Hi,
May I ask for advice on how to update/reset the user pass via API? Btw, there is no reference for password reset on the official API documentation so I was checking the network requests from the official app.
Similar to the official app, I am first running http post for /api/password/reset
and I get the token string sent to the user email. So far so good.
Now, the issue is when I try to run the http post for /api/password/update
, this is the error:
source index -80 out of bounds for byte[115] - ArrayIndexOutOfBoundsException (... < CryptoManager:73 < TokenManager:69 < PasswordResource:78 < ...)
.
I thought it's something related to the HTTP Request Headers so I copied what official traccar sends 1 on 1 but still the same error. This is the request that I am sending:
The only guess left is that is am doing something wrong with the session cookie id - I currently get this by running /api/server
just before the http update request and pass it from the /api/server
response to the /api/password/update
request.
Any help to identify the issue will be appreciated!
It seems to me that the token is invalid.
It's the very same token sent to the email, copy-pasted.
The only difference is that the official traccar is getting the token from the https://demo.traccar.org/reset-password?passwordReset=token
and then calling the /api/password/update
, while I am direclty providing the token in the /api/password/update
request.
Is there anything special about the https://demo.traccar.org/reset-password?passwordReset=token
that I am missing? As far as I can see it serves only as getter for the token and the cookie id.
There should be no difference if your API request matches what official Traccar app sends.
Looking at the update HTTP request there is no difference - headers are all the same. Is there any encoding applied to the token that I am missing?
No. You need to use it exactly as you get it.
In the meantime, I tried the same steps with the official traccar api and I get the same error. So something in my logic is not quite right. Here are the steps I did:
- On traccar demo, I request a password reset via modern API.
- Link is sent to the email account
- I get the token from the email and I send a manual HTTP reuqest via api:
https://demo.traccar.org/api/password/update
.
- I included all headers as in the screenshot above
- Cookie is set manually to the same session cookie as in the password reset request
- Token and password are hard coded.
- Content type, referes and origin are all set correct
Hi,
May I ask for advice on how to update/reset the user pass via API? Btw, there is no reference for password reset on the official API documentation so I was checking the network requests from the official app.
Similar to the official app, I am first running http post for
/api/password/reset
and I get the token string sent to the user email. So far so good.Now, the issue is when I try to run the http post for
/api/password/update
, this is the error:source index -80 out of bounds for byte[115] - ArrayIndexOutOfBoundsException (... < CryptoManager:73 < TokenManager:69 < PasswordResource:78 < ...)
.I thought it's something related to the HTTP Request Headers so I copied what official traccar sends 1 on 1 but still the same error. This is the request that I am sending:
The only guess left is that is am doing something wrong with the session cookie id - I currently get this by running
/api/server
just before the http update request and pass it from the/api/server
response to the/api/password/update
request.Any help to identify the issue will be appreciated!