Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
166 lines (117 sloc) 3.57 KB


middleware for managing password reset emails

TODO: Update this README and example


var fs = require('fs');
var express = require('express');
var app = express.createServer();

app.use(require('sesame')()); // for sessions

// example nodemailer config here
var forgot = require('../../')({
  uri: 'http://localhost:8080/password_reset',
  from: 'password-robot@localhost',
  transportType: 'SMTP',
  transportOptions: {
    service: "Gmail",
    auth: {
      user: "",
      pass: "password"

app.use(forgot.middleware);'/forgot', express.bodyParser(), function(req, res) {
  var email =;

  var callback = {
    error: function(err) {
      res.end('Error sending message: ' + err);
    success: function(success) {
      res.end('Check your inbox for a password reset message.');
  var reset = forgot(email, callback);

  reset.on('request', function(req_, res_) {
    req_.session.reset = {
      email: email,
    fs.createReadStream(__dirname + '/forgot.html').pipe(res_);
});'/reset', express.bodyParser(), function(req, res) {
  if (!req.session.reset) return res.end('reset token not set');

  var password = req.body.password;
  var confirm = req.body.confirm;
  if (password !== confirm) return res.end('passwords do not match');

  // update the user db here

  delete req.session.reset;
  res.end('password reset');

console.log('Listening on :8080');


var forgot = require('password-reset')(opts)

Create a new password reset session forgot with some options opts.

opts.uri must be the location of the password reset route, such as 'http://localhost:8080/_password_reset'. A query string is appended to opts.uri with a unique one-time hash.

opts.body(uri) can be a function that takes the password reset link uri and returns the email body as a string.

The options transportType and transportOptions are passed directly to nodemailer.

When the user clicks on the uri link forgot emits a "request", req, res event.

var reset = forgot(email, cb)

Send a password reset email to the email address. cb.error(error) fires when the email sent got some error. cb.success(success) fires when the email has been sent.

forgot.middleware(req, res, next)

Use this middleware function to intercept requests on the opts.uri.


Prevent a session from being used again. Call this after you have successfully reset the password.


Pass this value to forgot.expire(id).


reset.on('request', function (req, res) { ... })

Emitted when the user clicks on the password link from the email.

reset.on('failure', function (err) { ... })

Emitted when an error occurs sending email. You can also listen for this event in forgot()'s callback.

reset.on('success', function () {})

Emitted when an email is successfully sent.


With npm do:

npm install password-reset



credits to

Substack for the original module


With npm, do:

npm test