API Password Change Endpoint

[XFallSeane]

Hi, this api password change endpoint =>  https://docs.freemmorpgmaker.com/en-US/api/v1/endpoints/users.html#change-password return always "invalid credentials".

 

I respect what is asking in the doc (new and auhtorization)

 

$data = [
'new' => hash("sha256", $passwordConfirm),
'authorization' => hash("sha256", $password)
];

But the endpoint return "invalid credentials".

Any idea to corrected this problem?

[Cheshire]

I've seen it work for a good while now, which version is this on? (I think there's been a lot of API changes recently)

 

Also make sure the authorization string is the current password for the user.

[XFallSeane]

23 minutes ago, Cheshire said:

I've seen it work for a good while now, which version is this on? (I think there's been a lot of API changes recently)

 

Also make sure the authorization string is the current password for the user.

 

The password is correct. I am running on the latest version of intersect 0.7.11 On version 6.x it was already not working. I had to switch to the "Manage Password" version of the API each time.

 

My code is simple =>

 

   if (isset($password) && !empty($password) && isset($newPassword) && !empty($newPassword)) {
                if (password_verify($password, $this->getUser()->getPassword())) {
                    $user = $userRepo->find($this->getUser());

                    if ($user) {
                        if ($newPassword === $passwordConfirm) {

                            $data = [
                                'new' => hash("sha256", $passwordConfirm),
                            ];


                            if ($api->changePasswordAccount($data, $this->getUser()->getId())) {
                                $user->setPassword(password_hash($passwordConfirm, PASSWORD_ARGON2ID));
                                $entityManager = $this->getDoctrine()->getManager();
                                $entityManager->persist($user);
                                $entityManager->flush();
                                $this->addFlash('success', $translator->trans('Votre mot de passe a été modifier'));
                                return $this->redirectToRoute('account');
                            } else {
                                $this->addFlash('error', $translator->trans('Une erreur s\'est produit.'));
                                return $this->redirectToRoute('account');
                            }
                        }
                    }
                }
            }

I have removed authorization from $ data because I am not using this endpoint as it does not work.

My method => 

 

    public function changePasswordAccount($data, $user_id)
    {
        $user = $this->APIcall_POST($this->getServer(), $data, $this->getToken(), '/api/v1/users/' . $user_id . '/manage/password/change');
        if (isset($user['Message']) && $user['Message'] == "Authorization has been denied for this request.") {
            $this->setToken();
            $user = $this->APIcall_POST($this->getServer(), $data, $this->getToken(), '/api/v1/users/' . $user_id . '/manage/password/change');
        }

        if($user['Message'] == "Password Updated." || $user['Message'] == "Password Correct"){
            return true;
        }else{
            return false;
        }

        
    }

Nothing's easier

 

I have tried with php and even with POSTMAN nothing the endpoint always returns invalid credentials.