Client | Reset password page

[john20xdoe]

We can establish a User/Account module and include this as a submodule of that. (including upadting of account info, updating of email, settings etc.)

[ghost]

I don't think this is a cms page. this is more like a public page, that everyone can access but have a restricted endpoint, since the access token will be on the query params and not in the header request on reset password. I also think this is guarded in client side but only in its endpoint

[jmaicaaan]

I believe you are saying about the end page already. We still have to let the user "forgot password" in the login page. Actually all the cms pages tickets have branches already.

[john20xdoe]

Yup, I agree, this ticket is the Reset password in the User's CMS page, not the public Forgot password page.

[ghost]

No, this page should be putted on the public module, when the user clicks forgot password it will redirect of pop up a form for email input. The email that the user receives will be point not on cms module.The link is kinda like reset-password?accessToken='aaa' This reset-password component should not be guarded by an access token guard (current user). But if we will put this on the cms module which the whole module is guarded that wil create a conflict. The reset-password is a component in public module which has it own logic if to check if the access token is expired or valid. So after the user clicks the link, this component will request for token validation and if not valid it will redirect to error page maybe. And that flow is very different if we will put this in the cms module, since cms is not requesting for token validation on load page.

[ghost]

The cms module guard checks if there is a current user then if it has it will be available, the current user will only be available after login. If this component will be on cms module, so to access this we probably need to put a value for the current user which is not appropriate for resetting password. There should be no current user on resetting password. if it has then the user can access all available routes

[ghost]

I saw the branch for this issue, and it was fine. The implementation is what I am expecting. I will change the title for this issue.

[ghost]

I removed this to the cms parent task, this is not a cms issue. This has no relation to cms module.