Question

Forgot Password: enter new password

0

In an app I am working on, I have includede the ForgotPassword and Deeplink modules from the App Store. I did all the required configurations (-email settings and template, Deeplink for ForgotPassword), using the NavGuestLogin MF in the Navigation, activated anonymous user access. I adjusted the NavGuestLogin MF for the purpose of my app, but that has no influence of the problem. The app works as designed. I want to test the ForgotPassword part. I click the link "Forgot Password?" , enter my e-mail address and get the notification an e-mail has been sent. I receive that e-mail, click the link and if the link has expired I get such a message. This shows (as verified in debug) that the Step3_DL_SetNewPassword MF is called and processed. When I click the link within the time limit and the Step3_DL_SetNewPassword MF has been processed successfully, it should show Page Step3_DL_SetNewPassword. But that page will not show; it shows the black bar with the rotating balls (sort of hour glass). I tired to test it running locally and in the Cloud, but either way: no success, no page to enter my new password, What could be the reason that page will not show? Is this a security problem? How would I have to set it? TIA Carel Teijgeler

asked 2017-01-24

Carel Teijgeler

1 answers

Joël van de Graaf · Answer 1 · 2017-01-24

Hey Carel,

Most of the time those issues has indeed a security problem. The page that is shown by the microflow 'Step3_DL_SetNewPassword' shows the object for the user to set a new password. The anonymous role needs to have read/write rights on that object. Check if your anonymous project role is correctly attached to the role of the 'ForgotPassword' module. Check if the module role has read/write rights in the entity access of object.

Mendix will not show a page to an user when the doesn't have at the minimal read rights and then keeps showing the black bar with the rotating balls. Normally in the Modeler Mendix gives you an error when a project role can access the page but doesn't have the rights. In this case the mircoflow is triggered by Java, because of the deeplink module, and therefor Mendix can't check that.