search

stormpath / stormpath-laravel

Build simple, secure web applications with Stormpath and Laravel
Other
29 stars 6 forks source link

How to generate spToken for change password form? #51

Closed aaronblondeau closed 7 years ago

aaronblondeau commented 8 years ago

I would like to use the change password from provided by this package. Visiting /change results in a redirect to the forgot password form (forgot?status=invalid_sptoken). After looking at code in the ChangePasswordController.php I see that an spToken is required. However, I am unable to find a way to generate this token in any of the Stormpath documentation:

Nothing that looks right here : http://docs.stormpath.com/php/apidocs/Stormpath/Resource/Account.html Or here : http://docs.stormpath.com/php/apidocs/Stormpath/Resource/Application.html Or here : https://docs.stormpath.com/php/laravel/latest/quickstart.html

The Application.php class in the PHP SDK has a private function called createPasswordResetToken, but it is not accessible.

So, can you please update docs on how to make use of the change password form?

bretterer commented 8 years ago

@aaronblondeau the workflow for Change Password for the Stormpath-Laravel package is as follows:

A user who needs to reset their password needs to visit the /forgot endpoint. Once there, they will be prompted to fill in their email address. Once they do, they click the button and an email is then sent off to them with a link. This is all assuming that you have enabled password resets in the Stormpath Dashboard UI. To do this, log into your Stormpath tenant and go to the directory/directories you are working with and click on workflows on the left of the screen. From here, Click on Password Reset and select enabled. This will allow for password reset emails to be sent. While in here, you will want to reset the base url for the password reset to match your web Applications URL. (eg. http://localhost:8000/change)

Once you do this, and the user clicks on the button in the forgot password page, they will receive an email with a link. Once they click on the link in their email, it will take them to the /change page of your application where they will be prompted to change their email.

The /change endpoint for the integration is not for general password changes. To do this, you will need to implement it using the PHP SDK. For information on how to do this, please follow http://docs.stormpath.com/php/product-guide/latest/accnt_mgmt.html#change-an-account-s-password