Email confirmation & Forgot Password

[oguzhanturgut]

1. Email Confirmation

User Story
As a user I want to ensure that I registered in the site with my correct email. So if the site wil send me an email then I can find it in my inbox mail. Imagine that I paid for something in the site and then the payment details sent to false mail adres. That is not useful.
As an admin user I want new users to confirm their emails so that I can be sure they are using real email accounts.

1. User should receive an email confirmation acknowledging that they submitted their email address
2. The confirmation email includes a Welcome statement and a link which has a specific expiry date to confirm their email
3. By clicking the link user should redirected to their newly created dashboard

Plan for technical implementation
Frontend

• Create Confirm component
• Create action, action creator for confirm mail and make changes to related reducer
• Change Register component

Backend

• Change User model for creating new users with unconfirmed property
• Change route middleware for registering new user, add mail sending with JWT token
• Add new route for confirming email which also returns token for authentication

2. Password Forgot and Reset

User Story
As a user, I want the ability to reset my password that I forget when I am asked for it so that I can access my account again

1. When being asked for the password, there is a link by which users can start a reset password action by entering email.
2. The password reset email will contain a link to access a page where the users can reset their password.
3. After a password reset the user should be redirected to login page to enter website using their newly created password.

Plan for technical implementation

Frontend

• Add forgot link to Login component.
• Create public password reset component which takes email input
• Create public password reset component which takes new password twice

Backend

• Create 2 routes/endpoints: first one to send link to the user mail with token, second one to update the password and in the data base.

[musafir928]

Finished the backend and frontend, now user can:

1. Go to send password recovery email page(form) by hitting forgot password link on login page.
2. Send password recovery email from send password recovery email page.
3. After input valid email address and clicking submit button, user can receive a recovery email with link includes token .
4. load reset password page and reset the password by click submit button.

issues (or the points not clear):

1. password reset token can be used just once.

planned implementation:

1. Redirect form send email page and reset page to login page after submit.
2. simplify the code and debugging.

[ghost]

About the feature "forget Password & reset it" I finish my version of the back end:
In my local branch I added 2 endpoints with validation Express middle-ware.

• The first: http://localhost:5000/api/auth/forgot-password
  it is written with classic CallBack syntax.
  we can use it in the front end with axios and as a result a mail will be sent to the user email.

• The second:http://localhost:5000/api/auth/reset-password
  it is written with ES6 asyc/awit syntax.
  we can use it in the front end with axios to update the password in the database.

tomorrow we have to find out how we can go on and what for code we are going to use?

[ghost]

I finished adding my code to Oguzhan code and I pushed it to GitHub.
until now:

• Email Confirmation: totally doen, backend and front end, and with reusable separated nodeMailer file.

• Forget/Reset Password: We have a local version, it is from Adil . It is almost complete (back/and front end). on the other hand we have backend version form Adham and it is compiled with Oguzhan code and pushed to GitHub.

next step
Compile Adil frontEnd code with the whole work , or the whole code from Adil instead of using the backend form Adham.
the coming few hours are really challenging.

[musafir928]

ResetPassword & EmailConfirmation completed.
Test results without error.
After last discussion can be pushed to development branch.

[oguzhanturgut]

changed promises to async await code at backend routes
password reset redirects to login now
made some refactoring
changed mail transport service from nodemailer to sendgrid
changed mail contents
good to go 👍

[ghost]

on local branch I adjusted 2 files.
The first:
routes\api\auth.js
The second:
client\src\components\password-forms\PasswordEmailForm.js
it is about if a user does like as he forget his password , but he is actually not a user in our database.
I adjusted the Axios in the front end and the response in the backend.
the files are sent to the team's member so they can implement them safely in the whole App.

[oguzhanturgut]

Fix PasswordReset component logic
Removed auth checking in PasswordResef and PasswordEmailForm components

So far, it seems that feature is ready to go 🚀