question

Kim Strasser avatar image
Kim Strasser asked

How should I handle password recovery if the player can only use specific characters for his password?

I use a custom virtual keyboard in my game because I want that the player can only use specific characters for his password. I always check the players password in cloud script when a player adds his username, password and email with AddUsernamePassword API. Now, I want to create password recovery for the two different cases:

1) Player wants to change his password in my game when he is logged in and he/she has forgotten his password.

2) Player wants to change his password when he is not logged in and he/she has forgotten his password.

I don't want to use a custom server. I want to use Azure Functions so that the player can enter a new password in my game and after that I want to check if he/she only uses my supported characters in the new desired password. In addition, I check the minimum and maximum length of the desired password. If everything is fine with the new password, then change the password in the players account.

How can I create password recovery for those two different cases?

It's very important that the player only uses the specific characters to create his/her password, because my custom virtual keyboard only supports those specific characters. There are no buttons for other characters on the virtual keyboard.

Supported characters(my cloud script code):

function VerifyTextUnicodePassword(text)
{
    var notSupportArray = new Array();
    for (var i = text.length - 1; i >= 0; i--)
    {
        var charCode = text.charCodeAt(i);
        if ((charCode == 33) || (charCode == 35) || (charCode == 38) || (charCode >= 40 && charCode <= 42) || (charCode == 46) || (charCode >= 48 && charCode <= 57) || (charCode >= 65 && charCode <= 91) || (charCode == 93) || (charCode == 95) || (charCode >= 97 && charCode <= 123) || (charCode == 125))
        {
            
        }
        else
        {
            notSupportArray.push(charCode);
        }
    }
    
    if (notSupportArray.length == 0)
    {
        return true;
    }
    else
    {
        return false;
    }
}
CloudScript
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

2 Answers

·
Citrus Yan avatar image
Citrus Yan answered

We previouly had some similar discussions on this in the forum, please check out these threads for more details:

https://community.playfab.com/questions/44337/the-question-about-the-confirmation-email-for-forg.html

https://community.playfab.com/questions/44554/how-to-make-the-reset-password-function.html?childToView=44561#answer-44561

https://community.playfab.com/questions/44653/how-to-build-a-custom-server-to-the-playfab-admin.html

https://community.playfab.com/questions/44831/how-to-reset-the-password-when-an-user-forgot-it-i.html

Basically, it's easier to reset the player's password when they still remember their password, otherwise you'd need additional work to make sure that it's the players themselves that are performing the password-reset action.

6 comments
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Kim Strasser avatar image Kim Strasser commented ·

I have created a Cloud Script function to store the token in Player Internal Data and I have created a rule to execute this Cloud Script function.

handlers.StoreToken = function (args, context)
{
    var psEvent = context.playStreamEvent;
    var token = context.playStreamEvent.Token;
    
    var resultdata = server.UpdateUserInternalData({
           PlayFabId: currentPlayerId,
           Data: {
               "ResetPasswordToken": token.toString()
           },
           Permission: UserDataPermission.Private
        });
        
    if (resultdata.Error == null)
        log.info("Created internal data for ResetPasswordToken." + token.toString());
    else
        log.info("Could not create internal data for ResetPasswordToken." + token.toString());
}

Rule:

But I have not understand what I need to do in the client code when the player is logged in/not logged in. What should I do in the client if the player wants to change his password? What API call should I use? Should I directly call an Azure function(for example the function [FunctionName("ForgotPassword")] from the link) or is it necessary to make another API call before I can call an Azure function? I use C# SDK.

0 Likes 0 ·
bildschirmfoto-2020-09-21-um-231109.png (201.5 KiB)
Citrus Yan avatar image Citrus Yan Kim Strasser commented ·

Since when players forgot their password and cannot log in, they're not able to make PlayFab API calls. Therefore I'd suggest that you directly call an Azure Function when the player wants to change their passwords, no matter he's logged in or not.

0 Likes 0 ·
Kim Strasser avatar image Kim Strasser Citrus Yan commented ·

How can I call my Azure function if I am not logged in? I don't get the entityid, entitytype and contact email from the players account if I am not logged in. But I need them to call ExecuteFunctionAsync:

var result = await PlayFabCloudScriptAPI.ExecuteFunctionAsync(new ExecuteFunctionRequest()
{
    Entity = new PlayFab.CloudScriptModels.EntityKey()
    {
        Id = entityid,
        Type = entitytype,
    },
    FunctionName = "ForgotPassword",
    FunctionParameter = new { contactEmail = contactmail, newPassword = newpassword },
    GeneratePlayStreamEvent = true
});
0 Likes 0 ·
Show more comments
Darius Vu avatar image
Darius Vu answered

I am also facing this issue. It is hard for us to reset the password when users forgot it. I am trying to reset password using Azure Function.

But I am having the problem is that I cannot execute the Azure Function directly from Unity Client. you can check it in here for more details.

https://community.playfab.com/questions/44831/how-to-reset-the-password-when-an-user-forgot-it-i.html

10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.