Users running a non-download version of Vanilla (pulled from github), on branch release/2019.016 or master from the last 2 weeks should upgrade to release/2019.017 or latest master for security reasons. Downloaded official open sources releases are not affected.

How to change the password of the user in API v2?

Hi everybody,

I use the VanillaForum with my own application, as well as my own user administration. Via API I create a new user in the forum. This works very well. However, I cannot change the password of this user afterwards. Is this still a missing feature or is there a reason why this function is not available?

Greetings

GoatMachine

Tagged:

Comments

  • R_JR_J Cheerleader & Troubleshooter Munich Moderator

    There is no endpoint dedicated to that, as far as I can see. But the AuthenticateApiController has a post_password() method which can be used to check if the "old password" info is correct.

    Afterwards, with the UsersApiController patch() method, you should be able to set the new password. But I assume that all the password strength checks will not be applied.

    By the way: in order to use the authentication API you need to enable it by setting a "feature flag" in the config. Add the following line to /conf/config.php: $Configuration['Feature']['AuthenticationAPI']['Enabled'] = true;


  • R_JR_J Cheerleader & Troubleshooter Munich Moderator

    Oh and by the way: I'm super interested in seeing what you have done. It would be great if you could share what you have done. If this is not possible here in public, at least some screenshots via PM would be nice 😉


  • I'm on the correct way that you mean this endpoint?

    PATCH /users/{id} Update a user.
    

    There is no attribute for password.

    And the AuthenticateApiController is this a new endpoint?

  • R_JR_J Cheerleader & Troubleshooter Munich Moderator

    Sorry, I haven't done very much with the API or REST Apis as such. But based on the examples I would say you need something like that:

    curl -X PATCH "blablabla/api/v2/users/42" -H "accept: application/json" -H "Content-Type: application/json" -H "x-transient-key: whatever" -d "{\"password\":\"rumpelstilzchen\"}"


    Not sure about the authenticate API age... If it is important for you, you would have to do some investigations on GitHub


  • can u please tell me how to get the user API for Vanilla forum

  • You can find them in Settings -> Technical -> API

    Yes, that's what I was thinking. But it's not working :( Maybe I have to read the source code. Thanks for your help

  • R_JR_J Cheerleader & Troubleshooter Munich Moderator

    I would start by trying to change something which is in the example: "emailConfirmed" from true to false or the other way around. If that's working you could try to set the password. But if it is not working you have to dig into why you cannot even set emailConfirmed.


  • I changed the username of my Testuser with this endpoint. Everything works fine. Password still the old one.

  • R_JR_J Cheerleader & Troubleshooter Munich Moderator

    The ApiController uses the UserModel->save() method. That method fires the BeforeSave event. Write a simple plugin with the following method:

    public function userModel_beforeSave_handler($sender, $args) {
        Gdn::set('debug-'.time(), dbencode($args['Fields']));
    }
    

    That will log in the table GDN_UserMeta what is saved by the UserModel. First thing you should do is to see if the password is still in there.

    This simple snippet works, so I wouldn't know any reason why using the patch method shouldn't work...

    $user = Gdn::userModel()->getByUsername('Kunz');
    Gdn::userModel()->save([
       'UserID' => $user->UserID,
       'Password' => 'KunzPasswort'
    ]);
    


    But it's really all guessing around from my side, sorry


  • Seems to be a bug. In the userPatchSchema is the field 'password?' missing. If I add this it will work.

  • R_JR_J Cheerleader & Troubleshooter Munich Moderator

    But maybe that is also intended (for whatever reasons).

    You should better create a plugin and extend the controller class, overwrite the userPatchSchema and use your custom controller for resetting the password.


Sign In or Register to comment.