Accessing/editing user password information

nonickch's Avatar

nonickch

12 Sep, 2009 06:11 PM

Hello, I've been trying to tie in an external application with tenderapp.

I've managed to remotely create users (which was very hassle-free and clean might I add).

The problem creeps up when I need to create some form of "password reminder" from the external site.
I can keep a copy of the password I assigned to the user upon creation, but that doesn't mean he didn't change it sometime later on.
Question 1: Can find out a users password via the API somehow? Another way to go about this is to just validate the user against tenderapp, and if that fails (password changed), create a new password and assign it to the user.
Question 2: Can I assign a password to a user via the API?

  1. Support Staff 1 Posted by Courtenay on 12 Sep, 2009 08:21 PM

    Courtenay's Avatar

    Passwords are not stored in plaintext, so, no.

    Why don't you implement our Multipass technology and handle user
    accounts from your app? See the section in the FAQ for more
    information.

    ============
    Courtenay
    (310) 294-4026
          ^{0,o}'

    On Sep 12, 2009, at 11:11 AM, nonickch <[email blocked]
     > wrote:

  2. 2 Posted by nonickch on 13 Sep, 2009 12:17 PM

    nonickch's Avatar

    Thank you for your answer.

    Unfortunatelly, that is not that attainable because there are no such user accounts on the external app.

    So I'm guessing there is also no way to overwrite the crypted password fields?

  3. Support Staff 3 Posted by Courtenay on 13 Sep, 2009 11:15 PM

    Courtenay's Avatar

    I really don't understand what you're trying to do. Can you explain in
    a little more detail?

    ============
    Courtenay
    (310) 294-4026
          ^{0,o}'

    On Sep 13, 2009, at 5:17 AM, nonickch <[email blocked]
     > wrote:

  4. 4 Posted by nonickch on 15 Sep, 2009 02:03 PM

    nonickch's Avatar

    We have an external system that tracks clients.
    When some criterial are met, the system fires an event that notifies the script I'm writing to create a tenderapp support account for a client.
    Please note, the clients are not users int he external system, just db entries.

    The script extracts the needed user information and uses the json interface to create the account on tenderapp and then emails the client with the login information.

    It is concievable that the event will fire twice for a specific client.
    To account for this case, we need to check if the user we want to create exists. This is possible with the json interface.
    If we find the user in tenderapp, we want to send him about the same email. So we either include his current tenderapp password or we change it (via json) and use the new one.
    We cannot store (anywhere) the password we gave him the first time, in order to retrieve it for the next time: The user will, most likely, change his randomly-generated tenderapp password to something he likes better. And since we cannot track password changes in tenderapp, we'd end up sending old passwords and confusing the clients.

    So in summary: I'm looking after a way to either retrieve a tenderapp users password or a way to set the tenderapp users password to one of my choice.

  5. 5 Posted by rick on 16 Sep, 2009 08:12 AM

    rick's Avatar

    Eh, I'm not sure we'll be allowing you to set a user's password. There's definitely no way to retrieve a password (for security reasons).

    Even if user accounts are 'db entries' in your app, you can still generate multipass tokens that link to Tender URLs. These tokens include the user's email and other information, but is used as a simple link for the user to log in with. Though since this is included in an email, you'll want to set the multipass timeout to something longer, like a week or longer (the docs suggest 5 minutes I believe).

  6. Nicole closed this discussion on 04 Dec, 2009 08:42 PM.

Discussions are closed to public comments.
If you need help with Tender please start a new discussion.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac