email (the same email that user fills in the restoration request field)
token (token which was sent in the confirmation latter)
new_password (new password which requires conditions. Use functionality of password validation present in user registration functionality for checking requirements)
new_password_confirmation (should be the exact same value as a "new_password")
Token expiration time: 3 hours after approval message sending
Once password was changed token which was used for it should be disabled.
All bearer tokens should be expired after password changing
Create table password_recovery_tokens for store tokens in DB with next fields:
id (PK)
email (varchar(255))
token (varchar(36))
send_date_time (timestamp)
enabled (boolean)
Implement functionality for sending approval email which contains token. Generated link should have user's email and token as a url's variable named email and token.
Implement cron job which erase both expired and disabled tokens every 24 hours from DB
Token which was expired should not be allowed to change the password.
Other requirements:
If possible reuse or refactor methods for reusing code which used for user registration for password requirements validation and setting the new password
Write unit/integration tests for new functionality
Corner cases:
Token expired or disabled: HTTP 406 ("Token is invalid)
Passwords don't matches: HTTP 406 ("Passwords not equals")
Password not satisfied rules: HTTP 406 ("Password too weak")
Wrong email: HTTP 404 ("Password restoration request not found")
Other: default error
Summary of change
Created new entity, repository and table for password recovery tokens
Edited OpenAPI specification
Added new endpoints for password restoration request and password restoration approval
Added 2 methods in service layer for password restoration request and change password
Added 2 cron jobs which sends approval letters and marks tokens as expired
Refactored Mail service layer
Added tests
Added mustache template for password recovery letter
Added new Exception, Converters and Exception mapper
Testing approach
Not required
CHECK LIST
[x] СI passed
[ ] Сode coverage >=95%
[x] PR is reviewed manually again (to make sure you have 100% ready code)
[ ] All reviewers agreed to merge the PR
[x] I've checked new feature as logged in and logged out user if needed
dev
ZenHub
Summary of issue
Currently the project haven't functionality for password restoration. Implement this one.
Create endpoints for password restoration request (
/reset-password/request
). Required fields:email
(of user which wants restore the password).Create password restoration approval endpoint (
/reset-password/approval
). Requirements:email
(the same email that user fills in the restoration request field)token
(token which was sent in the confirmation latter)new_password
(new password which requires conditions. Use functionality of password validation present in user registration functionality for checking requirements)new_password_confirmation
(should be the exact same value as a "new_password")Create table
password_recovery_tokens
for store tokens in DB with next fields:id
(PK)email
(varchar(255))token
(varchar(36))send_date_time
(timestamp)enabled
(boolean)Implement functionality for sending approval email which contains token. Generated link should have user's email and token as a url's variable named
email
andtoken
.Other requirements:
Corner cases:
Summary of change
Testing approach
Not required
CHECK LIST