Lockit forgot password

Help users who forgot their passwords for your Express app. The module is part of Lockit.

Installation

npm install lockit-forgot-password

var ForgotPassword = require('lockit-forgot-password');
var utils = require('lockit-utils');
var config = require('./config.js');

var db = utils.getDatabase(config);
var adapter = require(db.adapter)(config);

var app = express();

// express settings
// ...
// sessions are required - either cookie or some sort of db
app.use(cookieParser());
app.use(cookieSession({
  secret: 'this is my super secret string'
}));

// create new ForgotPassword instance
var forgotPassword = new ForgotPassword(config, adapter);

// use forgotPassword.router with your app
app.use(forgotPassword.router);

Configuration

More about configuration at Lockit.

Features

• allow password reset for users
• input validation
• link expiration times
• user email verification via unique token
• hash password using pbkdf2
• token format verification before database querying

Routes included

• GET /forgot-password
• POST /forgot-password
• GET /forgot-password/:token
• POST /forgot-password/:token

REST API

If you've set exports.rest in your config.js the module behaves as follows.

• all routes have /rest prepended
• GET /rest/forgot-password is next()ed and you can catch /forgot-password on the client
• POST /rest/forgot-password stays the same but sends JSON
• GET /rest/forgot-password/:token sends JSON and you can catch /forgot-password/:token on the client
• POST /rest/forgot-password/:token sends JSON

Test

$ npm test

License

MIT