Hi @Victor,
Thank you very much for the super quick fix of the issue. I appreciate this support and the support encourages me to have chosen the right platform with Adalo!
Best, Ron
Hi @Victor,
Thank you very much for the super quick fix of the issue. I appreciate this support and the support encourages me to have chosen the right platform with Adalo!
Best, Ron
Hi @RonDeveloper,
Just to clarify: Adalo Community Leaders like myself arenât Adalo employees - weâre just helping others and sharing our experience on voluntary basis
Best,
Victor.
@Victor Ohhh I understand! Sorry and then all the more thank you for your personal commitment!
Iâm just combining your tutorial and Michaelâs tutorial âHow to verify user emailsâ when Iâm done I will also contribute to this forum and post a new full tutorial on youtube, I will send you the link.
A last, final question about your âcustomized password reset appâ. Do you have an idea to display a line âPlease enter a valid Emailâ on your âReset password - step 1 (screen)â as long as the user has not entered an email address that is contained in the user table? Iâve tried a few things but canât find a working option? Thanks, Ron
Mine had the same error, I changed the permission and it worked perfectly, thanksâŚ
obs.: Iâm using the integromat as an email sending flow.
Hello,
Maybe someone could help me. I created customized password rest functionality according to Victorâs tutorial. But Iâm stuck in the 1st phase of a password reset. When Iâm testing and adding email to the input field the button appears, but when you click the continue button, nothing happens.
I did everything according to the tutorial, but it seems like when I click the continue button, it should create the TMPPassRestCode in the collection, but it doesnât. Since TMPPassRestCode is not created in the collection, the email with the code is also not sent.
Send email custom function works well in testing.
Any ideas why the continue button not working in my app?
Hi @Mindaugas,
You can see whatâs happening in the browser console logs, info there might be useful.
Also Iâd advise to check the place when you set up the OTP. It is described starting from 7:40 in the video. Please make sure that you are updating Current User â TMPPassResetCode (not Logged-in User).
Also please pay attention to mistake correction (which was made at 11:50 and than corrected on 15:50) - the mistake was that code was taken from Logged-in User (and itâs correct to take it from Current User).
Best,
Victor.
Hi Victor,
Thank you for your response.
Yes, Iâm updating Current User â TMPPassResetCode.
Browser console logs show this when Iâm clicking the continue button:
Iâm not a programmer, but these console logs donât give me any information on where I could look for the bug.
My Sendinblue custom action looks like this:
@dilon_perera helped me to solve my issue, thanks!
Solution:
Hi @Victor thank you!
But i have a question. this only works if we choose edit rights like âeveryoneâ via database email and password. Otherwise it wonât work.
is this not a safety hazard? Anyone can change someone elseâs password? Or am I doing something wrong or is there a way to fix this?
Hello @a.eren88,
Not âemail,â just password.
To start with, please keep in mind, that this video was created before collection permissions were introduced, as a workaround - Adalo built-in method doesnât allow localizations to different languages.
Of course you canât just go and edit anyoneâs emails and passwords in Users collection. In your app, you need to have an access to âCurrent Userâ record to be able to do it.
Here is the quote from the help document https://help.adalo.com/database/collection-permissions: âEveryone - This allows any user to view or edit the property if your app is designed for them to do so.â
From the security perspective, Collection Permissions provide an additional layer of protection, so that only Logged-in Users or User him/herself can change the values of certain fields (including password).
However, here comes the dilemma. If you restrict the access to the password field only to the owner - how can you reset the password from the outside? Remember, account owner isnât logged in and canât do it.
So, whether the method described in the video poses a safety hazard or not - it is discussable. This depends on your threat model.
For environments with higher security requirements, itâs better to use built-in Adalo method for password reset - with it you can have strict permissions set.
Best,
Victor.
I was following all the steps and recommendations, and still, it wasnât working as expected.
The issue?
Even after entering a valid email in the email input field, the button would not show up.
And I discovered the reasons why. Why?
Because not only do we need to change the database permissions for passwords, but we also need to change the database permission for email.
Without it, it does not work.
@charleshope just in case, âeveryone can viewâ is the default permission for email when creating the new app:
This is screenshot from the app Iâve created 1 minute ago.
The video was created 2 years ago when collection permissions did not exist at all
Best,
Victor
Interesting. Thanks, Victor.
My database was set to âOnly logged-in usersâ for email.
Youâre welcome
Iâd say that with the collection permissions the whole password reset process could be improved from the security perspective. I even have an idea how to do it but donât have time to make a video about it
Best,
Victor
I spent a day trying to figure out this part. Thank you, Victor! Iâll try this fix shortly.
hello @dilon_perera @Victor , You 're Good Guyz! thank for all
i tried to setup Password reset as you explainning in the video,
but i cant get current user data from (FORGOT PASSWORD) to STEP 1
my login system is Phonesignin and Signup, Any issue?
Hello @Stigfingers,
In order to have a âcurrent userâ available, you need to create a list of users on the previous screen. Please check if youâve set it up correctly.
Best,
Victor.
Thanks @Victor ⌠Indeed it Works! thanks Thousand Time. Can I rent Your Service? for some explaining I am About to to a complex projet, So i Wanna be sure that itâs realistic. Lemi know posted in Private
Does not work any more. The not logged in user is not permitted to update password.
Dear @Aprokhorov,
The solution works perfectly both on Adalo 1.0 and Adalo 2.0. To test your complaint I have recreated it on Adalo 2.0 just now.
Please check that your setup is correct. Also I would advise to pay attention to Collection Permissions for Password in Users collection (please read the thread above). There is no âLogged-in Userâ in the flow as you are resetting password when you are NOT logged in, so you need to allow anyone to update password. This is also mentioned in the thread above.
Best,
Victor