Change-password ABL logic in Progress OpenEdge

This section describes how to update the OERealm service interface method, SetAttribute(), with the change-password ABL logic in Progress OpenEdge . You must understand OpenEdge Realm classes and OpenEdge Single Point of Authentication (SPA) configurations to be able to implement the change-password ABL logic. For more information about OERealm and SPA security configurations, refer to the OpenEdge documentation.

You must consider the following for the change-password ABL logic in the SetAttribute() method:

Platform employs the ATTR_PASSWORD attribute for changing passwords. Therefore, you must use the same attribute, ATTR_PASSWORD, in SetAttribute() for changing passwords.
As user account details are stored in Platform and user account passwords are stored in OpenEdge, SetAttribute() must return True only if Platform enables users to change their password.
Therefore, if the Manages Password option is not enabled in Platform, SetAttribute() must return False.
If an error occurs while executing the change-password ABL logic, SetAttribute() must log the failure and return False to Platform.
The password field in the system table (_User in the sample) that stores the user accounts details can only be changed by the user who owns the user account. Therefore, your change-password ABL logic must do the following to be able to change a user's password:
- In the system table (_User in the sample) that stores the user account details, find the user record based on user ID or number.
- Copy the user record into a temp-table.
- Delete the user record from the system table.
- Modify the password in the temp-table.
- Copy the temp-table values to the system table.

The following code-block shows a sample SetAttribute() method implementing the discussed considerations for the change-password ABL logic:

Note: The following sample uses a new temp-table, ttUser. You must add the temp-table definition, DEFINE TEMP-TABLE ttUser LIKE _User, to your OERealm service interface class.

METHOD PUBLIC LOGICAL SetAttribute( INPUT theUserId AS INTEGER, INPUT attrName AS CHARACTER, INPUT attrValue AS CHARACTER ):
MESSAGE "Attempting to reset password for the attribute" attrName " for user number " theUserId " with a value of " attrValue.
        IF attrName EQ "ATTR_PASSWORD" THEN 
        DO:
            
            FIND FIRST _User WHERE _User._User_number = theUserId NO-ERROR.
            IF Available _user then 
            do:
                Buffer-copy _user to ttUser.
                ttUser._password = Encode(attrValue).
                delete _User.
                Buffer-copy ttUser Except _TenantId to _User.
                RELEASE _User.
                MESSAGE "Successfully  changed password for user with id " theUserId. 
                RETURN true.
            END.
            ELSE 
            DO:
                MESSAGE "User not found " theUserId.
                RETURN false.
            END.
        END.
END METHOD.

After updating the OERealm service interface class file, you must restart the server for the changes to take effect.