• Welcome to KonaKart Community Forum. Please login or sign up.
 

Password Forgot via SOAP implementation

Started by michaelwechner, August 18, 2010, 04:25:29 pm

Previous topic - Next topic
Print
Go Down Pages1
User actions

michaelwechner

August 18, 2010, 04:25:29 pm
Hi

It seems to me there are two possibilities to change a password:

Either 1)

void changePassword(
    String sessionId,
    String currentPassword,
    String newPassword)

or 2)

sendNewPassword(
    String emailAddr,
    String subject,
    String countryCode)

The problem with 1) is that one has to know the current plain text password, hence cannot be used for "password forgot"
and 2) has the problem that KonaKart is creating/sending a new password directly to the user, whereas we would
like to send only a link with a hashed URL (contained within the email) to the user, which then the user has to click on
and can create his/her new password by her/himself, but this would requires an API method like

void changePassword(
    String sessionId,
    String newPassword)

or is there any other possibility?

Thanks

Michael

michaelwechner

August 19, 2010, 08:21:58 am #1
 ... of course the  SOAP API should be protected, such that only the Content Management System or whatever third-party application is able to use this SOAP API. Is this possible somehow, e.g. IP based?

As an alternative solution one could generate a hash together with the new password which Konakart sends and then use again

void changePassword(
    String sessionId,
    String currentPassword,
    String newPassword)

Thanks

Michael
User actions
Print
Go Up Pages1