Defect - Forcing Password Reset via SOAP

CX Version: 

When creating or updating an Account through the SOAP API you can specify that the user needs to change their password on their next login.
This is generally used when an administrator resets a password and wants the new value to be only good for a single use. When setting this
flag and a new password through the API though there appears to be a product defect: only the password gets set, the reset flag does not.
Setting either independently works, just not together (as you often would).

Setting a Password via SOAP: Works

C#:

Account acct = new Account
{
ID = new ID
{
id = ACCOUNT_ID,
idSpecified = true,
},
NewPassword = GenerateRandomPassword()
};

client.Update(clientHeader,
new RNObject[]
{
acct
},
new UpdateProcessingOptions
{
SuppressExternalEvents = true,
SuppressRules = true
});

Request XML:

<Update xmlns="urn:messages.ws.rightnow.com/v1_2">
<RNObjects xsi:type="q1:Account" xmlns:q1="urn:objects.ws.rightnow.com/v1_2">
<ID id="8" xmlns="urn:base.ws.rightnow.com/v1_2"/>
<q1:DisplayName xsi:nil="true"/>
<q1:EmailNotification xsi:nil="true"/>
<q1:Emails xsi:nil="true"/>
<q1:Manager xsi:nil="true"/>
<q1:NewPassword>s3cur3</q1:NewPassword>
<q1:Phones xsi:nil="true"/>
<q1:Profile xsi:nil="true"/>
<q1:Signature xsi:nil="true"/>
<q1:ValidNullFields xsi:nil="true"/>
</RNObjects>
<ProcessingOptions>
<SuppressExternalEvents>true</SuppressExternalEvents>
<SuppressRules>true</SuppressRules>
</ProcessingOptions>
</Update>

Setting the Password-Reset Flag via SOAP: Works


Account acct = new Account
{
ID = new ID
{
id = ACCOUNT_ID,
idSpecified = true,
},
Attributes = new AccountOptions
{
ForcePasswordChange = true,
ForcePasswordChangeSpecified = true
}
};

client.Update(clientHeader,
new RNObject[]
{
acct
},
new UpdateProcessingOptions
{
SuppressExternalEvents = true,
SuppressRules = true
});

Request XML:

<Update xmlns="urn:messages.ws.rightnow.com/v1_2">
<RNObjects xsi:type="q1:Account" xmlns:q1="urn:objects.ws.rightnow.com/v1_2">
<ID id="8" xmlns="urn:base.ws.rightnow.com/v1_2"/>
<q1:Attributes>
<q1:ForcePasswordChange>true</q1:ForcePasswordChange>
</q1:Attributes>
<q1:DisplayName xsi:nil="true"/>
<q1:EmailNotification xsi:nil="true"/>
<q1:Emails xsi:nil="true"/>
<q1:Manager xsi:nil="true"/>
<q1:NewPassword xsi:nil="true"/>
<q1:Phones xsi:nil="true"/>
<q1:Profile xsi:nil="true"/>
<q1:Signature xsi:nil="true"/>
<q1:ValidNullFields xsi:nil="true"/>
</RNObjects>
<ProcessingOptions>
<SuppressExternalEvents>true</SuppressExternalEvents>
<SuppressRules>true</SuppressRules>
</ProcessingOptions>
</Update>

Setting the a Password and the Flag via SOAP: Does not work


Account acct = new Account
{
ID = new ID
{
id = ACCOUNT_ID,
idSpecified = true,
},
NewPassword = GenerateRandomPassword(),
Attributes = new AccountOptions
{
ForcePasswordChange = true,
ForcePasswordChangeSpecified = true
}
};

client.Update(clientHeader,
new RNObject[]
{
acct
},
new UpdateProcessingOptions
{
SuppressExternalEvents = true,
SuppressRules = true
});

Request XML:

<Update xmlns="urn:messages.ws.rightnow.com/v1_2">
<RNObjects xsi:type="q1:Account" xmlns:q1="urn:objects.ws.rightnow.com/v1_2">
<ID id="8" xmlns="urn:base.ws.rightnow.com/v1_2"/>
<q1:Attributes>
<q1:ForcePasswordChange>true</q1:ForcePasswordChange>
</q1:Attributes>
<q1:DisplayName xsi:nil="true"/>
<q1:EmailNotification xsi:nil="true"/>
<q1:Emails xsi:nil="true"/>
<q1:Manager xsi:nil="true"/>
<q1:NewPassword>s3cur3</q1:NewPassword>
<q1:Phones xsi:nil="true"/>
<q1:Profile xsi:nil="true"/>
<q1:Signature xsi:nil="true"/>
<q1:ValidNullFields xsi:nil="true"/>
</RNObjects>
<ProcessingOptions>
<SuppressExternalEvents>true</SuppressExternalEvents>
<SuppressRules>true</SuppressRules>
</ProcessingOptions>
</Update>

The response for each request has an HTTP status of 200 and an empty update response (as expected),
however when checking the force-reset flag it proves to only be set when the account is updated without
specifying a new password. Sadly the only workaround at this point is to make two separate updates. This has been
tested on Feb '13, please leave a comment if you can reproduce on other versions of CX. A sample project can be found
in BitBucket under / Defect POC / SOAP.Account.PasswordReset /

Four constants (in Form1.cs) need to be modified before running the project:

private readonly string SITE = "https://**SITE**.custhelp.com/cgi-bin/**INTERFACE**.cfg/services/soap";
private readonly string USER = "";
private readonly string PWD = "";
private readonly int ACCOUNT_ID = 0;

Comments

The same is true for Connect for PHP. I've posted a comment on this discussion post with a simple example.

Zircon - This is a contributing Drupal Theme
Design by WeebPal.