Change password

Using Neos & Flow
1

Hello all,

I think I am completely blind :slight_smile: I would like to have the possibility that a user can change his password.
So he enters his current password and two times the new password.
First I want to check if the current password is correct and if yes, then set a new password.

Both checking the current password and changing a password I can’t get it to work. I can’t find anything in the SecurityContext and I can’t find anything in the AuthenticationController or AuthenticationManager that really helps me.

Does anyone have a tip for me where to look to find suitable functions?

Many thanks!

Tobias

2

Hi Tobias,

the users can open the dropdown top right (called user menu).
There they can log out and change user settings.

In the user settings, they are able to change the user password.
The Account has a pencil and there is a form for the password adjustment.

3

Hi Markus,

thank you very much for your prompt reply. I’m very sorry, I missed the most important point: I’m using Neos Flow 6.3.0. I would like to code the possibility of changing the password in my own system.

It’s always a problem when you know what you want yourself, but you don’t tell half of it. Please excuse me :slight_smile:

Tobias

4

Hello all,

I’m sorry - I have to rehash this topic. I’ve made a mini-step forward - but can’t quite get there.

The step where I’m stuck: I want to compare the password stored in the DB with the new input. My idea:

public function checkPasswordAction(string $password)
{
    $account = $this->securityContext->getAccount();
    $credentialsSourceNew = $this->hashService->hashPassword($password);
    $credentialsSourceOld = $account->getCredentialsSource();

    echo "old: ".$credentialsSourceOld."<br/>";
    echo "new: ".$credentialsSourceNew."<br/>";

    die;
}

Unfortunately, I then see that the two, despite the same password entry do not match. When creating a new user account we take the “default” strategy - that’s why I didn’t specify anything else as “hash strategy” here.

Does anyone have an idea why the two hashes do not match? I’m guessing it’s because of the “salt”, but I’m not an expert in that area.

I look forward to your help! :slight_smile:

5

Hello again,

that is an important information. maybe it helps you to check the code from the Sandstorm Package. Or maybe you can just use it.

UserManagement/ResetPasswordController.php at master · sandstorm/UserManagement (github.com)