User password self-service

mortoza_khan · November 26, 2023, 12:04am

Hi
I need to give users the option to manage their passwords in my application. Needless to say, this is a very standard requirement of any business application. I have tried to find relevant documentation, cookbook etc. but didn’t find anything that helps except one post that is based on an older version that doesn’t work in Jmix 2.1x

How can I bring the options that the user admin has to :

Change existing password
Reset password
Delegate to substitute user

Want to add an option for “forgot password” by which want to send a link to the user’s registered email address and the user will be able to create a new password.
Want to include 2-factor authentication.

It will be good to include this in the documentation or cookbook!

krivopustov · December 1, 2023, 6:09am

Below is an example of opening the standard password changing view:

import com.vaadin.flow.component.ClickEvent;
import com.vaadin.flow.component.button.Button;
import com.vaadin.flow.router.Route;
import io.jmix.core.security.CurrentAuthentication;
import io.jmix.flowui.DialogWindows;
import io.jmix.flowui.view.*;
import io.jmix.securityflowui.view.changepassword.ChangePasswordView;
import org.springframework.beans.factory.annotation.Autowired;

//...
public class PreferencesView extends StandardView {

  @Autowired
  private DialogWindows dialogWindows;
  @Autowired
  private CurrentAuthentication currentAuthentication;
  
  @Subscribe("changePasswordBtn")
  public void onChangePasswordBtnClick(ClickEvent<Button> event) {
      DialogWindow<ChangePasswordView> dialog = dialogWindows.view(this, ChangePasswordView.class)
              .build();
      ChangePasswordView view = dialog.getView();
      view.setUsername(currentAuthentication.getUser().getUsername());
      view.setCurrentPasswordRequired(true);
      dialog.open();
  }
}

As for the other tasks - we’ll consider explaining them in the docs or in samples. Thanks for the idea.

chrisbeaham · December 1, 2023, 7:17am

@mortoza_khan @krivopustov

Hello Mortoza, Hello Konstantin

In this attached Jmix example
jmix-quickstart-security-advanced-complete.zip (172.1 KB)
that I found somewhere in December 2022, there is a ForgotUsernamePassword screen class implemented. I used this example and separated it into a ForgotUsername and a ForgotPassword class to be more flexible.

There is also ResetPasswordScreen class and a RegistrationService class for user self-registration in the example.

I found this example very helpful; maybe it can be updated and published for everyone with the other samples. I have already uploaded it to several other posts.

I hope that this helps.

Best regards
Chris

mortoza_khan · December 25, 2023, 2:03am

Thank you Konstantin. Looking forward to the samples / Doc updates for additional guidance.

Eichers · January 25, 2024, 3:58pm

Hi,
referring to the issues of the initial post here,
has anybody used the Google Authenticator already for 2-factor auth?