Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

create forgot password endpoint #24

Open
rr-phillips opened this issue Nov 23, 2020 · 3 comments
Open

create forgot password endpoint #24

rr-phillips opened this issue Nov 23, 2020 · 3 comments
Assignees
@zrmeier
Labels
backend backend issues Medium task/issue priority
Projects
Web App Tasks

Comments

@rr-phillips
Copy link
Collaborator

No description provided.

@rr-phillips rr-phillips added Medium task/issue priority UX/UI Has to do with the user experience or interface labels Nov 23, 2020
@rr-phillips rr-phillips self-assigned this Nov 23, 2020
@rr-phillips rr-phillips added this to To Do in Web App Tasks via automation Nov 23, 2020
@rr-phillips rr-phillips added backend backend issues and removed UX/UI Has to do with the user experience or interface labels Nov 23, 2020
@zrmeier
Copy link
Collaborator

zrmeier commented Feb 9, 2021

We probably need to add a couple of other issues around this. We should:

  1. Send an email to Verify the user's email.
  2. Verify the user's email.
  3. Then we can send an expiratory link to reset it.
  • Then this issue.

@Subsonic-dev
Copy link
Contributor

@zrmeier
Apologies for being late to this but do you mean every time a user wishes to reset their password the system checks to verify their current email by sending an email to their registered address before sending out a password reset link? If that is the case not sure what the current industry take on that is but might have some security implications. If I've misunderstood please let me know as I think security is very important and that we should verify all emails on sign up and then trust them until the user requests to change their registered email.

@rr-phillips rr-phillips removed their assignment May 26, 2021
@rr-phillips
Copy link
Collaborator Author

I think that sounds fine. I think @zrmeier is talking about what happens when you forget your password on a lot of sites - they send a password reset link, or a verification code to your email, and then you get to reset your password

@zrmeier zrmeier self-assigned this Jun 20, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@zrmeier zrmeier

Labels
backend backend issues Medium task/issue priority
Projects
Web App Tasks
To Do
Milestone
No milestone
Development

No branches or pull requests
3 participants
@zrmeier @rr-phillips @Subsonic-dev