The current login is insecure and requires people to remember their password. There is no password reset.
Instead of passwords, let's just implement a Json Web Token sent via a magic link to the email. This will require getting nodemailer to work (which is a good thing anyways).
By changing the login API we can accept an email address, then send an email with a token, and use that to login the user.
The current login is insecure and requires people to remember their password. There is no password reset.
Instead of passwords, let's just implement a Json Web Token sent via a magic link to the email. This will require getting nodemailer to work (which is a good thing anyways).
By changing the login API we can accept an email address, then send an email with a token, and use that to login the user.