[Web Dynpro ABAP] Password Reset with Email Authentication
This is a blog post showing how we can make use of Query String aka URL Parameters in Web Dynpro ABAP. Query String is useful for Web Dynpro that needs to be displayed dynamically based on the URL given e.g. URL link to Web Dynpro in email notifications (refer to previous post).
In the previous post, I mentioned that authorization check should be in place at the start of the Web Dynpro for security purposes. However, in some cases, authorization check may not be possible. In this blog, with Password Reset as an example, I am going to show you how we can create a Web Dynpro without such authorization check.
Business Scenario
A Web Dynpro that allows user to reset their SAP account’s password. Below is the authentication process for the password reset:
- User key in “User ID” and “Email Address”
- Web Dynpro verifies “User ID” and “Email Address”
- If correct, Web Dynpro will send an email to authenticate user
- User click on the URL link in the email to redirect them to the password reset page
Design Approach
First create a Web Dynpro with fields “User ID” and “Email Address” for user to key in.
When user clicks on the “Submit” button, system will verify the User ID and Email Address against User Master or HR Master depend on your system design. When verified correct, system will generate an authentication key (in this case I used UUID) and append into a customized table for tracking. Below is the function module calling and code:
FUNCTION z_su_reset_auth_table_insert .
*"----------------------------------------------------------------------
*"*"Local Interface:
*" IMPORTING
*" REFERENCE(USERNAME) TYPE XUBNAME
*" EXPORTING
*" REFERENCE(UUID) TYPE SYSUUID_C
*" EXCEPTIONS
*" INSERT_ERROR
*"----------------------------------------------------------------------
DATA: ls_line TYPE ztbsu008,
lv_uname TYPE xubname.
lv_uname = username.
SET LOCALE LANGUAGE 'E'.
TRANSLATE lv_uname TO UPPER CASE.
SET LOCALE LANGUAGE ' '.
SELECT SINGLE * INTO ls_line
FROM ztbsu008
WHERE uname = lv_uname.
IF sy-subrc = 0. "Record already exist
uuid = ls_line-uuid.
ELSE. "Record not exist; Create record and UUID
ls_line-uname = lv_uname.
CALL FUNCTION 'SYSTEM_UUID_C_CREATE'
IMPORTING
uuid = ls_line-uuid.
IF ls_line-uuid IS INITIAL.
RAISE insert_error.
ENDIF.
MODIFY ztbsu008 FROM ls_line.
IF sy-subrc <> 0.
RAISE insert_error.
ELSE.
uuid = ls_line-uuid.
ENDIF.
ENDIF.
ENDFUNCTION.
Below is the customized table – Password Reset Authentication Table:
After authentication key is created and appended to the authentication table, system will email user with the URL and authentication key as one of the query string:
Example of the URL that user will receive:
- http://<domain>/sap/bc/webdynpro/sap/<web_dynpro_application>?action=y&username=NEWYQ&uuid=E2936FEF9C0D17F1AF603640B58D353F
- http://<domain>/sap/bc/webdynpro/sap/<web_dynpro_application>?action=n&username=NEWYQ&uuid=E2936FEF9C0D17F1AF603640B58D353F
Above URL links will open the Password Reset Web Dynpro application which will first call “HANDLEDEFAULT” method in the window. In this method, system will verify the username and authentication key against the authentication table. If action is “Y”, system will proceed to reset the password and unlock the account. Else if action is “N”, system will proceed to delete the record from the authentication table.
METHOD handledefault .
DATA: lv_action TYPE c,
lv_username TYPE xubname,
lv_uuid TYPE sysuuid-c,
lv_exist TYPE boolean.
DATA lo_componentcontroller TYPE REF TO ig_componentcontroller .
DATA lo_nd_message TYPE REF TO if_wd_context_node.
DATA lo_el_message TYPE REF TO if_wd_context_element.
DATA ls_message TYPE wd_this->element_message.
lv_action = action.
lv_username = username.
lv_uuid = uuid.
"Check whether is Reset Request from email
IF lv_action IS NOT INITIAL
AND lv_username IS NOT INITIAL
AND lv_uuid IS NOT INITIAL.
