Generating a Default Password

Jamesm · Post by **Jamesm** » Mon Aug 22, 2005 2:17 am

We want to generate a default password when creating a new system user (in case no other value is provided). And then notify the new user of the login details by email, suggesting him/her to change the password on the first login.

We created a new Staff attribute "Notification" (yes/no) to control whether the user has been notified by email.

The Staff object then has the following rule>

If Staff IS NEW AND Staff.Password IS UNDEFINED Then
Staff.Password=Staff.ID
Staff.Notification='No'

The problem is that the password is receiving a "blank" value, probably because the Staff.ID is not yet available? (Staff.ID is a database generated identifier).

So we thought of using a solution similiar to the Library sample application, that is>

If Staff IS NEW AND Staff.Password IS UNDEFINED Then
Staff.Password=COUNT Staff
Staff.Notification='No'

But now the problem is that we have no more access to the password value, since it's encrypted, in order to notify the user.

What would be the best recommended solution? Is there a way of accessing the value of Staff.ID in the rule that tests the "IS NEW" condition? Or how could we access the password attribute and send it's value to the user, despite being encrypted?

Appreciate any suggestions/ideas.
Thanks

aware_support · Post by **aware_support** » Mon Aug 22, 2005 5:24 am

Actually your rule Staff.Password=Staff.ID DOES WORK. The only issue is that log viewer shows password as blank value for security reasons. The database, however, should have the correct value, which you can verify by logging in as a newly created Staff.

So your e-mail notification should also refer to this ID as the password value.

By the way, you can assign the initial value 'No' to the Staff.Notification attribute rather than assigning it explicitly in the rule.

Jamesm · Post by **Jamesm** » Mon Aug 22, 2005 6:55 am

We have already tried to login as the new user, but it only works if the password is left out blank. Seems that the Staff.ID isn't accessible when the rule is executed. We also changed the rule (just for testing purposes) as the following>

If Staff.Password IS UNDEFINED Then
Staff.Password=Staff.ID
Staff.Notification='No'
Staff.Number=Staff.ID

That is, leaving out the "IS NEW" and/or using another field (not encrypted - Staff.Number) to also receive the Staff.ID value. Neither of these approaches work. Both Staff.Number and Staff.Password receive blank values. What should we do? Is there any way to force the Staff.ID value to be available at rule execution time?

aware_support · Post by **aware_support** » Mon Aug 22, 2005 7:06 am

This is strange. We have just tested the similar rule and it worked fine.

Could you send us your BSV file and explain how to reproduce the problem?

aware_support · Post by **aware_support** » Mon Aug 22, 2005 1:25 pm

Another problem in your rule is that you check whether the password is UNDEFINED. This check will not work for the password field, which is always initialised to a value controlled by the system.

So your rule should like this:
IF Staff IS NEW THEN Staff.Password = Staff.ID

Jamesm · Post by **Jamesm** » Tue Aug 23, 2005 7:23 am

Thanks for the support. We managed to make it work now. Here's the solution we implemented>

If Staff IS NEW Then
Staff.Password = Staff.ID
Staff.Notification = Staff.ID

The Notification field holds the value so it can be later sent by e-mail to the user (since the password is encrypted). After sending the e-mail Notification is reset to zero (as a flag signalling that the notification has already been sent).

We still have one question though>
It seems that when using "Staff.Password IS UNDEFINED" to fire the rule then the Staff.Password attribute cannot be updated? Is that correct? If we test an attribute to be UNDEFINED can't we update it's value immediately after that?

aware_support · Post by **aware_support** » Tue Aug 23, 2005 7:59 am

There shouldn't be any problems updating password or any other attribute after checking for UNDEFINED. If you do have problems please let us know in which rules specifically you are having problems and how to reproduce these problems.

aware_support2 · Post by **aware_support2** » Tue Aug 23, 2005 1:48 pm

Depending on your design you may not need the second action in your rule (Staff.Notification = Staff.ID), nor the attribute Staff.Notification. First, attribute Staff.ID is always available (as read-only) and never changes once an object is created. You can display it on a form or use it for initialising an email notification rather than its copy stored in attribute Staff.Notification. If the email address is known when the object is created, you can send the email straight away by adding a rule like this to object Staff:

If Staff IS NEW AND Staff.EmailAddress IS DEFINED Then SEND PasswordEmail TO Staff

Here the notification PasswordEmail can initialise itself using the value of Staff.ID to inform the staff member of the new password. If the email address is not given at the time the object is created, but becomes known at a later stage, you can add a rule that will send the email at the time the email address is entered:

If Staff.EmailAddress WAS CHANGED AND OLD_VALUE(Staff.EmailAddress) IS UNDEFINED Then SEND PasswordEmail TO Staff