<< 5User Registration
(Quick Reference)
7ACL Management >>

6 Forgot Password - Reference Documentation

Authors: Burt Beckwith

Version: 1.0-RC3

6 Forgot Password

Like the Registration workflow, the Forgot Password workflow is expected to be user-facing. So it's not available in the admin menu like the User, Role, and other backend functionality - you'll need to expose them to your users.

One way to do this is to replace the default login.gsp that's provided by the Spring Security Core plugin with this plugin's version. You can do this by running grails s2ui-override auth - see the section on configuration for more details. If you do this your users will have links to both workflows from the login screen:

Forgot Password

Navigate to /register/forgotPassword:

After entering a valid username an email will be sent and you'll see a success screen:

Click on the link in the email:

and you'll open the reset password form:

After entering a valid password you'll finalize the process, which involves storing the new password hashed in the user table and pre-authenticating, then redirecting to the configured destination:

Configuration

The post-reset destination url is configurable in grails-app/conf/Config.groovy using the postResetUrl attribute:

grails.plugin.springsecurity.ui.forgotPassword.postResetUrl = '/reset'

If you don't specify a value then the defaultTargetUrl value will be used, which is '/' by default.

You can customize the subject, body, and from address of the reset email by overriding the default values in grails-app/conf/Config.groovy, for example:

grails.plugin.springsecurity.ui.forgotPassword.emailBody = '...'
grails.plugin.springsecurity.ui.forgotPassword.emailFrom = '...'
grails.plugin.springsecurity.ui.forgotPassword.emailSubject = '...'

The emailBody property should be a GString and will have the User domain class instance in scope in the user variable, and the generated url to click to reset the password in the url variable.

Mail configuration

By default the plugin uses the Mail plugin to send emails, but only if it installed. This is configurable by registering your own MailStrategy implementation - see the section on configuration for more information. The plugin assumes that the Mail plugin and an SMTP server are already configured.

Notes

Like the registration code, consider this workflow as starter code. Run grails s2ui-override register to copy the registration controller and GSPs into your application to be customized.

RegisterController and its GSPs assume that your User domain class has an email field.
<< 5User Registration
7ACL Management >>
Quick Reference (hide)