Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Change password and logout #637

Merged
merged 3 commits into from
Dec 31, 2019
Merged

Conversation

aldeed
Copy link
Contributor

@aldeed aldeed commented Dec 30, 2019

Resolves #574
Impact: minor
Type: feature

Changes

Breaking changes

These changes are tied to changes in Reaction Identity. As long as both services are updated as well as any environment variables, nothing should break.

This requires additional scope and options for the Hydra client, but I've included server startup code that will auto-update the Hydra client as necessary.

Testing

Test with the following PR branches:

Reset Password

Prerequisite: Configure emailing on the API so that you'll get the password reset email.

  1. Create an account
  2. Sign out
  3. Click Sign In, but then click Forgot Password
  4. Enter the email address of the account you created and click the button.
  5. In the email, click the link.
  6. Set a new password
  7. Log in with the new password to confirm it worked.

Change Password

  1. Create an account or use already created.
  2. Sign in
  3. From account menu, choose Change Password.
  4. You should be taken to the Change Password form on Reaction Identity with the email address pre-filled.
  5. Enter your current and new password.
  6. After the change, you should be automatically redirected back to the same storefront page you were on when you clicked Change Password.
  7. Sign out and back in with the new password to verify it worked.

Logout

If you've tested the other changes, you've been testing logout. The flow is different behind the scenes (standard OpenID Connect Logout Flow, more secure), but the effect is the same.

Error Page

There is a custom OAuth error page now, but unless you modify the code or adjust some env variables you will hopefully not see it. If you are interested in doing this, let me know.

Signed-off-by: Eric Dobbertin <eric@dairystatedesigns.com>
Signed-off-by: Eric Dobbertin <eric@dairystatedesigns.com>
Signed-off-by: Eric Dobbertin <eric@dairystatedesigns.com>
@aldeed aldeed requested a review from willopez December 30, 2019 20:13
@aldeed aldeed added this to In progress in 3.0.0 via automation Dec 30, 2019
@aldeed aldeed moved this from In progress to Review in progress in 3.0.0 Dec 30, 2019
Copy link
Member

@willopez willopez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, there is a minor issue with escaping & in the setup script that will be addressed separately.

3.0.0 automation moved this from Review in progress to Reviewer approved Dec 31, 2019
@willopez willopez merged commit 8b3210f into release-v3.0.0 Dec 31, 2019
3.0.0 automation moved this from Reviewer approved to Done Dec 31, 2019
@kieckhafer kieckhafer deleted the feat-aldeed-change-password branch January 23, 2020 19:53
@kieckhafer kieckhafer mentioned this pull request Feb 6, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
No open projects
3.0.0
  
Done
Development

Successfully merging this pull request may close these issues.

None yet

2 participants