"navigate from <CONTEXT> to <MESSAGE> via lead selection
lo_nd_message = wd_context->get_child_node( name = wd_this->wdctx_message ).
"get element via lead selection
lo_el_message = lo_nd_message->get_element( ).
"Verify authenticity of Reset Request
CALL FUNCTION 'Z_SU_RESET_AUTH_TABLE_VERIFY'
EXPORTING
username = lv_username
uuid = lv_uuid
IMPORTING
exist = lv_exist.
IF lv_exist = abap_true. "Reset Request verify correct
SET LOCALE LANGUAGE 'E'.
TRANSLATE lv_action TO UPPER CASE.
SET LOCALE LANGUAGE ' '.
IF lv_action = 'Y'. "User click "YES" in email, process password reset
"Reset Password
wd_comp_controller->resetpassword( username = username ).
ELSE. "User click "NO" in email, cancel password reset
"Insert Cancel Audit Trail
CALL FUNCTION 'Z_SU_RESET_AUDIT_TABLE_INSERT'
EXPORTING
username = lv_username
datestamp = sy-datum
timestamp = sy-uzeit
action = 'C'
EXCEPTIONS
insert_error = 1
OTHERS = 2.
"Delete record in Authentication table
CALL FUNCTION 'Z_SU_RESET_AUTH_TABLE_DELETE'
EXPORTING
username = lv_username.
ls_message-header = wd_assist->if_wd_component_assistance~get_text( 'RH3' ).
ls_message-body = wd_assist->if_wd_component_assistance~get_text( 'RS2' ).
ls_message-showbackbutton = abap_true.
ls_message-showtryagain = abap_false.
lo_el_message->set_static_attributes(
EXPORTING
static_attributes = ls_message ).
ENDIF.
*--------------------------------------------------------------------*
ELSE. "Reset Request verify wrong
ls_message-header = wd_assist->if_wd_component_assistance~get_text( 'RH2' ).
ls_message-body = wd_assist->if_wd_component_assistance~get_text( 'RE3' ).
ls_message-showbackbutton = abap_false.
ls_message-showtryagain = abap_true.
lo_el_message->set_static_attributes(
EXPORTING
static_attributes = ls_message ).
ENDIF.
wd_this->fire_to_message_plg( ).
ENDIF.
ENDMETHOD.
Once password is reset successfully, system will send the new password to the user email and VOILA, password reset with email authentication completed. š
Hope this blog post will give you a detailed idea on how to use Query String in Web Dynpro ABAP. Do feel free to share with us on how you use Query String for different scenarios. Cheers! š
I am searching for a solution that I could insert a "Forgot Your Password" link on the SAPGUI. Once the user click on the button then it asks for some sort of verification, say UserID & Employee Number and then the password is reset and sent to the user.
Any suggestions?
Hi Yi Qing New thanks very much for the tutrials. This feature is very helpfull for CRM WEBUI users. Do you mind to explain some more details in the design aproach: how to create the default webdynpro screen with username and e-mail address + verification code when pressing submit?
I am able to create the screens with input parameters and buttons, but the verification is quite hard.
I hope you can help.
Thanks and regards,
Wouter
HI Yi Qing New, I just created a reset password application. Thanks for your guidance. But now I am having a issue trying to get the NWBC logon page access to the application without the user entering in there password. If they don't know there password how can I get the link for the reset password to authenticate?
Thanks
Dominic Thompson
I think I figured it out. The logon data for the new application needs to have a system user assigned to it in sicf.
Thanks
DearĀ Former MemberĀ ,
Thanks for the wonderful information shared.
We are also doing same kind of activity. For that we need some support.
What exactly we are verifying in - Verify authenticity of Reset Request and what was your approach forĀ Reset Password inĀ wd_comp_controller->resetpassword( username = username ) system generated password or self made password.
Regards,
Anurag
DearĀ Former MemberĀ ,
Could you please guide how we get login in SAP with run time user name and UUID. When i am calling a webdynpro application for changing password this is asking me for user name and password.
Could you please guide how to auto login with run time user and password. So that password can be generated and sent to user ID.
Regards,
Anurag