Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
forgot password middleware for lockit
JavaScript

1.3.0

latest commit 3fc8076745
Mirco Zeiss authored
Failed to load latest commit information.
test use nodemailer stub transport for testing
views improve views by using bootstrap conditional classes
.gitignore readme
.npmignore init
.travis.yml
Gruntfile.js test all .js files in test folder
History.md update changelog
README.md add dependency badge
index.js add events
package.json 1.3.0

README.md

Lockit forgot password

Build Status NPM version Dependency Status

Help users who forgot their passwords for your Express app. The module is part of Lockit.

Installation

npm install lockit-forgot-password

var ForgotPassword = require('lockit-forgot-password');
var utils = require('lockit-utils');
var config = require('./config.js');

var db = utils.getDatabase(config);
var adapter = require(db.adapter)(config);

var app = express();

// express settings
// ...
// sessions are required - either cookie or some sort of db
app.use(cookieParser());
app.use(cookieSession({
  secret: 'this is my super secret string'
}));

// create new ForgotPassword instance
var forgotPassword = new ForgotPassword(config, adapter);

// use forgotPassword.router with your app
app.use(forgotPassword.router);

Configuration

More about configuration at Lockit.

Features

  • allow password reset for users
  • input validation
  • link expiration times
  • user email verification via unique token
  • hash password using pbkdf2
  • token format verification before database querying

Routes included

  • GET /forgot-password
  • POST /forgot-password
  • GET /forgot-password/:token
  • POST /forgot-password/:token

REST API

If you've set exports.rest in your config.js the module behaves as follows.

  • all routes have /rest prepended
  • GET /rest/forgot-password is next()ed and you can catch /forgot-password on the client
  • POST /rest/forgot-password stays the same but sends JSON
  • GET /rest/forgot-password/:token sends JSON and you can catch /forgot-password/:token on the client
  • POST /rest/forgot-password/:token sends JSON

Test

grunt

License

MIT

Something went wrong with that request. Please try again.