Function to confirm current users password

3
I have approval processes where I have a requirement for the user to enter their password to confirm their identity when making a change of approval status (so someone else at their logged-in workstation hasn't made the change in their absence). Mx obviously has a function to confirm the password used when you initially log in - is there similar functionality available for an already logged-in user. I would like the function to return a boolean value that I can use in workflow, if the value entered is incorrect, I do NOT wish to log out the current user, and I do not wish to store encrypted copies of password strings anywhere. If I have LDAP authentication, I want it to check against the LDAP login. I know something like what I want must exist in Mx for the initial login process, but is it exposed as a function I can access?
asked
1 answers
6

Using a Java action and looking at the Mendix API Javadoc, it seems you can do something like this (didn't test it):

import com.mendix.core.Core;
import com.mendix.systemwideinterfaces.core.IContext;
import com.mendix.systemwideinterfaces.core.IUser;
import com.mendix.systemwideinterfaces.core.UserAction;

public class AuthenticateCurrentUser extends UserAction<Boolean>
{
    private String password;

    public AuthenticateCurrentUser(String password)
    {
        super();
        this.password = password;
    }

    @Override
    public Boolean executeAction() throws Exception
    {
        // BEGIN USER CODE

        final IContext context = this.getContext();
        final IUser user = context.getSession().getUser();

        return Core.authenticate(context, user, this.password);

        // END USER CODE
    }
}

Note that this requires Mendix version 2.5, as the authenticate method wasn't available in 2.4.

answered