From 534bb44a7e081020a38d0bdfcfe01d0798e2ccdd Mon Sep 17 00:00:00 2001 From: Karuna-Mendix Date: Thu, 9 Apr 2026 11:40:30 +0530 Subject: [PATCH 1/5] Anonymous users info --- .../platform-supported-content/modules/forgot-password.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/content/en/docs/marketplace/platform-supported-content/modules/forgot-password.md b/content/en/docs/marketplace/platform-supported-content/modules/forgot-password.md index 5e3fd4ef2ee..2cbd6d8c5b4 100644 --- a/content/en/docs/marketplace/platform-supported-content/modules/forgot-password.md +++ b/content/en/docs/marketplace/platform-supported-content/modules/forgot-password.md @@ -140,6 +140,12 @@ Consider a scenario, where your SMTP username is *user@example.com* and you have You may have to configure an email alias on your SMTP server if you are using a different **fromAddress** in your email template than the email address of your selected SMTP account. Some SMTP servers will not send emails if the **fromAddress** is not associated with the SMTP account. {{% /alert %}} +### Disabling Anonymous Users + +Starting from version X.X.X of the module, you can disable anonymous users. Additionally, check whether `Anonymous` user role can be removed from the app. If your application does not require anonymous access, removing the role is recommended as a security best practice. + +To disable anonymous users, set the `EnableAnonymousUserRole` constant to *false* in the module. By default this value is set to *true*. Once the constant value is set to *false*, end users can be authenticated via the `https:///forgotpassword/v1/login` URL. When accessing the URL, users are automatically redirected for authentication. + ## Testing the Forgot Password Module 1. Sign out of the app. From 2459dba3141d8627404365ef149e2f7832cb8794 Mon Sep 17 00:00:00 2001 From: Karuna-Mendix Date: Mon, 13 Apr 2026 12:20:58 +0530 Subject: [PATCH 2/5] Batch translate --- .../modules/forgot-password.md | 20 ++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/content/en/docs/marketplace/platform-supported-content/modules/forgot-password.md b/content/en/docs/marketplace/platform-supported-content/modules/forgot-password.md index 2cbd6d8c5b4..94c95eedfd5 100644 --- a/content/en/docs/marketplace/platform-supported-content/modules/forgot-password.md +++ b/content/en/docs/marketplace/platform-supported-content/modules/forgot-password.md @@ -144,7 +144,25 @@ You may have to configure an email alias on your SMTP server if you are using a Starting from version X.X.X of the module, you can disable anonymous users. Additionally, check whether `Anonymous` user role can be removed from the app. If your application does not require anonymous access, removing the role is recommended as a security best practice. -To disable anonymous users, set the `EnableAnonymousUserRole` constant to *false* in the module. By default this value is set to *true*. Once the constant value is set to *false*, end users can be authenticated via the `https:///forgotpassword/v1/login` URL. When accessing the URL, users are automatically redirected for authentication. +To disable anonymous users, set the `EnableAnonymousUserRole` constant to *false* in the module. By default this value is set to *true*. Once the constant value is set to *false*, end users can be authenticated via the `https:///forgotpassword/v1/login` URL. When accessing the URL, users are automatically redirected to a single page where they can sign in, sign up, or reset their password. + +{{% alert color="info" %}} +You can use either a Mendix page or an endpoint to access the login page, but not both at the same time. +{{% /alert %}} + +#### Translating Non-Mendix Pages of the Module + +You can use the **Batch Translate** option if you want to translate the non-Mendix pages, (such as, Sign Up and Reset Password pages), including their labels, error messages, and other text elements. + +Follow the steps below: + +1. In Studio Pro, click **Language** > **Language Settings**, and add the required language. +2. Click **Language** > **Batch Translate** and select **Source language** and **Destination language**. Click **OK**. +3. Select the Forgot Password module for **Documents/modules** and click **Export to Excel**. +4. Add translations in the exported Excel file manually and import the file back into the Studio Pro. Click **Translate**. +5. Launch the app and visit `https:///forgotpassword/v1/login` to view the translated login page. + +For more information, refer to [Batch Translate](/refguide/batch-translate/). ## Testing the Forgot Password Module From 1d61619cba44cd4d18efd980296324e406b2a7fa Mon Sep 17 00:00:00 2001 From: Karuna-Mendix Date: Tue, 14 Apr 2026 12:16:15 +0530 Subject: [PATCH 3/5] Additional changes --- .../platform-supported-content/modules/forgot-password.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/en/docs/marketplace/platform-supported-content/modules/forgot-password.md b/content/en/docs/marketplace/platform-supported-content/modules/forgot-password.md index 94c95eedfd5..da14087cf60 100644 --- a/content/en/docs/marketplace/platform-supported-content/modules/forgot-password.md +++ b/content/en/docs/marketplace/platform-supported-content/modules/forgot-password.md @@ -142,9 +142,9 @@ You may have to configure an email alias on your SMTP server if you are using a ### Disabling Anonymous Users -Starting from version X.X.X of the module, you can disable anonymous users. Additionally, check whether `Anonymous` user role can be removed from the app. If your application does not require anonymous access, removing the role is recommended as a security best practice. +Starting from version 6.5.0 of the module, you can disable anonymous users. Additionally, check whether `Anonymous` user role can be removed from the app. If your application does not require anonymous access, removing the role is recommended as a security best practice. -To disable anonymous users, set the `EnableAnonymousUserRole` constant to *false* in the module. By default this value is set