Magento – Create customer with REST API – password does not work

createcustomerpasswordrest

i'm creating customers with the REST-API and trying to give each customer an initial password.
Problem is, that when the customers try to log on to the shop with their mail-address, loggin in is rejected because of a wrong password.

This is my code for creating customers in C#:

customerLocal.Password = "defaultpassword123!";  
customerLocal.TaxVat = String.Empty;  
customerLocal.CustomerCategory = "3";  
request = new RestRequest("customers", Method.POST);  
request.RequestFormat = DataFormat.Json;  
request.AddBody(customerLocal);  
restClient = new RestApiClient();  
restResult = restClient.Execute(request);

after executing, customer is created, but the password isn't accepted when logging in.

I've also tried to encrypt the password with md5:

customerLocal.Password = System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile("defaultpassword123!", "MD5");

This isn't working too.

Best Answer

I tried this already then I study about this, As according to my knowledge its unable to set password for the customer from API. Because in magento they are using a filter inside the customer create methode like this $data = $validator->filter($data);. So here the password which we sent is filtered. To avoid this I get the password before filter and set it after the filter as shown below. Change REST API customer create method in magento like this, it may solve your problem.

protected function _create(array $data)
    {
        $password = $data['password'];
        $validator = Mage::getResourceModel('api2/validator_eav', array('resource' => $this));
        $data = $validator->filter($data);
        $data['password'] = $password;
        if (!$validator->isValidData($data))
        {
            foreach ($validator->getErrors() as $error)
            {
                $this->_error($error, Mage_Api2_Model_Server::HTTP_BAD_REQUEST);
            }
            $this->_critical(self::RESOURCE_DATA_PRE_VALIDATION_ERROR);
        }

        $customer = Mage::getModel('customer/customer');
        $customer->setData($data);

        try
        {
            $customer->setPassword($data['password']);      //added
            $customer->setWebsiteId(1)->save(); 

        }
        catch (Mage_Core_Exception $e)
        {
            $this->_error($e->getMessage(), Mage_Api2_Model_Server::HTTP_INTERNAL_ERROR);
        }
        catch (Exception $e)
        {
            $this->_critical(self::RESOURCE_INTERNAL_ERROR);
        }
    }

Related Solutions

Magento – Migrate customers passwords with salt

If you tell us how OXID is hashing the passwords, we might help you.

Magentos passwords look like this:

$this->hash($salt . $password) . ':' . $salt

An example: 027dfe2d795846ea0687514b0338d464:zj in newer Versions, the hash is longer. It is important to see, that there is no seperator between salt and password and salt comes first.

In CE $this->hash() is md5() in EE it is some sha function.

Long story short: If OXID is hashing the same way you can just import the passwords, if it doesn't have a look into https://github.com/ikonoshirt/pbkdf2. I implemented an more secure way for password storing with PBKDF2 and for this I implemented a migration path to check wether the password is stored the new or the old way, you can use the same technique.

Magento – How to apply simpler password constraints for customers in magento 2

Thanks Ankit Shah,

Solution here : https://magento.stackexchange.com/a/141422/43576

"As of version 2.1.1 this is a configuration item. In Stores > Configuration > Customers > Customer Configuration > Password Options there's some options like Password Length and Number of Required Character Classes. Not sure at which version this was introduced but if you update your store to the latest version it will be available."

Best Answer

Related Solutions

Magento – Migrate customers passwords with salt

Magento – How to apply simpler password constraints for customers in magento 2

Related Topic