search

AyushKumar123456789 / stock-analysis-backend

Backend of stock analysis of project
1 stars 2 forks source link

Add "Forgot Password" Functionality #2

Closed AyushKumar123456789 closed 1 month ago

AyushKumar123456789 commented 1 month ago

GitHub Issue: Add "Forgot Password" Functionality

Issue Title: Add "Forgot Password" Functionality to User Authentication

Issue Description:

Summary:

We need to implement a "Forgot Password" functionality to enhance our user authentication system. This feature will allow users to reset their passwords if they forget them, ensuring a better user experience and improved account security.

Details:

  1. Feature Overview:

    • Provide a link/button on the login page that directs users to a "Forgot Password" page.
    • On the "Forgot Password" page, users can enter their registered email address to receive a password reset link.
    • Send an email to the user with a secure, time-limited link to reset their password.
    • Create a "Reset Password" page where users can set a new password using the link from the email.
    • Validate the reset link and update the user's password in the database.

  2. Requirements:

    • Ensure email validation for the "Forgot Password" form.
    • Use a secure token generation mechanism for the reset link.
    • Implement necessary backend endpoints to handle the password reset process.
    • Provide feedback to the user on successful or failed password reset attempts.

  3. Acceptance Criteria:

    • Users should be able to request a password reset link by entering their email on the "Forgot Password" page.
    • An email with a secure reset link should be sent to the user's registered email address.
    • Users should be able to set a new password using the reset link within a specified time frame (e.g., 24 hours).
    • The new password should be updated in the database, and the user should be able to log in with the new password.

  4. Design Considerations:

    • Ensure the "Forgot Password" and "Reset Password" pages match the overall design and theme of the website.
    • Use trust-friendly colors (orange, green, and a little yellow) for these pages to maintain consistency with the rest of the site.

  5. Security Considerations:

    • Securely generate and validate the reset token.
    • Ensure the reset token is time-limited and can only be used once.
    • Implement rate limiting on the "Forgot Password" requests to prevent abuse.

Backend Implementation:

  1. Create Routes:

    • /api/users/forgot-password: To handle email submission and send reset link.
    • /api/users/reset-password: To handle password reset using the token.

  2. Token Generation and Email Sending:

    • Use a library like jsonwebtoken to generate secure tokens.
    • Use a library like nodemailer to send the password reset email.

  3. Update User Model:

    • Add fields to store the reset token and its expiration time.

Frontend Implementation:

  1. Create Pages:

    • ForgotPasswordPage.js: Form to enter the registered email.
    • ResetPasswordPage.js: Form to set a new password using the reset link.

  2. Add Links and Buttons:

    • Add a "Forgot Password?" link on the login page.

Acceptance Tests:

  1. Test File:

    • test/forgotPassword.test.js

  2. Test Cases:

    • Ensure email validation on the "Forgot Password" form.
    • Check if a reset email is sent when a valid email is entered.
    • Verify that the reset link works and allows the user to set a new password.
    • Ensure the new password is updated in the database and can be used for login.

Tests are still to include

cprakash1 commented 1 month ago

Hi Developer You can assign this task to me. I will do my best. Rest Assured.

AyushKumar123456789 commented 1 month ago

Hi cprakash1, Thanks for asking I will assigning this to you