to *true*. Once the constant value is set to *false*, end users can be authenticated via the `https:///forgotpassword/v1/login` URL. When accessing the URL, users are automatically redirected to a single page where they can sign in, sign up, or reset their password. +To disable anonymous users, set the `EnableAnonymousUserRole` constant to *False* in the module. By default this value is set to *True*. Once the constant value is set to *False*, end users can be authenticated via the `https:///forgotpassword/v1/login` URL. When accessing the URL, users are automatically redirected to a login page where they can sign in, sign up, or reset their password. {{% alert color="info" %}} You can use either a Mendix page or an endpoint to access the login page, but not both at the same time. From 0b3404c6be894026bf95558f7bb22309b7956cff Mon Sep 17 00:00:00 2001 From: Karuna-Mendix Date: Tue, 14 Apr 2026 12:32:16 +0530 Subject: [PATCH 4/5] more changes --- .../platform-supported-content/modules/forgot-password.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/marketplace/platform-supported-content/modules/forgot-password.md b/content/en/docs/marketplace/platform-supported-content/modules/forgot-password.md index da14087cf60..a236108ecf8 100644 --- a/content/en/docs/marketplace/platform-supported-content/modules/forgot-password.md +++ b/content/en/docs/marketplace/platform-supported-content/modules/forgot-password.md @@ -144,7 +144,7 @@ You may have to configure an email alias on your SMTP server if you are using a Starting from version 6.5.0 of the module, you can disable anonymous users. Additionally, check whether `Anonymous` user role can be removed from the app. If your application does not require anonymous access, removing the role is recommended as a security best practice. -To disable anonymous users, set the `EnableAnonymousUserRole` constant to *False* in the module. By default this value is set to *True*. Once the constant value is set to *False*, end users can be authenticated via the `https:///forgotpassword/v1/login` URL. When accessing the URL, users are automatically redirected to a login page where they can sign in, sign up, or reset their password. +To disable anonymous users, set the `EnableAnonymousUserRole` constant to *False* in the module. By default this value is set to *True*. Once the constant value is set to *False*, end users can access the login flow via the `https:///forgotpassword/v1/login` URL. When accessing the URL, users are automatically redirected to a login page where they can sign in, sign up, or reset their password. {{% alert color="info" %}} You can use either a Mendix page or an endpoint to access the login page, but not both at the same time. From 4a4810ef326bbac6c987302b16af7a30cfd0339d Mon Sep 17 00:00:00 2001 From: Karuna-Mendix Date: Tue, 14 Apr 2026 19:48:38 +0530 Subject: [PATCH 5/5] feedback --- .../platform-supported-content/modules/forgot-password.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/content/en/docs/marketplace/platform-supported-content/modules/forgot-password.md b/content/en/docs/marketplace/platform-supported-content/modules/forgot-password.md index a236108ecf8..d27fb68f0ac 100644 --- a/content/en/docs/marketplace/platform-supported-content/modules/forgot-password.md +++ b/content/en/docs/marketplace/platform-supported-content/modules/forgot-password.md @@ -142,7 +142,9 @@ You may have to configure an email alias on your SMTP server if you are using a ### Disabling Anonymous Users -Starting from version 6.5.0 of the module, you can disable anonymous users. Additionally, check whether `Anonymous` user role can be removed from the app. If your application does not require anonymous access, removing the role is recommended as a security best practice. +The module offers two options for password reset pages. The first option uses Mendix pages, which requires `Anonymous` user role. This reflects the behavior in older versions. The second option uses HTML pages, which does not require `Anonymous` user role and are now recommanded. These HTML pages are provided with the module and support translation. For more information, see the [Translating HTML Pages of the Module](#translation-html) section below. + +Starting from version 6.5.0 of the module, you do not need the `Anonymous` user role in your application to allow end users to reset their passwords. If you are migrating your app from a previous version of the module, it is recommanded to check whether `Anonymous` user role can be removed from the app. If your application does not require anonymous access, removing the role is recommended as a security best practice. Using an `Anonymous` user role can introduce security risk, as it may allow access to entities and microflows without the protections from the Mendix runtime security model. To disable anonymous users, set the `EnableAnonymousUserRole` constant to *False* in the module. By default this value is set to *True*. Once the constant value is set to *False*, end users can access the login flow via the `https:///forgotpassword/v1/login` URL. When accessing the URL, users are automatically redirected to a login page where they can sign in, sign up, or reset their password. @@ -150,9 +152,9 @@ To disable anonymous users, set the `EnableAnonymousUserRole` constant to *False You can use either a Mendix page or an endpoint to access the login page, but not both at the same time. {{% /alert %}} -#### Translating Non-Mendix Pages of the Module +#### Translating HTMML Pages of the Module{#translation-html} -You can use the **Batch Translate** option if you want to translate the non-Mendix pages, (such as, Sign Up and Reset Password pages), including their labels, error messages, and other text elements. +You can use the **Batch Translate** option if you want to translate HTML pages, (such as, Sign Up and Reset Password pages which are not guarded by the Mendix runtime security model). It allows you to translate labels, error messages, and other text elements of HTML pages. Follow the steps below: