Open macaframa opened 3 years ago
Sure, in here Reset password would be a better option. Let's add that.
Great, I'm working on a solution at the moment. I'm going to use a similar pattern to how you handle the 'confirm' endpoint, hit the mailer with a different message/title for the email "verify that this is your email and confirm this account." Link goes to the confirm endpoint. I'll have a pr sometime this week. And if theres any other things you'd like to handle, I got some time to contribute. Thanks for making this.
Contributions are always welcome
On Mon, Oct 12, 2020 at 11:44 AM macaframa notifications@github.com wrote:
Great, I'm working on a solution at the moment. I'm going to use a similar pattern to how you handle the 'confirm' endpoint, hit the mailer with a different message/title for the email "verify that this is your email and confirm this account." Link goes to the confirm endpoint. I'll have a pr sometime this week. And if theres any other things you'd like to handle, I got some time to contribute. Thanks for making this.
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/kasvith/express-mongo-jwt-boilerplate/issues/34#issuecomment-706891490, or unsubscribe https://github.com/notifications/unsubscribe-auth/ADGCQCZZCJV7LT7MMGAYBM3SKKNFRANCNFSM4SL5O7XQ .
-- Kasun Vithanage Ingame sp. z o.o.
When you hit http:localhost:3000/api/auth/register with the same email, as expected it will kick back an error that says that email is already taken. I propose updating this to
1) checking to see if this user is already active 2) if they are not active, you send another generated link to their email.
Reasoning: currently if someone was to send a post request to this server with my email, it has ruined the experience for me as the user. Now I have to reset password? Which currently does not exist in this project. So this is a blindspot.