Skip to content
This repository has been archived by the owner on Feb 17, 2019. It is now read-only.

Finish implementation of password recovery #48

Open
3 tasks done
kparkov opened this issue Feb 12, 2017 · 3 comments
Open
3 tasks done

Finish implementation of password recovery #48

kparkov opened this issue Feb 12, 2017 · 3 comments
Assignees
@kparkov
Milestone
0.6.0 Feature com...

Comments

@kparkov
Copy link
Member

kparkov commented Feb 12, 2017
edited by slytter
Loading

I don't know exactly hos much was implemented the first time around, but I think there is a store method and an endpoint - but I believe it is incomplete.

The way it should work is:

  • Call GET /recovery/:email to ask for a recovery token.
  • The token is set on the user, and the e-mail is sent. At this point we want it to point at a passwordRecoveryUrl set as an ENV var. We want to suffix the token as ${passwordRecoveryUrl}/${token}.
  • Another endpoint, POST /recovery/:token, will take a { email: 'email', password: 'newPass' } body. If the token OR the e-mail does not match, it should return 404.
@kparkov kparkov mentioned this issue Feb 12, 2017
Closed
@slytter
Copy link
Contributor

slytter commented Jun 6, 2017

I think it was fixed by:
a58f4f7

@slytter
Copy link
Contributor

slytter commented Jun 6, 2017
edited
Loading

and 96f26c4

@kparkov
Copy link
Member Author

kparkov commented Jun 6, 2017

Clearly not fixed, as there are no password recovery methods anywhere.

@kparkov kparkov assigned kparkov and unassigned slytter Jun 6, 2017
@slytter slytter mentioned this issue Jul 3, 2017
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@kparkov kparkov

Labels
None yet
Projects
None yet
Milestone
0.6.0 Feature complete and security i...
Development

No branches or pull requests
2 participants
@kparkov @slytter