AdminResetPassword URL
Resets passwords in the database.
This URL can be used by Administrators, to reset the password of a registered user (for example,
if the registered user has forgotten his or her current password). The new password is then randomly
generated by the system and e-mailed to the registered user.
Note: Optionally,
the command can be configured to email a validation code instead. The registered user would then
click the link supplied in the email and specify the validation code along with a new password to
update their password. For more information, see Configuring storefront Reset Password feature to use validation codes.
Use this URL with SSL (Secure Sockets Layer) to ensure that the logon password and personal information are encrypted. To do so type the command with the HTTPS secure protocol.
Warning: Only use HTTP POST with this URL. By using HTTP GET, passwords
can be logged in the browser history, or in web server logs.
URL structure
- http://host_name/path/
- The fully qualified name of your WebSphere Commerce Server and the configuration path
Parameter values
- langId
- Sets or resets the preferred language for the duration of the session; the supported languages for a store are found in the STORELANG table
- URL
- The URL to be called when the command completes successfully
- storeId
- The reference number of a store
- logonId
- The logon ID of the registered user whose password is to be reset
- administratorPassword
- The password of the currently logged in administrator. This is required as an extra security measure.
Example
This example resets the password of the registered user who has a logon ID of aa. The system generates a password and e-mails it to the e-mail address associated with the logon ID aa:
https://myhostname/webapp/wcs/stores/servlet/AdminResetPassword?URL=basemall.jsp
&logonId=aa &administratorPassword=abc123def
Note: Optionally, the command can be configured to email a validation code
instead. The registered user would then click the link supplied in the email and specify the
validation code along with a new password to update their password.
Behavior
- This URL command maps to the ResetPasswordAdministratorCmd controller command
- It calls the following task commands:
- GeneratePasswordCmd
- VerifyCredentialsCmd which calls one of the following, depending on the authentication setting:
- UpdateCredentialsCmd
- SendPasswordNotificationCmd
- The command checks the required parameters. If the parameters are missing or invalid, it sets one of the error tasks with the appropriate error codes.
- The command verifies that the password of the administrator running the command is correct.
- When the command successfully completes, it calls the specified URL.
- Users who have been given a generated password by the ResetPasswordAdministratorCmd command will need to change their password after first usage.
- Users who have been given a validation code in an email by the ResetPasswordAdministratorCmd command will need to follow the link in the email, specify the validation code, and change their password.
Exception conditions
If a required parameter is missing or incorrect, the command sets an exception as follows:
Explanation | Error Code Value |
---|---|
The URL is missing. | ECSecurityConstants.ERR_MISSING_REDIRECTURL (1000) |
The logon ID is missing. | ECSecurityConstants.ERR_MISSING_LOGONID (2000) |
The administrator's password is missing. | ECSecurityConstants.ERR_MISSING_ADMINPASSWORD (2090) |
The logon ID does not belong to a registered user. | ECSecurityConstants.ERR_INVALID_LOGONID (2010) |
The administrator's password is incorrect. | ECSecurityConstants.ERR_INVALID_PASSWORD (2030) |
The administrator's account is disabled. | ECSecurityConstants.ERR_DISABLED_ACCOUNT (2110) |
The error handler is ECConstants.EC_ERROR_CODE. The error view is ResetPasswordAdministratorErrorView.