Open Danwhy opened 5 years ago
@Danwhy thank you for opening this issue. This is a good summary of what needs to be built for password reset.
If we can first create the Name https://github.com/dwyl/fields/issues/11 Email https://github.com/dwyl/fields/issues/12 and Password https://github.com/dwyl/fields/issues/13 in the Fields module/package, we can then render the password
(create/reset) form using autoform
.
Required api:
New User Flow
user signs up -> user is in db with no pw -> we want to send email to users without pw -> generate link for creating password -> send emails -> user clicks link -> is taken to page to create password
Change password functionality:
Is there any difference between creating and updating a password? In append only, no difference in database updating, just user flow.
Email will have to be configurable, can we allow people to use any provider they want?
Links
https://www.troyhunt.com/everything-you-ever-wanted-to-know/ https://security.stackexchange.com/questions/117854/how-to-implement-forgot-password-functionality/117871 https://postmarkapp.com/guides/password-reset-email-best-practices