Support Topics Documentation Slack YouTube Blog

Creating Password Reset Email in Multi tenanted environment

General
#1

Hi there,

In working with Adalo as my frontend and backendless as the back. I’m experimenting with using backendless as a single multi-app user database for (very simple) apps. So far, I have successfully setup Adalo to use the backendless API to register and login users to to the backendless authentication by passing an appcode attached to the userid, thus allowing the same email and username to register for multiple apps, so far, so good. I then make another API call to set the relationship of the backendless User to a APP table and that works great too.

My next thought was how to manage password resets within backendless and I see that the standard email templates are limited to small number of variables:

emailbackendless
emailbackendless1439×1509 127 KB

Since users would be registered on different apps the {app_name} merge field isn’t going to suitable, I was hoping I could select a customer field “app name” in my own table.

Any suggestions on how I could achieve this?

Many thanks,

Graham.

#2

Actually in summary, is there a way to add smart text fields to the password templates or can I access password variables in the custom templates?

#3

Hello @Graham_Reddie

Smart text and dynamic variables works only for custom templates. You cannot add it to the system templates.

If you want to have the flexibility and full control you can create your own custom template and implement custom service for password recovery using Business Logic that will send the templates.

Here are general steps for this:

  1. Create a service with two methods: requestPasswordRecovery and confirmPasswordRecovery.
  2. requestPasswordRecovery method receives a request from the user who wants to reset the password. We generate a secret token for this user and put it in a table and associate it with this user.
  3. Send a custom email to the email address of the user with a link to the second method that contains encoded token. The link redirect call the confirmPasswordRecovery method .
  4. confirmPasswordRecovery method checks if the secret token matches the one in the table for this user and if so, reset/change the password and send an email with the new password or - if he wants - give him a link to the page where he enters his new password.
  5. Remove the token from the table. It is also desirable to have a timer, which will periodically remove the expired tokens, so that they do not hang there permanently.

Regard, Viktor