ResetPassword command

Resets or updates passwords in the database. This command can be used by:

Use this command with SSL (Secure Sockets Layer) to ensure that a user's logon password and personal information are encrypted. To do so, type the command with the HTTPS secure protocol.

Command structure

http://host_name/path/
The fully qualified name of your WebSphere Commerce Server and the configuration path

Diagram of the command structure: the command starts with the fully qualified name of your WebSphere Commerce Server and the configuration path, followed by the command name, ResetPassword  and the ? character. End the command with a list of parameters in the form of name value pairs. Separate each name value pair with the & character. For a detailed description of the parameters and their values, refer to the list entitled Parameter values.

Parameter values

langId
Sets or resets the preferred language for the duration of the session; the supported languages for a store are found in the STORELANG table
URL
The URL to be called when the command completes successfully
storeId       
The reference number of a store
reLogonURL
The URL to which the ResetPassword command is redirected in the case of an error condition
logonId
The logon ID of the user whose password is to be reset
challengeAnswer
Answer to the challenge question; used to confirm the identity of the user
logonPassword
The new password of the user
logonPasswordOld
The current password of the user
logonPasswordVerify
The verified password of the user, which must be identical to logonPassword

Example 1

This example resets a password by providing the logonId and the challenge answer for registered users who may have forgotten their password. Note that as they have forgotten their password, they need to run as guest:

    https://myhostname/webapp/wcs/stores/servlet/ResetPassword?URL=basemall.jsp
    &logonId=a&challengeAnswer=a

If the user is a guest, the command verifies that the supplied answer to the challenge question matches the one in the database. If the match is successful, it generates an arbitrary password, updates the database, and e-mails the password to the user (identified by the value of the logonId parameter).

Example 2

This example resets a password by specifying the old and new passwords for registered users who wish to update their passwords:

    https://myhostname/webapp/wcs/stores/servlet/ResetPassword?URL=basemall.jsp
    &logonPasswordOld=a&logonPassword=b&logonPasswordVerify=b

If the user is a registered customer, or administrator, it verifies that the old password is correct and that the new password matches the verified password. It also verifies that the password complies with requirements defined by this user's password policy. If all conditions are satisfied, it updates the database with the new password.

Behavior

Exception conditions

On an error condition, if you specify an error URL in the reLogonURL parameter, the ResetPassword command gets redirected to that URL and an error code is placed on the request. Otherwise, if you do not use the reLogonURL parameter, the command will throw an  ECApplicationException and redirect to a error view depending on user identity. You can obtain the error code by using the class ErrorDataBean.

If a required parameter is missing or incorrect, the ResetPassword command sets one of  the following error codes, depending on the identity of the requestor.  These error codes get added to the specified error URL if you use the reLogonURL parameter:

Error view based on identity:

Registered user
ResetPasswordRegisterErrorView
Guest user
ResetPasswordGuestErrorView

Error conditions and associated error codes:

Command requestor

Error condition and associated error code

Guest or a logged in user.
Missing URL parameter.
ECSecurityConstants.ERR_MISSING_REDIRECTURL

Note: In this case, the command will redirect to the ResetPasswordView error view.

Guest 
The logonId is missing.
ECSecurityConstants.ERR_MISSING_LOGONID
The logonId does not belong to a valid registered user.
ECSecurityConstants.ERR_INVALID_LOGONID
The challenge answer was not supplied.
ECSecurityConstants.ERR_MISSING_CHALLENGEANSWER
The challenge answer supplied is incorrect.
ECSecurityConstants.ERR_INVALID_CHALLENGEANSWER
The e-mail address for the supplied logonId is missing.
ECSecurityConstants.ERR_MISSING_EMAIL
The user account is disabled.
ECSecurityConstants.ERR_DISABLED_ACCOUNT
Logged in user
The logonPasswordOld parameter is missing.
ECSecurityConstants.ERR_MISSING_OLDPASSWORD
The parameter logonPassword is missing.
ECSecurityConstants.ERR_MISSING_NEWPASSWORD
The parameter logonPasswordVerify is missing.
ECSecurityConstants.ERR_MISSING_NEWPASSWORDVERIFY
The parameter logonPassword and logonPasswordVerify do not match.
ECSecurityConstants.ERR_MISMATCH_PASSWORDS
The logged in user supplied an incorrect old password.
ECSecurityConstants.ERR_INVALID_OLDPASSWORD
The password length is too short.
ECSecurityConstants.ERR_MINIMUMLENGTH_PASSWORD
The number of allowed consecutive characters of this type is greater than the allowed maximum.
ECSecurityConstants.ERR_MAXCONSECUTIVECHAR_PASSWORD
The number of allowed instances of characters of this type is greater than the allowed maximum.
ECSecurityConstants.ERR_MAXINTANCECHAR_PASSWORD
The password does not contain the required minimum number of letters.
ECSecurityConstants.ERR_MINIMUMLETTERS_PASSWORD
The password does not contain the required minimum number of digits.
ECSecurityConstants.ERR_MINIMUMDIGITS_PASSWORD
The password cannot match the userid.
ECSecurityConstants.ERR_USERIDMATCH_PASSWORD
The password cannot be the same as the previous password.
ECSecurityConstants.ERR_REUSEOLD_PASSWORD
The user account is disabled.
ECSecurityConstants.ERR_DISABLED_ACCOUNT

The error handler is ECConstants.EC_ERROR_CODE.