Resets or updates passwords in the database. This command can be used by:
- Registered users and administrators, to update their own passwords.
- Registered users who wish to log on but have forgotten their password. They use this command to reset their password without logging in. Subsequently, a randomly generated password is e-mailed to the guest user.
Use this command with SSL (Secure Sockets Layer) to ensure that a user's logon password and personal information are encrypted. To do so, type the command with the HTTPS secure protocol.
Command structure
- http://host_name/path/
- The fully qualified name of your WebSphere Commerce Server and the configuration path
Parameter values
- langId
- Sets or resets the preferred language for the duration of the session; the supported languages for a store are found in the STORELANG table
- URL
- The URL to be called when the command completes successfully
- storeId
- The reference number of a store
- reLogonURL
- The URL to which the ResetPassword command is redirected in the case of an error condition
- logonId
- The logon ID of the user whose password is to be reset
- challengeAnswer
- Answer to the challenge question; used to confirm the identity of the user
- logonPassword
- The new password of the user
- logonPasswordOld
- The current password of the user
- logonPasswordVerify
- The verified password of the user, which must be identical to logonPassword
Example 1
This example resets a password by providing the logonId and the challenge answer for registered users who may have forgotten their password. Note that as they have forgotten their password, they need to run as guest:
https://myhostname/webapp/wcs/stores/servlet/ResetPassword?URL=basemall.jsp &logonId=a&challengeAnswer=a
If the user is a guest, the command verifies that the supplied answer to the challenge question matches the one in the database. If the match is successful, it generates an arbitrary password, updates the database, and e-mails the password to the user (identified by the value of the logonId parameter).
Example 2
This example resets a password by specifying the old and new passwords for registered users who wish to update their passwords:
https://myhostname/webapp/wcs/stores/servlet/ResetPassword?URL=basemall.jsp &logonPasswordOld=a&logonPassword=b&logonPasswordVerify=b
If the user is a registered customer, or administrator, it verifies that the old password is correct and that the new password matches the verified password. It also verifies that the password complies with requirements defined by this user's password policy. If all conditions are satisfied, it updates the database with the new password.
Behavior
- This command calls the following task commands:
- GeneratePasswordCmd
- VerifyCredentialsCmd which calls one of the following, depending on the authentication setting:
- UpdateCredentialsCmd
- SendPasswordNotificationCmd
- ResetPasswordGuestCmd
- ResetPasswordRegisterCmd
- AuthenticationPolicyCmd
- The command checks the required parameters. If the parameters are missing or invalid, it sets one of the error tasks with the appropriate error codes.
- If the registered user is running as a guest user, it verifies that the supplied answer to the challenge question matches the one in the database. If the match is successful, it generates an arbitrary password, updates the database, and e-mails the password to the customer (identified by the value of the logonId parameter).
- If the user is a registered customer or administrator and is currently logged on, it verifies that the old password is correct and the new password matches the verified password. It also verifies that the password complies with requirements defined by this user's password policy. If all conditions are satisfied, it updates the database with the new password.
- When the command successfully completes, it calls the specified URL.
- Users who have been given a generated password by the Reset Password command will need to change their password after the first usage.
- The password reset command creates a temporary password which has to be changed at the first logon. This only applies if users are authenticated against the WebSphere Commerce database.
Exception conditions
On an error condition, if you specify an error URL in the reLogonURL parameter, the ResetPassword command gets redirected to that URL and an error code is placed on the request. Otherwise, if you do not use the reLogonURL parameter, the command will throw an ECApplicationException and redirect to a error view depending on user identity. You can obtain the error code by using the class ErrorDataBean.
If a required parameter is missing or incorrect, the ResetPassword command sets one of the following error codes, depending on the identity of the requestor. These error codes get added to the specified error URL if you use the reLogonURL parameter:
Error view based on identity:
- Registered user
- ResetPasswordRegisterErrorView
- Guest user
- ResetPasswordGuestErrorView
Error conditions and associated error codes:
Command requestor |
Error condition and associated error code |
---|---|
Guest or a logged in user. |
Note: In this case, the command will redirect to the ResetPasswordView error view. |
Guest |
|
Logged in user |
|
The error handler is ECConstants.EC_ERROR_CODE.