Email should be used to reset password

[kumarrishav]

Currently app ask for username (if your email is already registered), but user hardly remember its username (as different application has different validation rules). So, instead we should use email to reset password as everyone remember it's email id

[cadecairos]

shouldn't this really be in https://github.com/mozilla/id.webmaker.org

[thisandagain]

We need to modify the UX as well so I'd like to keep this opened.

[xmatthewx]

related: mozilla/id.webmaker.org#317

[anupkumarmishra]

when I organize webmaker events people ask me questions related to their account. When they forget their account details ,the only way to recover is through username . I guess we should change our system like that as most of the websites/applications provide the same mechanism.

[xmatthewx]

@flukeout - Can you take a look at our existing signup, login, and account recovery and propose a few improvements? mozilla/id.webmaker.org#317 (comment)

[xmatthewx]

Server supports recovery by email. Just need to update UI and frontend to allow for use of email. mozilla/id.webmaker.org#317 (comment)

Questions? ping @cadecairos

[ryanwarsaw]

This should definitely be made a priority, if a user doesn't remember their username then they'll think they're forced to create a new account (I personally encountered this issue).

[xmatthewx]

@ryanw-se and @kumarrishav - this update has landed. Please test it, break it, and let us know if you see any weird or unfriendly error messages.

[kumarrishav]

Hey @xmatthewx , i tested this and have some feedback on this.

1. While signing in , it should be "Username or Email" written out there instead of only Username as now both email n username can be used for signing in. Thanks for this)
2. Reset link should be different everytime or have some expiration time. While testing i found that everytime it is sending same link, it means anyone can reset if they found that link. I tested the reset link in other android app, it's different everytime or have some expiration time like 6hrs or something.
3. Instead of navigating to browser, can't we reset from the app only, so that it will email the reset link and then reset it from browser.

[cadecairos]

Hey @kumarrishav

1. While signing in , it should be "Username or Email" written out there instead of only Username as now both email n username can be used for signing in. Thanks for this)

The placeholder text should be 'username and email' already:

1. Reset link should be different everytime or have some expiration time.

Reset links contain a unique code that is only valid once, and for a 24 hour period after it's created. (https://github.com/mozilla/login.webmaker.org/blob/1ddca67573fdc36439f470c971da4c474e6f1a89/app/db/models/index.js#L424-L451)

[xmatthewx]

Thanks @kumarrishav

• placeholder text: [MIGRATED] Update placeholder text on sign-in to include email #2401
• a reset flow within the app would be a better experience, but we have a few higher priority tasks to tackle first.

[kumarrishav]

@cadecairos i was talking about signing in time not reset password.
http://picpaste.com/Screenshot_2015-07-10-19-07-40-bO6aISE5.png