Menu
I'm looking for an implementation of a password retrieval procedure using the Acegi plugin for Grails...Google is failing me...
245
IMHO this is currently not part of the Acegi plugin. I've added a forgotPassword action to the LoginController:
def forgotPassword = {
if (params.username) {
User user = User.findByUsername(params.username)
if (user) {
def password = randomService.generateRandomString(8)
user.passwd = authenticateService.encodePassword(password)
if (!user.save(flush:true)) {
user.errors.each {
log.error "err $it"
}
flash.message = message(code: "LoginController.msg.forgot.error")
} else {
sendMail {
to user.username
subject message(code:"LoginController.mail.forgot.subject" )
body(view:"forgotPasswordEmail", model: [person:user, password:password])
}
flash.message = message(code:"LoginController.msg.forgot", args:[user.username] )
}
} else {
flash.message = message(code:"LoginController.msg.forgot.unknown", args:[params.username])
}
}
}
The code above uses the Grails mail plugin.
97
Google is failing you because there isn't one. It's really not possible to reverse the hashed password (without brute force cracking and rainbow tables), and if it were, that'd mean that your system was not secure.
The common pattern is to e-mail the user that forgot their password with a one time use token that they can then use to reset the password to whatever they want to. This isn't built into the framework, but it's not too hard to do manually (I'd suggest using the grails mail plugin).
43
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
