You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Register should accept username, full name, email, password
Forgot password should accept email. If email is correct, send an OTP and reset link to the user. Reset link would be something like https://ayushma.ohc.network/reset-password?otp=[otp]&user_id=[user_id]
Create a new model ForgotToken for this that will contain user, expiry (should be 10 minutes from request), OTP
Auto expire previous OTPs if a new one is created
Reset link will send a request to /verify-forgot-token containing OTP and user_id that will check if the otp is correct and not expired. Only process if both OTP and user_id are present and correct. Return the user's email, username and name if correct.
The /reset-password api will have two usecases.
if authorization header is present, only expect a password, and update password for the user.
If authorization header is not present, fallback to accepting OTP and user_id, perform the same validations as /verify-forgot-token and update the password.
Get in touch with @mathew-alex regarding setting up emails
The text was updated successfully, but these errors were encountered:
Register should accept username, full name, email, password
Forgot password should accept email. If email is correct, send an OTP and reset link to the user. Reset link would be something like
https://ayushma.ohc.network/reset-password?otp=[otp]&user_id=[user_id]
Create a new model ForgotToken for this that will contain user, expiry (should be 10 minutes from request), OTP
Auto expire previous OTPs if a new one is created
Reset link will send a request to /verify-forgot-token containing OTP and user_id that will check if the otp is correct and not expired. Only process if both OTP and user_id are present and correct. Return the user's email, username and name if correct.
The /reset-password api will have two usecases.
Get in touch with @mathew-alex regarding setting up emails
The text was updated successfully, but these errors were encountered: