6 Forgot Password - Reference Documentation
Authors: Burt Beckwith
6 Forgot PasswordLike the Registration workflow, the Forgot Password workflow is expected to be user-facing. So it's not available in the admin menu like the User, Role, and other backend functionality - you'll need to expose them to your users.One way to do this is to replace the default
login.gspthat's provided by the Spring Security Core plugin with this plugin's version. You can do this by running
grails s2ui-override auth- see the section on configuration for more details. If you do this your users will have links to both workflows from the login screen:
Forgot PasswordNavigate to
/register/forgotPassword:After entering a valid username an email will be sent and you'll see a success screen:Click on the link in the email:and you'll open the reset password form:After entering a valid password you'll finalize the process, which involves storing the new password encrypted in the user table and pre-authenticating, then redirecting to the configured destination:
ConfigurationThe post-reset destination url is configurable in
If you don't specify a value then the
grails.plugins.springsecurity.ui.register.postResetUrl = '/reset'
defaultTargetUrlvalue will be used, which is
'/'by default.You can customize the subject, body, and from address of the reset email by overriding the default values in
grails-app/conf/Config.groovy, for example:
grails.plugins.springsecurity.ui.forgotPassword.emailBody = '...' grails.plugins.springsecurity.ui.forgotPassword.emailFrom = '...' grails.plugins.springsecurity.ui.forgotPassword.emailSubject = '...'
emailBodyproperty should be a GString and will have the User domain class instance in scope in the
uservariable, and the generated url to click to reset the password in the
Mail configurationThe plugin uses the Mail plugin to send reset emails, so you'll need to configure an SMTP server. See the plugin's documentation for the syntax.
NotesLike the registration code, consider this workflow as starter code. Run
grails s2ui-override registerto copy the registration controller and GSPs into your application to be customized.
RegisterControllerand its GSPs assume that your User domain class has an