How to change password ?

[Incremental92]

Dobry den Ricardo, I'm using October and a frontend app on Vue.js (Quasar framework). I'm wondering if the way to modify a password for a registered user in my app is to do it through the reset password process (with email key), or if it's possible directly when the user is registered, in a profile vue and how ? Thanks for your help.

[rluders]

Ahoj, @Incremental92.

So, the plugin doesn't cover these kind of behaviour, 'cause it is not connected to the authentication process. Anyway, it seems that, what you are trying to do is to create a way to update user's account information from a logged section of your application. Is that correct?

Assuming that is what you are trying to achieve, the best way to do it, would be to create a plugin that handles this behaviour throw a route that you will need to create.

Anyway, if you are interested in submit a PR to add this Update function to the plugin, I'll be happy to review it and accept your PR, in this case you will not need to implement it in another plugin, but you will add a new feature to this one.

Hope it helps somehow. Please, let me know if you have any other questions.

[Incremental92]

Ahoj Ricardo, yes, I'd like to update user's information of whom password from a logged session. I already have a plugin handling routes for different purposes and I was wondering if JWT was able to perform it. The documentation is quiet light (for my learning level). Should I understand that Forgot Password and Reset Password invokes the October regular process for resetting a password ?

As passwords are sent during the registration process, do you consider it could be updated the same way and store in my route this way ? https://octobercms.com/docs/services/hashing-encryption#hashing

PS : what do you call a PR ?

[Incremental92]

sorry, bad clic closed the topic...

[rluders]

Should I understand that Forgot Password and Reset Password invokes the October regular process for resetting a password ?

Yes. It does, so, it will not allow you to update the user information, in this case, you should create your own endpoint to handle it.

As passwords are sent during the registration process, do you consider it could be updated the same way and store in my route this way ?

Yes. If you create your own endpoint to handle user information to change the password you must hash the password.

PS : what do you call a PR ?

PR stands for Pull Request. Check this guide. If you want to implement this feature to this plugin, I'll be happy to review and accept your contribution.

[Incremental92]

Thanks for your clear answers. I understand that I should do in my endpoint : https://octobercms.com/docs/services/hashing-encryption#hashing

At the moment, trying to send my authorization token, I'm getting : 403 Forbidden and CORS error (Reason: CORS header ‘Access-Control-Allow-Origin’ missing)... I think I'm not so far and will be happy to share my code.

[rluders]

@Incremental92 do you have the RLuders.Cors plugins installed as well? If not, install it. If you already have it, make sure that your routes have the middleware api set.

[Incremental92]

Well, based on https://watch-learn.com/video-tutorials/fixing-jwt my Route is :

Route::middleware(['api','jwt.auth'])->group(function () {
    Route::post('Change-Pwd', function (Request $request) {
        $user = new User;
        // For testing !
        return response()->json('User : ' + 'toto' + 'Password Changed !' + ' / Request = ' + $request);
    });

and in my Vue.js call :

   changePassword ({ commit }, pwd) {
      // Prepare authentification token for JWT Auth
      const authorization = { headers: { 'Authorization': 'Bearer ' + state.token }  }
      this.$axios
         .post(constantes.SERVER_URL + "/Change-Pwd", pwd.data, authorization)
         .then(response => { // Réponses OK dans la série 2xx - Status 201 -> "Created" = OK
            console.log("Response OK : ", response);

Then I get :

[rluders]

Yeh, hard to tell why. I did some tests here, and everything seems to be working, but later one I can try to test it a little bit more.

Check again if you are using the RLuders.Cors and if it is enabled. Also, share with me more information about how you are running the OctoberCMS. Is it running with Apache? Nginx? Directly by artisan command?

[rluders]

@Incremental92 it seems that the CORS issues are given to an issue on my CORS plugin - it seems that the library that I'm using changed a lot. I'll be fixing it ASAP.

[Incremental92]

Ahoj, in complement, I'm using your CORS plugin, like Ivan Doric explained. I'm using October on Win10 with WinNMP which uses Nginx. For the frontend, I'm using VSC with Quasar framework

If I perform a non authorized call, it works : Route::middleware(['api'])->group(function () {

[rluders]

OK. It seems that we have a bug confirmed here. I'm creating an issue at the CORS plugin repository (here).

I'm a little bit overloaded this weekend, and maybe next week, but ASAP I'll provide a fix. I would recommend using another CORS plugin meanwhile.

[Incremental92]

Thanks for your help I prefer to keep your CORS plugin and wait while I code my app.

[rluders]

I'll close this issue, 'cause it is related to the CORS plugin. The link to the issue there is: https://github.com/rluders/oc-cors-plugin/issues/3