No worries, thanks for the info! It gives me something to try, which is already better than where I was before :-D
If anyone else knows of any APIs I might be able to call instead, I'd be very interested to get more info on those. Thanks! On Thursday, September 17, 2020 at 4:28:21 PM UTC-6 Ray Bon wrote: > Jaden, > > That is the extent of my familiarity with password reset. > I have never used the APIs. > > Ray > > On Thu, 2020-09-17 at 14:31 -0700, Jaden wrote: > > Notice: This message was sent from outside the University of Victoria > email system. Please be cautious with links and sensitive information. > > Going to the login page (via a GET request) causes the login page to load. > It contains a passwordManagementForm, which has a hidden "execution" value > (a large token) and a hidden "_eventId" value (set to "resetPassword") > inside. > > Clicking the Forgot Password button makes a POST call back to the same > login page, but passes those two values along, which causes the Reset > Password form to load. This form has a different "execution" value, and its > "_eventId" is set to "findAccount". > > Typing a username here and clicking the Submit button causes yet another > POST call to the same login page to be made. This time, the new > "execution", "_eventId", and "username" fields are passed along. This seems > to be what causes the Reset Password email to be sent. > > I could potentially have my application make all of these same calls, in > the same order, passing the correct values at each step. In essence, the > application would be mimicking a web browser. If this is the only approach, > I can give it a try, but it feels like a bit of a hack to me. I was hoping > for more of an API that my application could make a single call to. > > On Thursday, September 17, 2020 at 3:00:45 PM UTC-6 Ray Bon wrote: > > Jaden, > > Is cas 'Forgot Password' a GET or POST? > Either way, there may be some cookies or hidden form fields that might > require a GET call to the log in page first. > I have done this for jMeter testing of other applications that have to go > through the log in process, but not for resetting password. > > Ray > > On Thu, 2020-09-17 at 12:59 -0700, Jaden wrote: > > Notice: This message was sent from outside the University of Victoria > email system. Please be cautious with links and sensitive information. > > > My application has a "Reset Password" button inside it. When the user > clicks that button, I'd like CAS to send them its standard password reset > email (the one controlled by the various cas.authn.pm.reset.mail > properties). In other words, I want it to behave as if they had clicked > "Forgot Password" on the CAS login screen, typed their email address, and > clicked Submit. > > Is this sort of behavior possible? I'm hoping for something simple like > sending a GET request to CAS, but I'll take any solution I can get :-) > > Thanks! > > > -- > > > Ray Bon > Programmer Analyst > Development Services, University Systems > 2507218831 <(250)%20721-8831> | CLE 019 | [email protected] > > I respectfully acknowledge that my place of work is located within the > ancestral, traditional and unceded territory of the Songhees, Esquimalt and > WSÁNEĆ Nations. > > -- > > Ray Bon > Programmer Analyst > Development Services, University Systems > 2507218831 <(250)%20721-8831> | CLE 019 | [email protected] > > I respectfully acknowledge that my place of work is located within the > ancestral, traditional and unceded territory of the Songhees, Esquimalt and > WSÁNEĆ Nations. > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/37595049-d9bb-4e1a-8049-47392daefb31n%40apereo.org.
