Reset Password without an SMTP Server about communityserver HOT 13 CLOSED

Use API.

echo "Getting the token authorization"

curl -i -X POST -v -H "Accept:application/json" \
        -H "Content-Type: application/json" \
        http://<portal-ip>/api/2.0/authentication.json -d '{"userName":"[email protected]","password":"xxxxxx"}'

echo "Get a list of all users using the authorization token from a previous request"

curl -i -X GET -v -H "Accept:application/json" \
        -H "Authorization: NvxkuMxjBQLrpkGbT839q+pwL1JtctgQUwOF5hhtbN38G7nfo8xMfppYYoqoUGA3zqnu43t5kBgo1VKCI7wCF/95jKtojfks27yWcSRadksufrf0bSvvdXQ==" \
        http://<portal-ip>/api/2.0/people/filter.json

echo "Using the access token and user id set the password and activated the email. Access to this method, only the admins."
echo "A known bug that when performing this method flies the current authorization token."

curl -i -X PUT -v -H "Accept:application/json" \
        -H "Content-Type: application/json" \
        -H "Authorization: NvxkuMxjBQLrpkGbT03Y0NRP839q+pwL1AMssMfMZAxLegk82k7w9WBZSJtctgQUwOF5hhtbN38G7nfo8xMfppYYoqoUGA3zqnu43t5kBgo1VKCI7wCF/95jKtojfks27yWcSRadksufrf0bSvvdXQ==" \
        http://<portal-ip>/api/2.0/people/c7c0eac5-dae0-40a7-978c-69cb9c6c84a0/password.json -d '{"userName":"[email protected]","password":"xxxxxx"}'

from communityserver.

Make sure token from 1st command doesn't contain '\/' characters.
You should unescape '/' i.e. '\/' => '/'

from communityserver.

My current solution is:

From the host run the following code as root every minute.

#Variables
file="/tmp/file.txt"

# Cleanup
rm ${file} 2> /dev/null

# Kill any existing SMTP Process
function kill_process {
    process_id=$(sudo netstat -lpn |grep 25 | awk {'print $7'} | cut -f1 -d"/")
    sudo kill $process_id 2> /dev/null
    echo "[*] Killed running SMTP process"
}

kill_process

#Start SNMP Server
echo "[*] SMTP Server Started"
test=$(sudo python -m smtpd -n -c DebuggingServer YOUR_IP_HERE:25 > ${file}) &

# White until file is not empty
while [ ! -s ${file} ]; do
    echo "[-] Waiting for Password to be received"
    # Sleep for 2 Seconds
    sleep 2
done
echo
echo "[+] Password Reset Link"
echo -n " https" && cat ${file} | tr '\n' ' ' | sed -n 's:.*https\(.*\)p=3D1.*:\1:p' | sed 's/3D//g;s/= //g' && echo -n "p=1"
echo
echo

# Cleanup
rm ${file} 2> /dev/null

kill_process

from communityserver.

Unfortunately, there is no way to change a password. We'd recommend to do the following:

1. Enable logging in file:/var/www/onlyoffice/WebStudio/web.log4net.config
   logger name="ASC.Notify.Messages" additivity="false"
   appender-ref ref="Notify"/
   level value="ALL"/
   /logger
2. Close the sending port.
3. Copy the password changing link from the log file.

from communityserver.

Could you generate the password reset link then redirect to the user to that, when they do a password reset?

from communityserver.

You may change the password only in Web interface (in User Profile).
But the special method should be added to API about in the beginning of next year.

from communityserver.

How can the password be changed in the Web Interface? At the moment the only option I see is send a password via email?

from communityserver.

Hi, any update on this ? i need to allow user to change their password without accessing their email

from communityserver.

Hello Alexey.

Thanks for the API, but I have the question:
I tried your first step and the result was displayed:

{"count":1,"status":0,"statusCode":201,"response":{"token":"3lzKX5goHR9IdqrMoDB3Tbl/10VP9qzZTPZA5xEZ3rkDvHX2OILe57MCsksWiY5gQtEcIOhMvRr5x3cUMy7pyg3xHHQOjOwGTQPMjxsyTerVxP2czYEnKf2iBfyYwB81XP6PUfOwqQC6Ml5BxitT6Q==","expires":"2018-10-06T12:37:50.9948890+02:00","sms":false,"phoneNoise":null}}

This is OK. Then I copied the token and put it in step 2 and this step does not work. I tried with a gap without a gap after "Authorization: "

An error is always displayed:

GET /api/2.0/people/filter.json HTTP/1.1

Host: xxx
User-Agent: curl/7.47.0
Accept:application/json
Authorization: 3lzKX5goHR9IdqrMoDB3Tbl/10VP9qzZTPZA5xEZ3rkDvHX2OILe57MCsksWiY5gQtEcIOhMvRr5x3cUMy7pyg3xHHQOjOwGTQPMjxsyTerVxP2czYEnKf2iBfyYwB81XP6PUfOwqQC6Ml5BxitT6Q==

< HTTP/1.1 401 Unauthorized
HTTP/1.1 401 Unauthorized

Can you help me please? Many thans for your time.

from communityserver.

Yes, you're right. That was a problem. Well thank you!

from communityserver.

Hello. Can anyone help me? I would like to automate this process.

The user enters their email and password in a simple php form. In the background, step 1 is processed to obtain the token, step 2 would add the received token to get the ID, and in step 3 verify the user with the entered email and the selected ID would be sent with the entered password.

It would be best to create this in javascript but I do not know it :-(.

from communityserver.

@UjoJano

It would be best to create this in javascript but I do not know it :-(.

If you are interested in any kind of custom development feel free to contact ONLYOFFICE team at [email protected], they will help you with that task.

from communityserver.

echo "A known bug that when performing this method flies the current authorization token."

what do you by this bug ?

from communityserver.