Overview
Due to certain use cases, users might need to reset their password after a certain number of days. Normally, this can be implemented using the Password rotation extension described in this community article, Force a Password Reset after a Specific Number of Days.
In the case of specific users or connections, a custom solution needs to be implemented while trying to replicate the logic from the extension within an action.
Applies To
- Password Rotation
- Actions
Solution
A custom solution can be implemented instead of the Password Rotation Extension, as follows:
exports.onExecutePostLogin = async (event, api) => {
// include the axios library
var axios = require("axios").default;
const current_connection = event.connection.id;
// Specific connections to force reset passport
const reset_password_connections_list = ["con_y6O0OsHed13ZY4SP23", "con_y6O0OsHed13ZY4SP", "con_y6O0OsHed13ZY4SP2"];
// define a function that add days
function addDays(date, days) {
const newDate = new Date(date);
newDate.setDate(newDate.getDate() + days);
return newDate;
}
var forceToReset = false;
console.log("Force to reset:", forceToReset);
const today = new Date();
today.setDate(today.getDate());
console.log("Today date:", today);
let password_reset_date = new Date();
// check if the password was ever reset >> if not, take the date when the account was created
if (!event.user.last_password_reset) {
password_reset_date = new Date(event.user.created_at);
} else {
password_reset_date = new Date(event.user.last_password_reset);
}
console.log("Last password reset date:", password_reset_date);
// add the number of days when to reset the password
const reset_password_no_if_days = 5 ;
const expirationDate = addDays(password_reset_date, reset_password_no_if_days);
console.log("Expiration date set:", expirationDate);
// compare the expiration date with today date and enable the flag in case of
if (today > expirationDate && reset_password_connections_list.includes(current_connection)) {
forceToReset = true;
}
console.log("Force to reset:", forceToReset);
// if the password needs to reset, call the /change-password endpoint
if (forceToReset) {
const sendPasswordResetEmail = () => {
var options = {
method: 'POST',
url: 'https://hosu.us.auth0.com/dbconnections/change_password',
headers: { 'content-type': 'application/json' },
data: {
email: event.user.email,
connection: event.connection.name,
},
};
try {
axios.request(options).then(function (response) {
console.log("Response: ", response.data);
});
} catch (error) {
console.error(error);
}
};
// call the function created priorly
sendPasswordResetEmail();
// logout the user and redirect him to a custom URL containing the follow-up steps
let client = event.client.client_id;
let logout_url = 'https://hosu.us.auth0.com/v2/logout?client_id=';
api.redirect.sendUserTo(logout_url + client, {
query: { returnTo: "custom_page_with_instructions_URL" },
});
}
};
Please consider adding “axios” as a dependency before testing this out.
The “custom_page_with_instructions_URL” URL should also be added to the Allowed Callback URL list for that specific application.