Forget password question

Hi al, I have a reset/forget password flow in which users get a new (generated) password per mail. Now when a user resets its password, it gets a link to activate it. When he/she clicks on it, the activation-hash is set automatically in an anonymously accessible form. What I wanted to do is make the user "active" if [1] the hash is correct [2] the generated password is entered correctly Is it possible to check if the "generated password" is the same as the password that the user enters? I know that in the db it is stored as a hash (hashstring), but I would expect it to be possible in this way $account/Password = sha1($activateObject/userProviededPassword) I'd like to here if this check is possible or not.
1 answers

You can do this in Java by using Core.authenticate, or by retrieving the MendixHashString member object of the specified attribute

See Core.authenticate


password verifyValue

(you can retrieve a member by using proxy.getMendixObject.getMember(context, name).