Forgot/Reset Password Endpoint

Question

Forgot/Reset Password Endpoint

Opened this issue 6 months ago · 0 comments

Description
After considerable time, we can finally start this task! The steps required for this task are quite tedious and involved.
We will use a mix of hashing, the database, email sending, query parameters, and api endpoints to handle this beast of a task.

Acceptance Criteria
Demonstrate that you can change the password for an account on the frontend and show that the new password works.

Steps:

step 1). Create an endpoint for /forgotPassword that takes in an email.
step 2). Generate a password reset token (the source below has some guidelines on what to use)
step 3). We will need to store this token in our database under a new section called reset tokens
- Hash the token using SHA256
- Reset tokens entries will need to contain the associated email, token, and expiration date.
- You will need to create a new schema for this.
step 4). Send an email that contains a link to our website
- http://localhost:3000/reset-password?token=
step 5). The user will click on this link to create a new password. Therefore, create a separate endpoint that takes in a new password and the reset token.
step 6). Hash the reset token and compare it to all of the entries in the database. If the hashed reset token matches any entry, grab the email the associated email and use that email to update the password in the database.

Additional Information
All steps were gathered from this source: https://supertokens.com/blog/implementing-a-forgot-password-flow