We need to implement a "Forget Password" feature that allows users to reset their passwords if they forget them. This feature should send an email to the user's registered email address with a password reset link. We will use Nodemailer to set up an SMTP server for sending the emails.
Tasks:
Create Password Reset API Endpoint:
[ ] Create an API endpoint /api/auth/forgot-password to handle password reset requests.
[ ] Validate the email address provided by the user.
[ ] Generate a secure token and save it to the database with an expiration time.
Setup Nodemailer:
[ ] Install Nodemailer: npm install nodemailer
[ ] Configure Nodemailer with SMTP settings (e.g., using Gmail, Mailgun, or any other SMTP service).
Send Password Reset Email:
[ ] Create an email template for the password reset email.
[ ] Use Nodemailer to send the email with the password reset link, including the secure token in the link.
Create Password Reset Page:
[ ] Create a front-end page where users can enter a new password.
[ ] Validate the token and ensure it has not expired.
[ ] Update the user's password in the database.
Security Considerations:
[ ] Ensure the token is securely generated and stored.
[ ] Implement rate limiting on the password reset endpoint to prevent abuse.
[ ] Ensure the reset link expires after a certain period (e.g., 1 hour).
Additional Information:
SMTP Server Configuration:
Example configuration for Nodemailer:
const nodemailer = require('nodemailer');
let transporter = nodemailer.createTransport({
host: 'smtp.example.com',
port: 587,
secure: false, // true for 465, false for other ports
auth: {
user: 'your-email@example.com', // generated ethereal user
pass: 'your-email-password', // generated ethereal password
},
});
let mailOptions = {
from: '"Your App Name" your-email@example.com', // sender address
to: 'user@example.com', // list of receivers
subject: 'Password Reset', // Subject line
text: 'Please click the link below to reset your password.', // plain text body
html: 'Please click the link below to reset your password:', // html body
};
Description:
We need to implement a "Forget Password" feature that allows users to reset their passwords if they forget them. This feature should send an email to the user's registered email address with a password reset link. We will use Nodemailer to set up an SMTP server for sending the emails.
Tasks:
Create Password Reset API Endpoint:
/api/auth/forgot-password
to handle password reset requests.Setup Nodemailer:
npm install nodemailer
Send Password Reset Email:
Create Password Reset Page:
Security Considerations:
Additional Information:
SMTP Server Configuration:
let transporter = nodemailer.createTransport({ host: 'smtp.example.com', port: 587, secure: false, // true for 465, false for other ports auth: { user: 'your-email@example.com', // generated ethereal user pass: 'your-email-password', // generated ethereal password }, });
let mailOptions = { from: '"Your App Name" your-email@example.com', // sender address to: 'user@example.com', // list of receivers subject: 'Password Reset', // Subject line text: 'Please click the link below to reset your password.', // plain text body html: 'Please click the link below to reset your password:', // html body };
transporter.sendMail(mailOptions, (error, info) => { if (error) { return console.log(error); } console.log('Message sent: %s', info.messageId); console.log('Preview URL: %s', nodemailer.getTestMessageUrl(info)); });
Expiration Handling:
References:
Labels:
Please review the tasks and provide any feedback or additional requirements. Once approved, we can start working on this feature.