Issue Title: Add "Forgot Password" Functionality to User Authentication
Issue Description:
Summary:
We need to implement a "Forgot Password" functionality to enhance our user authentication system. This feature will allow users to reset their passwords if they forget them, ensuring a better user experience and improved account security.
Details:
Feature Overview:
Provide a link/button on the login page that directs users to a "Forgot Password" page.
On the "Forgot Password" page, users can enter their registered email address to receive a password reset link.
Send an email to the user with a secure, time-limited link to reset their password.
Create a "Reset Password" page where users can set a new password using the link from the email.
Validate the reset link and update the user's password in the database.
Requirements:
Ensure email validation for the "Forgot Password" form.
Use a secure token generation mechanism for the reset link.
Implement necessary backend endpoints to handle the password reset process.
Provide feedback to the user on successful or failed password reset attempts.
Acceptance Criteria:
Users should be able to request a password reset link by entering their email on the "Forgot Password" page.
An email with a secure reset link should be sent to the user's registered email address.
Users should be able to set a new password using the reset link within a specified time frame (e.g., 24 hours).
The new password should be updated in the database, and the user should be able to log in with the new password.
Design Considerations:
Ensure the "Forgot Password" and "Reset Password" pages match the overall design and theme of the website.
Use trust-friendly colors (orange, green, and a little yellow) for these pages to maintain consistency with the rest of the site.
Security Considerations:
Securely generate and validate the reset token.
Ensure the reset token is time-limited and can only be used once.
Implement rate limiting on the "Forgot Password" requests to prevent abuse.
Backend Implementation:
Create Routes:
/api/users/forgot-password: To handle email submission and send reset link.
/api/users/reset-password: To handle password reset using the token.
Token Generation and Email Sending:
Use a library like jsonwebtoken to generate secure tokens.
Use a library like nodemailer to send the password reset email.
Update User Model:
Add fields to store the reset token and its expiration time.
Frontend Implementation:
Create Pages:
ForgotPasswordPage.js: Form to enter the registered email.
ResetPasswordPage.js: Form to set a new password using the reset link.
Add Links and Buttons:
Add a "Forgot Password?" link on the login page.
Acceptance Tests:
Test File:
test/forgotPassword.test.js
Test Cases:
Ensure email validation on the "Forgot Password" form.
Check if a reset email is sent when a valid email is entered.
Verify that the reset link works and allows the user to set a new password.
Ensure the new password is updated in the database and can be used for login.
GitHub Issue: Add "Forgot Password" Functionality
Issue Title: Add "Forgot Password" Functionality to User Authentication
Issue Description:
Summary:
We need to implement a "Forgot Password" functionality to enhance our user authentication system. This feature will allow users to reset their passwords if they forget them, ensuring a better user experience and improved account security.
Details:
Feature Overview:
Requirements:
Acceptance Criteria:
Design Considerations:
Security Considerations:
Backend Implementation:
Create Routes:
/api/users/forgot-password
: To handle email submission and send reset link./api/users/reset-password
: To handle password reset using the token.Token Generation and Email Sending:
jsonwebtoken
to generate secure tokens.nodemailer
to send the password reset email.Update User Model:
Frontend Implementation:
Create Pages:
ForgotPasswordPage.js
: Form to enter the registered email.ResetPasswordPage.js
: Form to set a new password using the reset link.Add Links and Buttons:
Acceptance Tests:
Test File:
test/forgotPassword.test.js
Test Cases:
Tests are still to include