-
Notifications
You must be signed in to change notification settings - Fork 111
Password change without the password reset email #20
Comments
adding a switch to /fogot/change so that if we have a logged in user we don’t read the spoken, rather just render the form rendering the form is working OK, but when I try to post the form i get an immediate 404 Not Found, and thus any call to render within the form success handler is causing a “can’t set headers after re-sent” error
This is a great request. I've tried to support it but I ran into some problems, I have to pause for now but look at commit be3efae on the |
I'm not working on this feature right now on my side, but if I'm getting there before you I'll pick up your branch to see what I can do. |
Thanks @lemieux ! I'll post back too when I pick this up |
I just thought of something about this... this is not a good idea. If this was implemented, a user could have his password changed by anyone who has access to his computer while logged in... the form doesn't ask for the previous password. This should be closed. The proper way to do this would be to have a real password change view I guess. |
Agreed -- going to close this. |
What about forcing the user to type in his old password and then ask for the new password & confirm new password? is this supported by stormpath? |
Hey @bartzilla, you can indeed do this, but that functionality isn't pre-built into express-stormapth (a page, for instance). What you'd need to do is:
req.user.password = 'newpassword';
req.user.save(); |
Hey @bartzilla , thanks for the question! As @rdegges mentioned we don't have an out-of-the-box form for a logged-in password change form, but it's really easy to roll this into your profile page. We have an example profile page here, you'd just need to modify it a bit to add the change password fields: https://github.com/stormpath/express-stormpath-sample-project/ Hope this helps! |
Awesome @bartzilla , glad you've got it working now! Always happy to help :) |
@rdegges Can you do this with just plain node? "Hey @bartzilla, you can indeed do this, but that functionality isn't pre-built into express-stormapth (a page, for instance). What you'd need to do is: Create a route / view that force a user to change their password. |
@EricMentele yep! Same exact thing, you can do it with an account, eg: account.password = 'blah';
account.save(); |
@rdegges thanks! Got it working. |
Would it be possible to show the password change view directly without having to issue a password reset email. We would want the user to be able to change it directly in our app if he's logged in. I tried to access
/forgot/change
directly and I got :I am using 0.4.5 from npm
The text was updated successfully, but these errors were encountered: