Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change password and logout #637

Merged
merged 3 commits into from
Dec 31, 2019
Merged

Change password and logout #637

merged 3 commits into from
Dec 31, 2019

Conversation

aldeed
Copy link
Contributor

@aldeed aldeed commented Dec 30, 2019

Resolves #574
Impact: minor
Type: feature

Changes

Breaking changes

These changes are tied to changes in Reaction Identity. As long as both services are updated as well as any environment variables, nothing should break.

This requires additional scope and options for the Hydra client, but I've included server startup code that will auto-update the Hydra client as necessary.

Testing

Test with the following PR branches:

Reset Password

Prerequisite: Configure emailing on the API so that you'll get the password reset email.

  1. Create an account
  2. Sign out
  3. Click Sign In, but then click Forgot Password
  4. Enter the email address of the account you created and click the button.
  5. In the email, click the link.
  6. Set a new password
  7. Log in with the new password to confirm it worked.

Change Password

  1. Create an account or use already created.
  2. Sign in
  3. From account menu, choose Change Password.
  4. You should be taken to the Change Password form on Reaction Identity with the email address pre-filled.
  5. Enter your current and new password.
  6. After the change, you should be automatically redirected back to the same storefront page you were on when you clicked Change Password.
  7. Sign out and back in with the new password to verify it worked.

Logout

If you've tested the other changes, you've been testing logout. The flow is different behind the scenes (standard OpenID Connect Logout Flow, more secure), but the effect is the same.

Error Page

There is a custom OAuth error page now, but unless you modify the code or adjust some env variables you will hopefully not see it. If you are interested in doing this, let me know.

@aldeed
feat: implement change password flow
84452ce 
Signed-off-by: Eric Dobbertin <eric@dairystatedesigns.com>
@aldeed
feat: use standard OpenID logout flow
83e28f9 
Signed-off-by: Eric Dobbertin <eric@dairystatedesigns.com>
This was referenced Dec 30, 2019
Merged
Merged
Merged
@aldeed
chore: fix lint
138282f 
Signed-off-by: Eric Dobbertin <eric@dairystatedesigns.com>
@aldeed aldeed requested a review from willopez December 30, 2019 20:13
willopez
willopez approved these changes Dec 31, 2019
View reviewed changes
Copy link
Member

@willopez willopez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, there is a minor issue with escaping & in the setup script that will be addressed separately.

@willopez willopez merged commit 8b3210f into release-v3.0.0 Dec 31, 2019
@willopez willopez mentioned this pull request Dec 31, 2019
Closed
@rosshadden rosshadden mentioned this pull request Jan 9, 2020
Merged
@kieckhafer kieckhafer deleted the feat-aldeed-change-password branch January 23, 2020 19:53
@kieckhafer kieckhafer mentioned this pull request Feb 6, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@willopez willopez willopez approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@aldeed @willopez