Going to the login page (via a GET request) causes the login page to load. It contains a passwordManagementForm, which has a hidden "execution" value (a large token) and a hidden "_eventId" value (set to "resetPassword") inside.
Clicking the Forgot Password button makes a POST call back to the same login page, but passes those two values along, which causes the Reset Password form to load. This form has a different "execution" value, and its "_eventId" is set to "findAccount". Typing a username here and clicking the Submit button causes yet another POST call to the same login page to be made. This time, the new "execution", "_eventId", and "username" fields are passed along. This seems to be what causes the Reset Password email to be sent. I could potentially have my application make all of these same calls, in the same order, passing the correct values at each step. In essence, the application would be mimicking a web browser. If this is the only approach, I can give it a try, but it feels like a bit of a hack to me. I was hoping for more of an API that my application could make a single call to. On Thursday, September 17, 2020 at 3:00:45 PM UTC-6 Ray Bon wrote: > Jaden, > > Is cas 'Forgot Password' a GET or POST? > Either way, there may be some cookies or hidden form fields that might > require a GET call to the log in page first. > I have done this for jMeter testing of other applications that have to go > through the log in process, but not for resetting password. > > Ray > > On Thu, 2020-09-17 at 12:59 -0700, Jaden wrote: > > Notice: This message was sent from outside the University of Victoria > email system. Please be cautious with links and sensitive information. > > > My application has a "Reset Password" button inside it. When the user > clicks that button, I'd like CAS to send them its standard password reset > email (the one controlled by the various cas.authn.pm.reset.mail > properties). In other words, I want it to behave as if they had clicked > "Forgot Password" on the CAS login screen, typed their email address, and > clicked Submit. > > Is this sort of behavior possible? I'm hoping for something simple like > sending a GET request to CAS, but I'll take any solution I can get :-) > > Thanks! > > > -- > > Ray Bon > Programmer Analyst > Development Services, University Systems > 2507218831 <(250)%20721-8831> | CLE 019 | [email protected] > > I respectfully acknowledge that my place of work is located within the > ancestral, traditional and unceded territory of the Songhees, Esquimalt and > WSÁNEĆ Nations. > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/a4d8d2b4-23ba-4627-9516-f28260c94924n%40apereo.org.
