question

Darius Vu avatar image
Darius Vu asked

How to make the reset password function?

Dear support team,

I am trying to do the "reset password" as this discussion.

https://community.playfab.com/questions/44337/the-question-about-the-confirmation-email-for-forg.html

I am sorry for opening this question because I spent a lot of time for implementing and searching.

I am following this process as Sarah Zhang advices.

1. Write a custom CloudScript function -- "storeToken", to save the Token to the player's internal data.

2. Create a PlayFab Rule, such as “StoreResettingToken”, choose the Event Type as “com.playfab.auth_token_validated”, set the action as "Execute CloudScript", choose function "storeToken".

3. Administrative tools call GetUserInternalData to check the stored info.

But I don't understand some steps as below.

1. I written the CloudScript function -- "storeToken", but I believe this is not correct. So could you help me to fix it to store the token to the player's internal data?

handlers.storeToken = function (args, context)
{
    var playerStatUpdatedEvent = context.playStreamEvent;
    var request = {
        PlayFabId: currentPlayerId,
        Data: {
            "Token": playerStatUpdatedEvent.StatisticValue.toString()
        }
    };
    var playerInternalData = server.UpdateUserInternalData(request);
    return { profile: context.playerProfile };
}

2. I created the PlayFab Rule as below. But will we need to set the Arguments (JSON) for storeToken() function to store the token to the player's internal data? If we need it then how to put the Arguments?

3. To reset the password, we have to call the PlayFab Admin API - Reset Password:

https://docs.microsoft.com/en-us/rest/api/playfab/admin/account-management/resetpassword?view=playfab-rest

But I don't want to make a custom server then how to reset the password in Unity client when users clicked the email verification and put the new password? And what is Administrative tools using in here?

I am grateful so much for your help.

rule.png (37.3 KiB)
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

·
Citrus Yan avatar image
Citrus Yan answered

The storeToken function should be like this:

handlers.storeToken = function (args, context)
{
    var psEvent = context.playStreamEvent;
    var request = {
        PlayFabId: currentPlayerId,
        Data: {
            "Token": psEvent.Token
        }
};
try{
server.UpdateUserInternalData(request);
}
catch(err){
  log.error(err)
}
}

And the Arguments are not necessary in this case.

You cannot directly reset the password using ResetPassword in Unity clients since it’s a Admin API and using it from the client side exposes your title’s secret key to the players, which poses a great threat to your title, therefore it’s a must to have a server side logic for handling this.

The core of the problem here is that you cannot call the Admin API ResetPassword in the legacy CloudScript to help resetting the player’s password, which in turn a custom server was introduced. However, if you don’t want to use a custom server, you can also consider turning to CloudScript using Azure Function, where you can access all the API Sets (server, admin, entity, etc.) So, the players can pass their new password as a parameter to the Azure Function, and in the function it first retrieves the Token stored in Internal Data and then use it with the password to call ResetPassword to do the password resetting. Please check out the doc on CloudScript using Azure Functions for more info: https://docs.microsoft.com/en-us/gaming/playfab/features/automation/cloudscript-af/

6 comments
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Darius Vu avatar image Darius Vu commented ·

Hi Citrus Yan,

As the advises of Sarah Zhang, he/she said that I can use the Administrative tools to check the store token and reset the password.

You can refer it in here:

https://community.playfab.com/questions/44337/the-question-about-the-confirmation-email-for-forg.html

Do you know how to do like this? I don't understand what is the Administrative tools that she/he referred.

Thank you so much for your help!!!!!

0 Likes 0 ·
Citrus Yan avatar image Citrus Yan Darius Vu commented ·

I think the aforementioned administrative tool in this case is a tool developed by yourself, which uses the Admin API GetUserInternalData and ResetPassword to reset players' passwords. Players send their password in the email to you, and you use the tool to change the password for the players manually. To be honest, I don't think that's the way you want it.

In your case, still, I would suggest that you use Azure Functions as mentioned above, self-hosting a custom server needs much more extra work than this.

0 Likes 0 ·
Darius Vu avatar image Darius Vu Citrus Yan commented ·

Hi Citrus,

Could you send to me the references and progress for using Azure Functions to reset password? I spent time on searching on that but i still don't know exactly steps to implement it?

Again, thank you so much!!!!

0 Likes 0 ·
Show more comments
Darius Vu avatar image Darius Vu commented ·

And do you have any tutorial to develop a custom server for calling the Admin API ResetPassword?

0 Likes 0 ·
Citrus Yan avatar image Citrus Yan Darius Vu commented ·

Sorry, we don't offer such tutorials, and, this thread might be helpful for you regarding custom server:

https://community.playfab.com/questions/38686/how-to-make-a-password-reset-system-using-playfab.html

0 Likes 0 ·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.