As most of the users of your application are only human, and humans tend to forget things, a password reset function is not exactly a luxury you can do without. Unfortunately, the password reset functionality is not natively platform-supported within Mendix. While changing your password is part of the Administration module, which is included in every application template, the password reset functionality may only be implemented in combination with a couple of dependency modules. This isn’t a bad thing, as it allows more flexibility. For example, if you do not need the full-blown functionality of the platform-supported module, you may create your own or use a community-supported reset module like the one I built.

The platform-supported module has existed for many years now, and in that time, its functionality and complexity have increased. My version is an attempt at keeping it simple. As I also only support Mendix 10.6+, I did not have to deal with different versions and dependencies based on the Mendix version.

My module supports all the basics, such as:

• Using the Administration.Account entity;
• sending out an e-mail only when an account matching the given e-mail address is provided;
• a deeplink as part of the e-mail that brings the user back to the application and, if valid, allows the user to set a new password;
• the e-mail is based on a simple template.

Usage of our Mendix Password Reset module

The module implementation is simple due to the need to send an e-mail during the reset process. There are, however, a couple of dependencies upon other modules/widgets:

• Community commons to retrieve the application's root URL
• E-mail connector to send the e-mail
• Combo box widget for the settings page
• Administration module as it uses the Account entity
• Atlas Core for the basic layout, which may be changed easily as there is one master layout in the module

The reset process is simple, so the user must go through only a few steps.

Password reset process from the user perspective

The user will start the process by clicking the button or link anywhere that makes sense. A login page is the usual location.

After that, the user can enter an e-mail address, except for validating that something has been entered and that it follows a valid e-mail address format.

Step 1: The user will see a field where an e-mail address can be entered.

Step 2: The user is then sent to a confirmation page, even if the e-mail address does not match an account.

If the e-mail address does exist, the system will send an e-mail to that address with a reset link.

‍

Step 3: When clicked on the link in the e-mail, the user will be directed to the page to enter a new password. That is, of course, if the link is valid. It will expire after 5 minutes (configurable via a constant).

When the URL link is invalid or expired, the user lands back at step 1 with an error message.

If the URL is valid, the user will be able to enter a new password.

The new passwords will, of course, be subjected to validation too. They need to match and follow the requirements set in the security settings as well.

Step 4: Once the password is reset, your user will get a confirmation page from which they can return to the sign-in page.

Password reset process from the administrator perspective

Of course, your administrator user must be able to configure the module settings. So, when you have implemented the settings page, you can edit the e-mail subject and contents. Your administrator must also select an e-mail account from the e-mail connector module.

Implementation of the module

After implementing the e-mail connector module and configuring the runtime settings, the remaining implementation of the simple password reset module is relatively simple.

The implementation may be done by assigning the module roles to the appropriate project roles, the administrator to an administrative role, and the anonymous role to your project's anonymous role.

Besides that, add the button via the SNP_ResetPasswordButton To your custom sign-in page. Or add a button/link to login.html. That links to /p/forgotpassword. This will allow your users to start the password reset process.

Of course, you should add the settings snippet to a page to maintain the modules' runtime configuration. You will also need to select an account to send the password reset e-mail.

Requests are welcome

I hope this will help you create a password reset module within Mendix without any hassle! Let me know which requests you have left for me to improve the Mendix platform!