search

dotkernel / api

DotKernel's PSR-7 REST style API built around the Mezzio API skeleton.
https://docs.dotkernel.org/api-documentation/
MIT License
35 stars 5 forks source link

reset password endpoint status 200 #23

Closed kakapiciu closed 4 years ago

kakapiciu commented 4 years ago

the API must return all the time

200 OK

 

even if the email was not found .

and the message should be :

Instead of:

Password reset mail has been successfully sent!  

should be:

If there is an account associated with the email example@email.com, an email containing password recovery instructions was sent to it.

alexmerlin commented 4 years ago

Where does the API return this message: Password reset mail has been successfully sent!?

When a user submits a reset password request, the API responds with:

  1. status 200 if:
    • the requested account could not be identified
    • the account was identified and the reset password email has been successfully sent to the user The message is: If the provided email identifies an account in our system, you will receive an email with further instructions on resetting your account's password. (accessed via this constant: Api\App\Common\Message::MAIL_SENT_RESET_PASSWORD)
  2. status 400, the error message coming from:
    • the form validation process
    • an exception thrown when the API is unable to update the user's account
    • an exception thrown when the API is unable to send the reset password mail
  3. status 500: internal server error

An improvement could be made here, though: in the messages returned we should replace the word email with identity.