getSecureTokenService().decryptData(token);

This will get give you the token data that contains the timestamp of the token. This can be used to validate if the token is expired or not. Here is an excerpt from the account service:

 final SecureToken data = getSecureTokenService().decryptData(token);
         if (getTokenValiditySeconds() > 0L)
         {
             final long delta = new Date().getTime() - data.getTimeStamp();
             if (delta / 1000 > getTokenValiditySeconds())
             {
                 throw new IllegalArgumentException("token expired");
             }
         }

Once you validate the token, just find the customer based on the token by using:

 final CustomerModel customer = getUserService().getUserForUID(data.getData(), CustomerModel.class);

That's it. Hope this helps.

Forgot password link Token validation

Accepted Solutions (1)

Accepted Solutions (1)

Answers (0)

Overriding zip file patter in Cloud Hotfolder

Re: Kyma Subscription Eventing issue for Cx Enhanc...

Re: Kyma Subscription Eventing issue for Cx Enhanc...

SAP Hybris Marketing: Customer Data Upload

How to integrate sap build work zone for knowledge...