Forget password and first time login

Question

Forget password and first time login

Closed this issue 8 years ago · 2 comments

Story:

Clinic admin should be able to change password when login for the first time (since cageur admin will issue random password when signup), and reset password anytime

Related to #140

Answer 1 · 2017-05-11T01:56:03.000Z

Useful API for this story from PR #139 :

Check user profile and metadata

GET /api/v1/profile

{
  "status": "success",
  "data": {
    "name": "giri",
    "email": "giri@satu.com",
    "role": "clinic",
    "clinic_id": 1,
    "is_new": true,
    "is_active": true,
    "last_login_at": "2017-05-11T01:49:39.000Z",
    "last_password_changed_at": "2017-05-11T01:49:19.000Z"
  },
  "message": "Retrieved user own profile"
}

If is_new === true, then redirect to change password upon login

Change password

PUT /api/v1/profile/password
{
  email: "giri@satu.com",
  oldPassword: "blah",
  newPassword: "foo",
  confirmPassword: "foo",
}

This will update is_new to false and invalidate the token for current login. Every endpoint with the old token will be blocked, user is required to relogin and get the new token.

cc @tororudy

Answer 2 · 2017-05-11T04:00:01.000Z

Ok thanks for the API @girikuncoro