Add ability to reset password for username / password authentication #5

Open
alarner opened this Issue Mar 20, 2016 · 2 comments

Comments

Projects
None yet
2 participants
@alarner
Owner

alarner commented Mar 20, 2016

both html form based flow and API based flow

desired reset flow:

On the login page, there should be a “Forgot your password?” link

When a user gets to the password reset page (/reset/form), we should ask for their email address.

After the user has entered their email address, send them an email with a link to the password reset page on your site. This link should contain a unique password reset token that expires after a configurable amount of time and on first use.

After submitting the password reset form, display a success page (/reset/form/success) with instructions to check their email.

After the user clicks the link in their email, they should be brought to a page on your site that prompts them to enter a new password. Validate the token before the page is displayed and show an error message if it's incorrect. (/reset/token/q398nctypq9384nypqc3498cn)

After submitting their new password, change their password in the database and mark the token as used, so it can't be re-used. Email the user letting them know that their password has been reset.

Redirect to a new page that informs them that their password has been changed and they have been logged in.

Send the user an email once their password has been changed letting them know what happened.

@alarner alarner modified the milestone: v1.0 Mar 22, 2016

@dominathan

This comment has been minimized.

Show comment
Hide comment
@dominathan

dominathan Apr 21, 2016

Contributor

You just wanting basic nodemailer reset? Or something more?

Contributor

dominathan commented Apr 21, 2016

You just wanting basic nodemailer reset? Or something more?

@dominathan

This comment has been minimized.

Show comment
Hide comment
@dominathan

dominathan Apr 21, 2016

Contributor

I'll grab this one, need to do it on my project anyway as well.

Contributor

dominathan commented Apr 21, 2016

I'll grab this one, need to do it on my project anyway as well.

@alarner alarner modified the milestone: v1.0 May 23, 2016

@alarner alarner removed the Hacktoberfest label Nov 22, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment