Adding forgotten password capabilites
Just-Moh-it opened this issue · 0 comments
Currently, this screen is shown when trying to reset the password:
There are two solution proposed to this:
- Adding email-verification and then resetting code
- Using third party providers like Auth0
And it is not possible with these due to the following limitations
-
Users would have to set their own email-client or SMTP server, which is a hassle and email delivery is still not promised. Even if one sets up node mailer to work with Gmail, there are a lot of steps involved, like turning on
less-secure-app
access, or setting up Oauth2 credentials. Therefore, this approach is not likely to be adopted until these shortcomings are addressed. -
Another approach, by using third party authentication services, defeats the purpose of this app, i.e. to make it totally open source and built upon free technologies. Though some providers have very generous free tiers, there still could be limitions in the future, like the number of signups supported per instance, number of logins, etc. and since authentication is such a crucial part of the application, it can't depend upon such vague factors.
Therefore, currently, the only way to reset forgotten password is to directly make changes into the database, until a better solution that users will not have to go through a hassle is proposed.