i want to implement a forget password feature in umbraco login screen.im thinking i need to setup a middleware? but dont know where to start https://cdn.discordapp.com/attachments/1260274650613813299/1260275557162156082/Screenshot_2024-07-09_222311.png?ex=668eba93&is=668d6913&hm=6ab838ca4ce55ed590dfb0106c599848e1a69313e9015213a4f22180f05614d1&

You just need to have SMTP configured so it can send an email

hey @Matt Wise thanks for the help. is it possible to make it as an option which can be set from the backoffice/CMS? like a checkbox.

Too force someone to change it?

no. like making the forgot password show in login screen.

Did you do both things in https://docs.umbraco.com/umbraco-cms/v/13.latest-lts/fundamentals/backoffice/login#password-reset ?

yes, i did i was more lookng for setting whether to show forgot pw from backoffice instead of application.json. suppose i might need to setup a middleware?

Why would you want this. Surely controlling how the backoffice works should be controlled via configuration, which in this case is the appsettings? If you enable this in appsettings, you will get "forgot password" on the backoffice sign-in screen for all users.

Ah, I see now 🤭

we've found this useful - in our

appsettings.Development.json

files we have:

{
  "Umbraco": {
    "CMS": {
      "Global": {
        "Smtp": {
          "From": "dev@clientname.com",
          "DeliveryMethod": "SpecifiedPickupDirectory",
          "PickupDirectoryLocation": "FromUserSecrets"
        }
      }
    }
  }
}

and then each developer has their own user secrets file:

{
  "Umbraco": {
    "CMS": {
      "Global": {
        "Smtp": {
          "PickupDirectoryLocation": "C:\\Temp\\Clientname\\emails"
        }
      }
    }
  }
}

that way the password reset is enabled on the login screen but you don't need an smtp server to send the email, it gets generated to your disk. the nice thing is that any automated emails from the site are generated locally and you can reset the password for the root user from any database restore if you don't know it 😉

@jake williamson check out https://github.com/rnwood/smtp4dev no more folders just a webmail client running locally

that looks epic 🤘 thanks for the suggestion, i'll give it a spin

I use papercut smtp for testing email functionality locally https://github.com/ChangemakerStudios/Papercut-SMTP

I like papercut as well, as it is in my Windows tray and gives me a nice notification when a new local mail comes in 👍 Retracted this comment, see below https://discord.com/channels/869656431308189746/1260274650613813299/1268472660913033258

what would the appsetting.json setup look like for papercut SMTP?

thanks!

It doesn't work with a checkbox. You NEED to configure a valid SMTP server or else resetting the password does not work.

@Sebastiaan yes. i've setup papercut and its very easy. i'm talking about implementing a hide/show feature for forgotten password from backoffice 😉. umbraco doest provide forgotten password until we configure it via appsetting.json. so for us dev we can easily achieve this but.,im talking about web editors and end users who would want a forgotten password in their login, whether it to show or hide , a full control from backoffice is something im trying to achieve. i've been inspired from https://dev.to/andy_boot/umbraco-13-setting-the-backoffice-login-background-logo-from-content-data-k35.

Maybe I am misunderstanding it. Do you want a toggle to DISABLE the Forgot Password functionality when there is an SMTP server configured? Because: there is no way we can make the Forgot Password functionality work when we can not send an email. That's what it is disabled when there is no SMTP configuration.

yes , you misunderstood. set SMTP aside for now. i want to toggle disable and enable "forgotten password" is this possible?

Okay, let's say an editor can enable the functionality with a toggle. They get a wonderful "Forgot password?" link on their login screen. Then they enter their email, to reset the password. And then.. nothing happens.

ah, yes. i just want to hide the "forgotten password".

> Do you want a toggle to DISABLE the Forgot Password functionality when there is an SMTP server configured? Yeah okay, that's what I meant above.

yes, one of my customer wanted this feature in their site, i mean i could set it up, but they wanted for like a CMS editable. they wish to hide and show the "forgotten password" button link.

Got it, that is not something we're going to provide as a feature unfortunately. (We also have absolutely no way of setting any of the 100s of appsettings options from the CMS and have no plans to do so either) Like it or not, Umbraco is a CMS that requires help from a developer and this is one of those things that you as a developer will need to be involved in. We often work with the 80/20 rule: is we can make a really good case for 80% of Umbraco users needing a feature, then we'll consider how we can build that feature in to Umbraco. Right now, we have 1 person (your client) asking for this. If they have a very great reason to convince us 80% of Umbraco users would want this, then we can reconsider.

right got it!, cant i achieve this by setting up a middleware @Sebastiaan

Probably not 🙂

thanks for your help. it saves a lot of time for me.

If it is so you don't need to do a deployment you can do it using environment secrets like this: key

UMBRACO__CMS__SECURITY__ALLOWPASSWORDRESET

value

true

Setting the config option doesn't refresh automatically, it needs an app restart.

Thanks for the heads up, I guess my laptop having 32GB of ram meant I hadn't noticed 🤣

Haha! It took a few days for me to fill up my memory, I never really turn my computer off so it became noticable, but not quickly enough for me to find the cause quickly.

I wish I could retract the papercuts I usually end up with that easily! 😉 I've always been a fan of the drop folder too, mainly as I trust it can never send a real email by mistake. Indeed it may not be standard, but when deploying to full Windows Server machines I even used to use it on production too rather than connecting direct to an SMTP server. The drop folder in that case was then set to the internal IIS SMTP pickup folder, and IIS SMTP configured to forward it onwards to the usual remote SMTP server instead. We were using AWS SES lots, which would on random occasions fail to send usually resulting in a lost email. But by chaining it via IIS first, it meant if there was a problem it would automatically keep retrying until it succeeded without needing to build your own queue. Worked right the way up until Windows Server 2022, from which point Microsoft quietly broke but still allowed you to install the nonfunctional IIS SMTP