Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add ability to reset password for username / password authentication #5

Open
alarner opened this issue Mar 20, 2016 · 2 comments
Open

Add ability to reset password for username / password authentication #5

alarner opened this issue Mar 20, 2016 · 2 comments

Comments

@alarner
Copy link
Owner

@alarner alarner commented Mar 20, 2016

both html form based flow and API based flow

desired reset flow:

On the login page, there should be a “Forgot your password?” link

When a user gets to the password reset page (/reset/form), we should ask for their email address.

After the user has entered their email address, send them an email with a link to the password reset page on your site. This link should contain a unique password reset token that expires after a configurable amount of time and on first use.

After submitting the password reset form, display a success page (/reset/form/success) with instructions to check their email.

After the user clicks the link in their email, they should be brought to a page on your site that prompts them to enter a new password. Validate the token before the page is displayed and show an error message if it's incorrect. (/reset/token/q398nctypq9384nypqc3498cn)

After submitting their new password, change their password in the database and mark the token as used, so it can't be re-used. Email the user letting them know that their password has been reset.

Redirect to a new page that informs them that their password has been changed and they have been logged in.

Send the user an email once their password has been changed letting them know what happened.

@alarner alarner modified the milestone: v1.0 Mar 22, 2016
@dominathan
Copy link
Contributor

@dominathan dominathan commented Apr 21, 2016

You just wanting basic nodemailer reset? Or something more?

@dominathan
Copy link
Contributor

@dominathan dominathan commented Apr 21, 2016

I'll grab this one, need to do it on my project anyway as well.

@alarner alarner modified the milestone: v1.0 May 23, 2016
@alarner alarner removed the Hacktoberfest label Nov 22, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants
You can’t perform that action at this time.