Password reset and BF_Actions

APJ · November 2, 2022, 8:46am

When using the forgot and reset pages, it appears that any actions set in the authnotifier script are ignored. This makes it difficult to tell users that the reset email has been sent and to confirm that their password has been changed. I have users who keep clicking the send reset link button as they think it is not working when they get no feedback.

Why do the BF_Actions get ignored?

What suggestions does anyone have for managing these scenarios?

The outgoing payload looks like this

{“actions”:[{“action”:“path”,“options”:{“options”:{},“path”:“/login”}},{“action”:“showAlert”,“options”:{“options”:{},“text”:“Password Changed”,“title”:“Success”,“type”:“success”}}],“app”:{},“error”:{},“form”:{},“model”:{},“pages”:,“state”:{},“type”:“resetPwd”}

Andrew · November 3, 2022, 4:07pm

One suggestion is to handle this on the front end instead. On a password reset, the authMessage returned can give you an indicator whether or not the reset was successful or not. You can catch that message and perform different actions accordingly.

For example, here’s a function you can put after your authReset action:

if(model.authMessage == "Your password has been reset successfully!"){
    location.href="/#/"
}

Regarding why you can’t call actions from the authNotifier, I believe it’s related to security concerns, but maybe Delfs could provide more insight on that.

APJ · November 3, 2022, 7:14pm

Thanks for the suggestion. it does seem really clunky to do it tis way.

I don’t understand why it is a security concern more than any other hook. Surely it should be up to the developer what he wants to happen.