v71.17 - How to enable Synergetic Community Portal forgotten password functionality
- Brooke Noble
A feature has been added so that when a Community Portal user indicates they have forgotten their password, the system will send a link to the user’s email address to reset their password. This link has a configurable expiry and is designed to prevent the use of “fake” links.
To enable the feature
How to enable
Set CommunityPortal|Email|ForgottenPassword|SendLink to true.
How to configure message displayed when email has been sent
Set CommunityPortal|Email|ForgottenPassword|GenericResponse config to desired value. The default is “If your username is correct you will receive an email shortly. Please contact us if you did not receive this reminder.“
How to set email subject
Set CommunityPortal|Email|ForgottenPassword|SubjectTextWithLink to desired value. Note the WithLink at the end.
How to set email body
Set CommunityPortal|Email|ForgottenPassword|BodyTextWithLink config value to desired value. Note the WithLink at the end.
Replaced values
{UserPassword}is replaced with the password reset link.{UserLoginName}is replaced with the username used to log in.{UserName}is replaced with theNameExternalfrom the Community table. If the login type is "J" (joint), it will be theNameExternalof each spouse, separated by "&".{UserNameWithID}is the same as{UserName}, but with the Community ID in parentheses appended to theNameExternal(s).{ID},{Title},{Given1},{Preferred},{Surname},{DefaultEmail},{DefaultMobilePhone}, and{SpouseID}, are those values from thedbo.Communitytable (more technically, those values fromdbo.pvCommunity, which uses that table).{SpouseID},{SpouseTitle},{SpouseGiven1},{SpousePreferred},{SpouseSurname},{SpouseDefaultEmail}, and{SpouseDefaultMobilePhone}are the same as{ID},{Title},{Given1},{Preferred},{Surname},{DefaultEmail}, and{DefaultMobilePhone}, but for the spouse.{PortalName}is the value ofCommunityPortal|PortalNamein config and will likely have a value similar/analogous to "Synergetic Community Portal".{SchoolSystemCode}is the value fromdbo.School
How to set link expiry time
Set CommunityPortal|Email|ForgottenPassword|LinkExpiryMinutes config value to desired value.
If the config is set to, for example, 30, then after 30 minutes a previously generated link will be regarded as invalid and an error message “Password reset link has expired.” shown.
Other link expiry conditions
Not for publication but will have no meaningful security impact if they are published.
The “Password reset link has expired.” message will also be shown when:
The current password is different to what it was when the link was generated.
The message authentication code (p3) is not valid.
Will happen if the current password is different to what it was when the link was generated.
Will also happen if it, or either of the other parameters (p1/p2) have been tampered with.
Password policy settings
Note that the following settings are applied to Community Portal user passwords:
System|Password|MinLength
System|Password|MinNonAlphaNumCount
System|Password|MinNumericCount
None of these are new, and apply whether changing (while logged in) or resetting (from link) the password.
How to configure for sending email to spouse
This is not possible. The email is sent only to the address associated with the account.
To re-enable the previous behaviour (not recommended)
In order to prevent operation interruption for schools, this new behaviour will not be automatically enabled upon upgrade. Therefore the following settings represent the schools “current state”. Our recommendation is that the new feature is enabled as soon as practicable after receiving the release.
The instructions below have been provided for reference in case schools wish to reinstate the previous behaviour. Note that this is NOT RECOMMENDED.
How to enable
Set CommunityPortal|Email|ForgottenPassword|SendLink config value to false. This is the default to ensure there are no immediate changes.
How to configure message displayed when email has been sent
Set CommunityPortal|Email|ForgottenPassword|GenericResponse config to desired value. The default is “If your username is correct you will receive an email shortly. Please contact us if you did not receive this reminder.“.
How to set email subject
Set CommunityPortal|Email|ForgottenPassword|SubjectText config value to desired value.
How to set email body
Set CommunityPortal|Email|ForgottenPassword|BodyText config value to desired value.