presidentennn
commented
5 years ago Hi.
First, thank you for posting this. I know it's a quite basic feature to be able to both change and recover your password, should've been finished earlier. It's one of the top prioritized things right now and I plan to add all these new things together in the front-end update that I'm working on right now.
Secondly, yes, the method you suggested is almost exactly how it's supposed to be possible. There are several packages that handle a lot of that so it's mostly just a matter of connecting them all.
While I'm certain people could request an account reset from Pim, I think it would be useful if people can request a password reset on the website itself, so this process can be automated.
Here's my idea of how I think this should be implemented. There'd be a link available on the login page, which you can click on if you want to reset your password. When you do this, you enter your e-mail address and an e-mail will be sent to that address. This e-mail contains a link which you can click on to go to a page on Codevision. Here, you can specify your new password and click a button for confirmation. Once this button is clicked, your new password will be set and users are redirected to the login page.
The links would be automatically generated, and contain some kind of random id, which can be used on the back-end for verifying the e-mail address. On the back-end pairs of these random ids and their e-mail address would be stored for later retrieval. When the new password is confirmed, both the password and generated id are sent to the back-end, so the necessary steps to replace the password can be executed. Once this is done, the link gets deleted from the back-end, as well as the random id.
The links and random ids would be valid for a limited period of time, for example 15 or 30 minutes and will be automatically deleted when this period has ended.