Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Forgot password link Token validation

Go to solution
uldis
Explorer

on ‎2018 Jul 24 4:28 PM

0 Likes
591

Hi experts,

is there a way to validate the token in for the password reset. Right now i am just using the

customerFacade.updatePassword(form.getToken(), form.getPwd());

and use a catch to get the TokenInvalidatedException
is there a better way to do this?

Thanks,
Uldis

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (1)

Accepted Solutions (1)

former_member1014349
Explorer
‎2018 Jul 24 6:04 PM
0 Likes

Hi Uldis,

Yes you can use the SecureTokenService to validate the password reset token. Here is how to do it:

 final SecureToken data = getSecureTokenService().decryptData(token);

This will get give you the token data that contains the timestamp of the token. This can be used to validate if the token is expired or not. Here is an excerpt from the account service:

 final SecureToken data = getSecureTokenService().decryptData(token);
         if (getTokenValiditySeconds() > 0L)
         {
             final long delta = new Date().getTime() - data.getTimeStamp();
             if (delta / 1000 > getTokenValiditySeconds())
             {
                 throw new IllegalArgumentException("token expired");
             }
         }

Once you validate the token, just find the customer based on the token by using: 

 final CustomerModel customer = getUserService().getUserForUID(data.getData(), CustomerModel.class);

That's it. Hope this helps.

Show replies
Show replies

Answers (0)

Ask a Question