You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In #4076, I introduce a new API call for resetting the password in a better way. The frontend should be updated to make use of this new functionality.
Background
Initially we had email tokens instead of passwords: you could sign up without ever setting a password, and every time you logged in, it would just send you a token by email
We have a "jail" system, where a user gets locked out unless they fix up something in their profile/account. We've used this e.g. for when we update ToS or similar where users have to accept before they can continue using it.
The current password reset works like this:
You click "reset password", web calls ResetPassword
Backend sends the right email a link to reset password
User clicks on link, takes you to the web app which calls CompletePasswordReset with nothing but the token
The backend clears the users' password
The user goes to log in again, this time it falls back to password-less login.
We email the user a login link
User clicks on link and logs in
User gets jailed
User has to reset password through Jail/SetPassword.
User finally gets in
Now with the new system we reduce it to 3 steps:
You click "reset password", web calls ResetPassword
Backend sends the right email a link to reset password
User clicks on link, takes you to the web app which calls CompletePasswordResetV2 with the reset token and a new password
Backend sets the user's password, and logs the user in
The text was updated successfully, but these errors were encountered:
In #4076, I introduce a new API call for resetting the password in a better way. The frontend should be updated to make use of this new functionality.
Background
The current password reset works like this:
ResetPassword
CompletePasswordReset
with nothing but the tokenJail/SetPassword
.Now with the new system we reduce it to 3 steps:
ResetPassword
CompletePasswordResetV2
with the reset token and a new passwordThe text was updated successfully, but these errors were encountered: