Reset password functionality (backend)

JuhoBjn / online-store

An online store made for a course project.

0 stars 1 forks source link

Reset password functionality (backend) #31

Closed vaasuu closed 1 year ago

vaasuu commented 1 year ago

Add API route to reset password using email.

Provide email address and the system will send a email with a link to reset the password.

Things to add:

[x] Email sending using SMTP (nodemailer)
[x] Sendgrid/Mailjet etc. to provide SMTP relay
[x] Send password reset request endpoint
[x] Reset password using reset token endpoint
[x] Automated tests

vaasuu commented 1 year ago

The send password reset link to email endpoint will leak that the email exists and I do not care about that at this point, as the same information leakage can be found from the signup endpoint too (by trying to make a new account using the email).