Adalo tutorials: customised password reset

Hi @Victor,

Thank you very much for the super quick fix of the issue. I appreciate this support and the support encourages me to have chosen the right platform with Adalo!

Best, Ron

Hi @RonDeveloper,

Just to clarify: Adalo Community Leaders like myself aren’t Adalo employees - we’re just helping others and sharing our experience on voluntary basis

Best,
Victor.

@Victor Ohhh I understand! Sorry and then all the more thank you for your personal commitment!

I’m just combining your tutorial and Michael’s tutorial “How to verify user emails” when I’m done I will also contribute to this forum and post a new full tutorial on youtube, I will send you the link.

A last, final question about your “customized password reset app”. Do you have an idea to display a line “Please enter a valid Email” on your “Reset password - step 1 (screen)” as long as the user has not entered an email address that is contained in the user table? I’ve tried a few things but can’t find a working option? Thanks, Ron

Mine had the same error, I changed the permission and it worked perfectly, thanks…
obs.: I’m using the integromat as an email sending flow.

Hello,

Maybe someone could help me. I created customized password rest functionality according to Victor’s tutorial. But I’m stuck in the 1st phase of a password reset. When I’m testing and adding email to the input field the button appears, but when you click the continue button, nothing happens.

I did everything according to the tutorial, but it seems like when I click the continue button, it should create the TMPPassRestCode in the collection, but it doesn’t. Since TMPPassRestCode is not created in the collection, the email with the code is also not sent.

Screenshot 2022-08-23 at 23.30.22696×746 27.9 KB

Screenshot 2022-08-23 at 23.31.01680×666 25 KB

Send email custom function works well in testing.

Any ideas why the continue button not working in my app?

Hi @Mindaugas,

You can see what’s happening in the browser console logs, info there might be useful.

Also I’d advise to check the place when you set up the OTP. It is described starting from 7:40 in the video. Please make sure that you are updating Current User → TMPPassResetCode (not Logged-in User).
Also please pay attention to mistake correction (which was made at 11:50 and than corrected on 15:50) - the mistake was that code was taken from Logged-in User (and it’s correct to take it from Current User).

Best,
Victor.

Hi Victor,

Thank you for your response.

Yes, I’m updating Current User → TMPPassResetCode.

Screenshot 2022-08-24 at 14.28.14337×1099 30.5 KB

Browser console logs show this when I’m clicking the continue button:

Screenshot 2022-08-24 at 14.30.07555×772 116 KB

I’m not a programmer, but these console logs don’t give me any information on where I could look for the bug.

My Sendinblue custom action looks like this:

Screenshot 2022-08-24 at 14.37.31957×911 48.3 KB

Screenshot 2022-08-24 at 14.37.40965×544 27.5 KB

@dilon_perera helped me to solve my issue, thanks!

Solution:

Hi @Victor thank you!

But i have a question. this only works if we choose edit rights like ‘everyone’ via database email and password. Otherwise it won’t work.

is this not a safety hazard? Anyone can change someone else’s password? Or am I doing something wrong or is there a way to fix this?

Hello @a.eren88,

Not “email,” just password.

To start with, please keep in mind, that this video was created before collection permissions were introduced, as a workaround - Adalo built-in method doesn’t allow localizations to different languages.

Of course you can’t just go and edit anyone’s emails and passwords in Users collection. In your app, you need to have an access to “Current User” record to be able to do it.
Here is the quote from the help document https://help.adalo.com/database/collection-permissions: “Everyone - This allows any user to view or edit the property if your app is designed for them to do so.”

From the security perspective, Collection Permissions provide an additional layer of protection, so that only Logged-in Users or User him/herself can change the values of certain fields (including password).
However, here comes the dilemma. If you restrict the access to the password field only to the owner - how can you reset the password from the outside? Remember, account owner isn’t logged in and can’t do it.

So, whether the method described in the video poses a safety hazard or not - it is discussable. This depends on your threat model.
For environments with higher security requirements, it’s better to use built-in Adalo method for password reset - with it you can have strict permissions set.

Best,
Victor.

I was following all the steps and recommendations, and still, it wasn’t working as expected.

The issue?
Even after entering a valid email in the email input field, the button would not show up.

And I discovered the reasons why. Why?
Because not only do we need to change the database permissions for passwords, but we also need to change the database permission for email.

image926×399 29 KB

Without it, it does not work.

@charleshope just in case, “everyone can view” is the default permission for email when creating the new app:

Screenshot 2022-10-07 at 11.56.041946×1252 138 KB

This is screenshot from the app I’ve created 1 minute ago.

The video was created 2 years ago when collection permissions did not exist at all

Best,
Victor

Interesting. Thanks, Victor.

My database was set to “Only logged-in users” for email.

You’re welcome
I’d say that with the collection permissions the whole password reset process could be improved from the security perspective. I even have an idea how to do it but don’t have time to make a video about it

Best,
Victor

I spent a day trying to figure out this part. Thank you, Victor! I’ll try this fix shortly.

hello @dilon_perera @Victor , You 're Good Guyz! thank for all
i tried to setup Password reset as you explainning in the video,
but i cant get current user data from (FORGOT PASSWORD) to STEP 1
my login system is Phonesignin and Signup, Any issue?

Hello @Stigfingers,

In order to have a “current user” available, you need to create a list of users on the previous screen. Please check if you’ve set it up correctly.

Best,
Victor.

Thanks @Victor … Indeed it Works! thanks Thousand Time. Can I rent Your Service? for some explaining I am About to to a complex projet, So i Wanna be sure that it’s realistic. Lemi know posted in Private

Does not work any more. The not logged in user is not permitted to update password.

Dear @Aprokhorov,

The solution works perfectly both on Adalo 1.0 and Adalo 2.0. To test your complaint I have recreated it on Adalo 2.0 just now.

Please check that your setup is correct. Also I would advise to pay attention to Collection Permissions for Password in Users collection (please read the thread above). There is no “Logged-in User” in the flow as you are resetting password when you are NOT logged in, so you need to allow anyone to update password. This is also mentioned in the thread above.

Best,
Victor