heymarkreeves
commented
9 years ago This is under:
Forgot password functionality (includes creating 2 new screens)
Open heymarkreeves opened 9 years ago
heymarkreeves
commented
9 years ago This is under:
Forgot password functionality (includes creating 2 new screens)
mailbackwards
commented
9 years ago Hi Mark! I just added documentation for the forgot-password functionality in API_ENDPOINTS.md (see this commit for the changes). Here's how we currently envision it working:
PATCH request to /registrations, which sends that user a password-reset emailPUT request to /registrations, which updates the user's password.How does this sound as a solution? Let me know if anything seems unclear or problematic about this setup. Thanks!
heymarkreeves
commented
9 years ago This sounds clear and user-friendly – We'll proceed with this as assumptions. Thanks!
SherriAlexander
commented
9 years ago Hey there! Quick question about how to handle an unsuccessful response for the PATCH /registrations endpoint (Screen 1). I'm assuming that a 404 response would generally be caused by entering an email that the system doesn't recognize, is that correct?
Would you want to show a separate screen with appropriate verbiage at that point and a link to sign up (in case they haven't signed up yet), or just show the same Forgot Password? screen with the message as an error underneath the "Email" field?
Thanks!
SherriAlexander
commented
9 years ago (I'm going to assume that I'll have it return an error message on the same form, as it's the same way we've handled a similar error on Sign In, but figured I should ask just in case)
SherriAlexander
commented
9 years ago Hey there, all! I do have another quick question about Screen 2.
The comment above says that there should be only 2 fields on Screen 2: a password field, and a confirm password field. The reset password token will be provided by the querystring on the emailed link.
But the other field that's required by the API endpoint is the email address -- and there's no current way for the form to get that information.
Should I add another field to Screen 2 for the email address?
Also, the filename that I've set up for the password reset is "forgot-password-reset.html", if we could add that to the link in the email that gets sent out by Screen 1? Thanks!
mailbackwards
commented
9 years ago Hi Sherri,
The API endpoint PUT /registrations should not need an email address-- it should only need a password, password_confirmation, and reset_password_token (from the query string). Given those 3 parameters, the API should be able to recognize the user, update their password then return a JSON user object. Does that work?
I just updated the email template to link to "http://staging.artx.clearbold.com/forgot-password-reset.html". The API doesn't know the domain of the frontend, so for now the domain is hardcoded to your staging site. Later on I can turn it into a configurable staging/production setup. How does that sound?
Thanks! Liam
SherriAlexander
commented
9 years ago Hey there! Ah, okay -- I was going by the API documentation at the commit linked above, which listed "email" as a required field for the password reset on Screen 2. Sorry about the confusion there! If those three parameters are enough, I should have enough to work with there.
Thank you for updating the email template! It's okay if it's a static link for now, most likely I'll be copying the link from the email and altering the host to be my localhost for testing anyway. :)
Thanks!
--Sherri
SherriAlexander
commented
9 years ago Hi Liam!
I've made some progress with the Forgot Password functionality (I still need to get some more error handling in there, but it's a good start), and I had a quick question for you about the API backend for the password reset part.
I have the password reset form set up, and it all seems to be submitting correctly. I'm sending a PUT request with the password and password_confirmation values, and I send the reset_password_token from the email in a beforeSend function (setting it as a request header, like the authentication tokens elsewhere in the scripts). The Ajax call is returning success. But it seems that the password is not actually being changed by the API. When I go to log in, it still only responds to the old password, not the new one I just set. Could you double-check that everything is working as expected on the API end? Thanks!
mailbackwards
commented
9 years ago Hi Sherri, I'm very sorry for the long delay here. I should have tackled this before the holidays, and once I didn't, it slipped my mind...
I just looked into it and found that the API was looking for the reset token in the POST data rather than in the request header. I've updated the controller so that it should now be checking the header for a token first, then the POST data as a backup. So it should be working now, let me know if it still has trouble. Thanks!
SherriAlexander
commented
9 years ago Hey there, Liam!
Still running into some problems -- I just pushed my work in progress up to the staging server, but I'm getting a JS error there that I wasn't getting from my locally hosted machine.
The PUT request being triggered by the forgot-password-reset.html form is apparently causing a 405 error (below) -- is this something that could be corrected on your end?
Failed to load resource: the server responded with a status of 405 (Method Not Allowed)Thanks!
--Sherri
mailbackwards
commented
9 years ago Hi Sherri!
Checking the logs, the request doesn't seem to be reaching our server-- when I try to submit the form, I get the following error headers:
So it looks to me like the 405 is coming from the staging site rather than the API. The submit form in forgot-password-reset.html is triggering a POST here which the staging site doesn't seem to like (whereas the localhost might've let it through).
Let me know if that helps, or if I can do anything on my end. Thanks!
Liam
SherriAlexander
commented
9 years ago OK -- it was actually my error in correctly parsing the querystring, sorry about that (got caught by the difference between the raw Mandrill string and the parsed URL it generates)! That piece has now been fixed, no more 405 errors. :)
However, it still seems that the password reset is not actually taking place. I just tested it out on staging (trying to change my password from "password" to "wordpass"). The email came through, I used the link in it to get to the "change the password" form, the Ajax request for changing the password returned "successful". Then I try to log in with the new password and I get the 403 "Authentication failed" error. If I log in with my original password, it works.
Could you take a peek at the logs to see what might be happening? Not sure where the problem lies, as everything appears to be working correctly from the front end, though it's possible I'm missing something. Thanks!
mailbackwards
commented
9 years ago Whoops, there were a couple errors going on! Sorry about that. I've pushed up some fixes and the password reset functionality is now working for me on staging. See if it works for you now.
SherriAlexander
commented
9 years ago Hey there, Liam!
Hmm...both my local site and the staging site have stopped pulling in data completely. Has something changed on the back end that I need to update as well? Thanks!
heymarkreeves
commented
9 years ago @SherriAlexander I have an email to share with you on this :) Sorry for the delay!
SherriAlexander
commented
9 years ago Luckily, we have the backend API URL defined just once as a variable, makes it easy to replace!
Liam, looks like you'll need to manually edit this on the http://artbotapp.com site for now -- in the scripts-concat.min.js file, search for the following snippet:
jsonDomain:"http://artx-staging.herokuapp.com"and change that to :
jsonDomain:"http://artbot-api.herokuapp.com"That should do the trick. :)
SherriAlexander
commented
9 years ago I just tested out the Forgot Password functionality, and it all seems to be working as intended now. Thanks for working through it with me, @mailbackwards! :)
mailbackwards
commented
9 years ago Great! And http://artbotapp.com is getting live data again. Thanks!
heymarkreeves
commented
9 years ago This one's ready for the team to test on http://staging.artx.clearbold.com/
You'll want to clear out your cache first. We'll look forward to your feedback!
Mark
/cc @desigonz @mailbackwards
Hi, Liam!
I think you said that Forgot Password support is now in the API (and we're scoping the screens to support it in the UI). Can you let me know the steps you're supporting? I'm assuming that we're starting with a new screen where you can enter your email -- What happens next?
Thanks!
Mark