Simply reset your password within Mendix with our module

Mitchel Mol
|
July 26, 2024

As most of the users of your application are only human, and humans tend to forget things, a password reset function is not exactly a luxury you can do without. Unfortunately, the password reset functionality is not natively platform-supported within Mendix. While changing your password is part of the Administration module, which is included in every application template, the password reset functionality may only be implemented in combination with a couple of dependency modules. This isn’t a bad thing, as it allows more flexibility. For example, if you do not need the full-blown functionality of the platform-supported module, you may create your own or use a community-supported reset module like the one I built.

The platform-supported module has existed for many years now, and in that time, its functionality and complexity have increased. My version is an attempt at keeping it simple. As I also only support Mendix 10.6+, I did not have to deal with different versions and dependencies based on the Mendix version.

My module supports all the basics, such as:

  • Using the Administration.Account entity;
  • sending out an e-mail only when an account matching the given e-mail address is provided;
  • a deeplink as part of the e-mail that brings the user back to the application and, if valid, allows the user to set a new password;
  • the e-mail is based on a simple template.

Usage of our Mendix Password Reset module

The module implementation is simple due to the need to send an e-mail during the reset process. There are, however, a couple of dependencies upon other modules/widgets:

  • Community commons to retrieve the application's root URL
  • E-mail connector to send the e-mail
  • Combo box widget for the settings page
  • Administration module as it uses the Account entity
  • Atlas Core for the basic layout, which may be changed easily as there is one master layout in the module

The reset process is simple, so the user must go through only a few steps.

Password reset process from the user perspective

The user will start the process by clicking the button or link anywhere that makes sense. A login page is the usual location.

User signing in.

After that, the user can enter an e-mail address, except for validating that something has been entered and that it follows a valid e-mail address format.

A deeplink to the forgot-password-page.

Step 1: The user will see a field where an e-mail address can be entered.

Step 1: fill in your e-mail address.


Step 2: The user is then sent to a confirmation page, even if the e-mail address does not match an account.

Confirmation page of password reset.


If the e-mail address does exist, the system will send an e-mail to that address with a reset link.

E-mail message regarding the password reset.

Step 3: When clicked on the link in the e-mail, the user will be directed to the page to enter a new password. That is, of course, if the link is valid. It will expire after 5 minutes (configurable via a constant).

Deeplink URL of the Password reset.

When the URL link is invalid or expired, the user lands back at step 1 with an error message.

An invalid or expired URL redirects the user back to step 1 with an error message.

If the URL is valid, the user will be able to enter a new password.

User will be able to create a new password.

The new passwords will, of course, be subjected to validation too. They need to match and follow the requirements set in the security settings as well.

Password needs to match the policy criteria.
Passwords must be the same.

Step 4: Once the password is reset, your user will get a confirmation page from which they can return to the sign-in page.

Confirmation after reseting the password.

Password reset process from the administrator perspective

Of course, your administrator user must be able to configure the module settings. So, when you have implemented the settings page, you can edit the e-mail subject and contents. Your administrator must also select an e-mail account from the e-mail connector module.

Settings page of the password reset.

Implementation of the module

After implementing the e-mail connector module and configuring the runtime settings, the remaining implementation of the simple password reset module is relatively simple.

Password reset module contents.

The implementation may be done by assigning the module roles to the appropriate project roles, the administrator to an administrative role, and the anonymous role to your project's anonymous role.

Besides that, add the button via the SNP_ResetPasswordButton To your custom sign-in page. Or add a button/link to login.html. That links to /p/forgotpassword. This will allow your users to start the password reset process.

Simple snippet to add to the reset password button.

Of course, you should add the settings snippet to a page to maintain the modules' runtime configuration. You will also need to select an account to send the password reset e-mail.

Deeplink password reset microflow.

Requests are welcome

I hope this will help you create a password reset module within Mendix without any hassle! Let me know which requests you have left for me to improve the Mendix platform! 

Low-code café online

Digitalisering met Simone Mink: Do's and Don'ts
Register now!
By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

Heading

What’s a Rich Text element?

The rich text element allows you to create and format headings, paragraphs, blockquotes, images, and video all in one place instead of having to add and format them individually. Just double-click and easily create content.

Static and dynamic content editing

A rich text element can be used with static or dynamic content. For static content, just drop it into any page and begin editing. For dynamic content, add a rich text field to any collection and then connect a rich text element to that field in the settings panel. Voila!

How to customize formatting for each rich text

Headings, paragraphs, blockquotes, figures, images, and figure captions can all be styled after a class is added to the rich text element using the "When inside of" nested selector system.

Low-code café online

Digitalisering met Simone Mink: Do's and Don'ts
Register now!
By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.