Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Forgot password #42

Open
jcoppieters opened this issue Apr 14, 2016 · 2 comments
Open

Forgot password #42

jcoppieters opened this issue Apr 14, 2016 · 2 comments

Comments

@jcoppieters
Copy link
Owner

jcoppieters commented Apr 14, 2016
edited

Add it to UserController.

But first get the flow right:
(any one has better idea's?)

  • In the login page, have a "tab" with "forget password"
  • accept email address,
  • look it up in the userlist,
  • generate (and save in user table) a url with a long random string + timestamp,
  • send it by email,
  • have a form to enter the new password,
  • check the random string against the user record + check if timestamp is not older than 1 day
  • change the password
  • log in
@himankbhalla
Copy link

@jcoppieters This flow will work fine. Just one slight addition. A random string stored with respect to a user should be valid for a limited time(like 2 days). So you might be tempted to use a Redis client instead.

@jcoppieters
Copy link
Owner Author

Yep. You're right. I've changed it.
We have the core part of the system running for a couple of years now, but is not yet integrated with cody-cms.
It is fully async/await based and implements the above flow, including phone by SMS validation and so on.
We never found time to port the CMS part onto the new Core part.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jcoppieters @himankbhalla