clearbold / artx

1 stars 0 forks source link

Describe Forgot Password functionality? #51

Open heymarkreeves opened 10 years ago

heymarkreeves commented 10 years ago

Hi, Liam!

I think you said that Forgot Password support is now in the API (and we're scoping the screens to support it in the UI). Can you let me know the steps you're supporting? I'm assuming that we're starting with a new screen where you can enter your email -- What happens next?

Thanks!

Mark

heymarkreeves commented 10 years ago

This is under:

Forgot password functionality (includes creating 2 new screens)

mailbackwards commented 10 years ago

Hi Mark! I just added documentation for the forgot-password functionality in API_ENDPOINTS.md (see this commit for the changes). Here's how we currently envision it working:

How does this sound as a solution? Let me know if anything seems unclear or problematic about this setup. Thanks!

heymarkreeves commented 10 years ago

This sounds clear and user-friendly – We'll proceed with this as assumptions. Thanks!

SherriAlexander commented 9 years ago

Hey there! Quick question about how to handle an unsuccessful response for the PATCH /registrations endpoint (Screen 1). I'm assuming that a 404 response would generally be caused by entering an email that the system doesn't recognize, is that correct?

Would you want to show a separate screen with appropriate verbiage at that point and a link to sign up (in case they haven't signed up yet), or just show the same Forgot Password? screen with the message as an error underneath the "Email" field?

Thanks!

SherriAlexander commented 9 years ago

(I'm going to assume that I'll have it return an error message on the same form, as it's the same way we've handled a similar error on Sign In, but figured I should ask just in case)

SherriAlexander commented 9 years ago

Hey there, all! I do have another quick question about Screen 2.

The comment above says that there should be only 2 fields on Screen 2: a password field, and a confirm password field. The reset password token will be provided by the querystring on the emailed link.

But the other field that's required by the API endpoint is the email address -- and there's no current way for the form to get that information.

Should I add another field to Screen 2 for the email address?

Also, the filename that I've set up for the password reset is "forgot-password-reset.html", if we could add that to the link in the email that gets sent out by Screen 1? Thanks!

mailbackwards commented 9 years ago

Hi Sherri,

The API endpoint PUT /registrations should not need an email address-- it should only need a password, password_confirmation, and reset_password_token (from the query string). Given those 3 parameters, the API should be able to recognize the user, update their password then return a JSON user object. Does that work?

I just updated the email template to link to "http://staging.artx.clearbold.com/forgot-password-reset.html". The API doesn't know the domain of the frontend, so for now the domain is hardcoded to your staging site. Later on I can turn it into a configurable staging/production setup. How does that sound?

Thanks! Liam

SherriAlexander commented 9 years ago

Hey there! Ah, okay -- I was going by the API documentation at the commit linked above, which listed "email" as a required field for the password reset on Screen 2. Sorry about the confusion there! If those three parameters are enough, I should have enough to work with there.

Thank you for updating the email template! It's okay if it's a static link for now, most likely I'll be copying the link from the email and altering the host to be my localhost for testing anyway. :)

Thanks!
--Sherri

SherriAlexander commented 9 years ago

Hi Liam!

I've made some progress with the Forgot Password functionality (I still need to get some more error handling in there, but it's a good start), and I had a quick question for you about the API backend for the password reset part.

I have the password reset form set up, and it all seems to be submitting correctly. I'm sending a PUT request with the password and password_confirmation values, and I send the reset_password_token from the email in a beforeSend function (setting it as a request header, like the authentication tokens elsewhere in the scripts). The Ajax call is returning success. But it seems that the password is not actually being changed by the API. When I go to log in, it still only responds to the old password, not the new one I just set. Could you double-check that everything is working as expected on the API end? Thanks!

mailbackwards commented 9 years ago

Hi Sherri, I'm very sorry for the long delay here. I should have tackled this before the holidays, and once I didn't, it slipped my mind...

I just looked into it and found that the API was looking for the reset token in the POST data rather than in the request header. I've updated the controller so that it should now be checking the header for a token first, then the POST data as a backup. So it should be working now, let me know if it still has trouble. Thanks!

SherriAlexander commented 9 years ago

Hey there, Liam!

Still running into some problems -- I just pushed my work in progress up to the staging server, but I'm getting a JS error there that I wasn't getting from my locally hosted machine.

The PUT request being triggered by the forgot-password-reset.html form is apparently causing a 405 error (below) -- is this something that could be corrected on your end?

Failed to load resource: the server responded with a status of 405 (Method Not Allowed)

Thanks!

--Sherri

mailbackwards commented 9 years ago

Hi Sherri!

Checking the logs, the request doesn't seem to be reaching our server-- when I try to submit the form, I get the following error headers:

image

So it looks to me like the 405 is coming from the staging site rather than the API. The submit form in forgot-password-reset.html is triggering a POST here which the staging site doesn't seem to like (whereas the localhost might've let it through).

Let me know if that helps, or if I can do anything on my end. Thanks!

Liam

SherriAlexander commented 9 years ago

OK -- it was actually my error in correctly parsing the querystring, sorry about that (got caught by the difference between the raw Mandrill string and the parsed URL it generates)! That piece has now been fixed, no more 405 errors. :)

However, it still seems that the password reset is not actually taking place. I just tested it out on staging (trying to change my password from "password" to "wordpass"). The email came through, I used the link in it to get to the "change the password" form, the Ajax request for changing the password returned "successful". Then I try to log in with the new password and I get the 403 "Authentication failed" error. If I log in with my original password, it works.

Could you take a peek at the logs to see what might be happening? Not sure where the problem lies, as everything appears to be working correctly from the front end, though it's possible I'm missing something. Thanks!

mailbackwards commented 9 years ago

Whoops, there were a couple errors going on! Sorry about that. I've pushed up some fixes and the password reset functionality is now working for me on staging. See if it works for you now.

SherriAlexander commented 9 years ago

Hey there, Liam!

Hmm...both my local site and the staging site have stopped pulling in data completely. Has something changed on the back end that I need to update as well? Thanks!

heymarkreeves commented 9 years ago

@SherriAlexander I have an email to share with you on this :) Sorry for the delay!

SherriAlexander commented 9 years ago

Luckily, we have the backend API URL defined just once as a variable, makes it easy to replace!

Liam, looks like you'll need to manually edit this on the http://artbotapp.com site for now -- in the scripts-concat.min.js file, search for the following snippet:

jsonDomain:"http://artx-staging.herokuapp.com"

and change that to :

jsonDomain:"http://artbot-api.herokuapp.com"

That should do the trick. :)

SherriAlexander commented 9 years ago

I just tested out the Forgot Password functionality, and it all seems to be working as intended now. Thanks for working through it with me, @mailbackwards! :)

mailbackwards commented 9 years ago

Great! And http://artbotapp.com is getting live data again. Thanks!

heymarkreeves commented 9 years ago

This one's ready for the team to test on http://staging.artx.clearbold.com/

You'll want to clear out your cache first. We'll look forward to your feedback!

Mark

/cc @desigonz @mailbackwards