Password Recovery
NOTE: Instructions on this page assume that you are using default authentication provider. If you are using custom authentication provider, double check its documentation to see if password recovery is supported and what bit of information is considered to be user's username.
To initiate password recovery, send POST request to /password-recovery/send-code command with valid email address:
Response: HTTP 200, application/json (Hide)
POST /password-recovery/send-code
Payload:
1 2 3
{
"username": "member@activecollab.com"
}Response:
1 2 3
{
"code_sent_to": "member@activecollab.com"
}This works for user's alaternative addresses as well. Note that in that case, password recovery instructions are sent to user's primary email address:
Response: HTTP 200, application/json (Hide)
POST /password-recovery/send-code
Payload:
1 2 3
{
"username": "additional-address-for-member@activecollab.com"
}Response:
1 2 3
{
"code_sent_to": "member@activecollab.com"
}User received an email with a code. Lets reset the password:
Response: HTTP 500, application/json (Hide)
POST /password-recovery/reset-password
Payload:
1 2 3 4 5
{
"user_id": 2,
"code": "076f91da733a828adbc2",
"password": "1234"
}Response:
1 2 3 4 5 6 7 8
{
"type": "Angie\\Authentication\\Error\\ResetPassword",
"message": "Invalid reset code",
"file": "\/var\/www\/angie.back\/frameworks\/authentication\/models\/users\/FwUsers.class.php",
"line": 1301,
"trace": "#0 \/var\/www\/angie.back\/frameworks\/authentication\/controllers\/FwPasswordRecoveryController.class.php(52): FwUsers::finishPasswordRecovery(2, '076f91da733a828...', '1234')\n#1 \/var\/www\/angie.back\/src\/Angie\/Controller.php(42): FwPasswordRecoveryController->reset_password(Object(Owner))\n#2 \/var\/www\/angie.back\/classes\/application\/AngieApplicationAdapter.class.php(243): Angie\\Controller->executeAction('reset_password')\n#3 \/var\/www\/angie.back\/classes\/application\/AngieApplication.class.php(839): AngieApplicationAdapter->handleHttpRequest('password-recove...', '')\n#4 \/var\/www\/activecollab.back\/instance\/public\/api.php(19): AngieApplication::handleHttpRequest()\n#5 {main}",
"previous": null
}We'll recevie an error if we try to reset password for an invalid user:
Response: HTTP 500, application/json (Hide)
POST /password-recovery/reset-password
Payload:
1 2 3 4 5
{
"user_id": 15,
"code": "076f91da733a828adbc2",
"password": "1234"
}Response:
1 2 3 4 5 6 7 8
{
"type": "Angie\\Authentication\\Error\\ResetPassword",
"message": "Account not active",
"file": "\/var\/www\/angie.back\/frameworks\/authentication\/models\/users\/FwUsers.class.php",
"line": 1304,
"trace": "#0 \/var\/www\/angie.back\/frameworks\/authentication\/controllers\/FwPasswordRecoveryController.class.php(52): FwUsers::finishPasswordRecovery(15, '076f91da733a828...', '1234')\n#1 \/var\/www\/angie.back\/src\/Angie\/Controller.php(42): FwPasswordRecoveryController->reset_password(Object(Owner))\n#2 \/var\/www\/angie.back\/classes\/application\/AngieApplicationAdapter.class.php(243): Angie\\Controller->executeAction('reset_password')\n#3 \/var\/www\/angie.back\/classes\/application\/AngieApplication.class.php(839): AngieApplicationAdapter->handleHttpRequest('password-recove...', '')\n#4 \/var\/www\/activecollab.back\/instance\/public\/api.php(19): AngieApplication::handleHttpRequest()\n#5 {main}",
"previous": null
}or with an invalid code:
Response: HTTP 500, application/json (Hide)
POST /password-recovery/reset-password
Payload:
1 2 3 4 5
{
"user_id": 2,
"code": "XYZ",
"password": "1234"
}Response:
1 2 3 4 5 6 7 8
{
"type": "Angie\\Authentication\\Error\\ResetPassword",
"message": "Invalid reset code",
"file": "\/var\/www\/angie.back\/frameworks\/authentication\/models\/users\/FwUsers.class.php",
"line": 1301,
"trace": "#0 \/var\/www\/angie.back\/frameworks\/authentication\/controllers\/FwPasswordRecoveryController.class.php(52): FwUsers::finishPasswordRecovery(2, 'XYZ', '1234')\n#1 \/var\/www\/angie.back\/src\/Angie\/Controller.php(42): FwPasswordRecoveryController->reset_password(Object(Owner))\n#2 \/var\/www\/angie.back\/classes\/application\/AngieApplicationAdapter.class.php(243): Angie\\Controller->executeAction('reset_password')\n#3 \/var\/www\/angie.back\/classes\/application\/AngieApplication.class.php(839): AngieApplicationAdapter->handleHttpRequest('password-recove...', '')\n#4 \/var\/www\/activecollab.back\/instance\/public\/api.php(19): AngieApplication::handleHttpRequest()\n#5 {main}",
"previous": null
}NOTE: Reset password error is also thrown if you try to set a password that does not metch system's password requirements. Please check "Password Policy" test for details.
When this tool is triggered for invalid email address (address that is not in the system, or address for an account that has been archived or trashed), system will return Bad Request response:
Response: HTTP 200, application/json (Hide)
PUT /move-to-archive/user/2
Response:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33
{
"single": {
"id": 2,
"class": "Member",
"url_path": "\/users\/2",
"is_archived": true,
"is_trashed": false,
"trashed_on": null,
"trashed_by_id": 0,
"created_on": 1430164649,
"created_by_id": 1,
"updated_on": 1430164650,
"updated_by_id": 1,
"language_id": 0,
"first_name": "Peter",
"last_name": "Smith",
"display_name": "Peter Smith",
"short_display_name": "Peter S.",
"email": "member@activecollab.com",
"additional_email_addresses": [
"additional-address-for-member@activecollab.com"
],
"is_pending_activation": false,
"avatar_url": "http:\/\/feather.dev\/proxy.php?proxy=avatar&module=system&v=current&b=DEV&user_id=2&size=--SIZE--×tamp=1430164650",
"custom_permissions": [],
"company_id": 1,
"title": null,
"phone": null,
"im_type": null,
"im_handle": null,
"note": null
}
}Response: HTTP 400, text/html
POST /password-recovery/send-code
Payload:
1 2 3
{
"username": "member@activecollab.com"
}Response: HTTP 400, text/html
POST /password-recovery/send-code
Payload:
1 2 3
{
"username": "unknown-member@activecollab.com"
}
