HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
How to change the password of the user in API v2?
GoatMachine
New
Hi everybody,
I use the VanillaForum with my own application, as well as my own user administration. Via API I create a new user in the forum. This works very well. However, I cannot change the password of this user afterwards. Is this still a missing feature or is there a reason why this function is not available?
Greetings
GoatMachine
0
Comments
There is no endpoint dedicated to that, as far as I can see. But the AuthenticateApiController has a post_password() method which can be used to check if the "old password" info is correct.
Afterwards, with the UsersApiController patch() method, you should be able to set the new password. But I assume that all the password strength checks will not be applied.
By the way: in order to use the authentication API you need to enable it by setting a "feature flag" in the config. Add the following line to /conf/config.php:
$Configuration['Feature']['AuthenticationAPI']['Enabled'] = true;
Oh and by the way: I'm super interested in seeing what you have done. It would be great if you could share what you have done. If this is not possible here in public, at least some screenshots via PM would be nice 😉
I'm on the correct way that you mean this endpoint?
There is no attribute for password.
And the AuthenticateApiController is this a new endpoint?
Sorry, I haven't done very much with the API or REST Apis as such. But based on the examples I would say you need something like that:
curl -X PATCH "blablabla/api/v2/users/42" -H "accept: application/json" -H "Content-Type: application/json" -H "x-transient-key: whatever" -d "{\"password\":\"rumpelstilzchen\"}"
Not sure about the authenticate API age... If it is important for you, you would have to do some investigations on GitHub
can u please tell me how to get the user API for Vanilla forum
You can find them in Settings -> Technical -> API
Yes, that's what I was thinking. But it's not working :( Maybe I have to read the source code. Thanks for your help
I would start by trying to change something which is in the example: "emailConfirmed" from true to false or the other way around. If that's working you could try to set the password. But if it is not working you have to dig into why you cannot even set emailConfirmed.
I changed the username of my Testuser with this endpoint. Everything works fine. Password still the old one.
The ApiController uses the UserModel->save() method. That method fires the BeforeSave event. Write a simple plugin with the following method:
That will log in the table GDN_UserMeta what is saved by the UserModel. First thing you should do is to see if the password is still in there.
This simple snippet works, so I wouldn't know any reason why using the patch method shouldn't work...
But it's really all guessing around from my side, sorry
Seems to be a bug. In the
userPatchSchema
is the field'password?'
missing. If I add this it will work.But maybe that is also intended (for whatever reasons).
You should better create a plugin and extend the controller class, overwrite the userPatchSchema and use your custom controller for resetting the password.