Permalink
Fetching contributors…
Cannot retrieve contributors at this time
75 lines (51 sloc) 2.18 KB

Lockit forgot password

Build Status NPM version Dependency Status

Help users who forgot their passwords for your Express app. The module is part of Lockit.

Installation

npm install lockit-forgot-password

var ForgotPassword = require('lockit-forgot-password');
var utils = require('lockit-utils');
var config = require('./config.js');

var db = utils.getDatabase(config);
var adapter = require(db.adapter)(config);

var app = express();

// express settings
// ...
// sessions are required - either cookie or some sort of db
app.use(cookieParser());
app.use(cookieSession({
  secret: 'this is my super secret string'
}));

// create new ForgotPassword instance
var forgotPassword = new ForgotPassword(config, adapter);

// use forgotPassword.router with your app
app.use(forgotPassword.router);

Configuration

More about configuration at Lockit.

Features

  • allow password reset for users
  • input validation
  • link expiration times
  • user email verification via unique token
  • hash password using pbkdf2
  • token format verification before database querying

Routes included

  • GET /forgot-password
  • POST /forgot-password
  • GET /forgot-password/:token
  • POST /forgot-password/:token

REST API

If you've set exports.rest in your config.js the module behaves as follows.

  • all routes have /rest prepended
  • GET /rest/forgot-password is next()ed and you can catch /forgot-password on the client
  • POST /rest/forgot-password stays the same but sends JSON
  • GET /rest/forgot-password/:token sends JSON and you can catch /forgot-password/:token on the client
  • POST /rest/forgot-password/:token sends JSON

Test

$ npm test

License

MIT