I've been testing users/SendPasswordResetEmail and users/ResetPassword and found some faulty behaviors, first i have received the emails after 13-22 minutes on average which exceeds the ttl of 900 seconds of the otp code. Secondly, we set the value of Expiry in the domain.passowrdResetCode object to 24 hours!!!! and we store it as a record <something/password-reset-codes/userId-otp> and thirdly, we check if the value of Expiry has expired and also check for the validity of otp which both otp and Expiry have different lifespans!!!!. Fourthly, what would happen if the user after let's say 10 minutes did not receive an email and he then sent another email with new otp, a new record get stored and the store.Read will returns a slice of Records so, which one is the first element? is it the old otp or the new one, probably we should check if there is any record then delete it before storing the new one. Finally, there is an error “json: cannot unmarshal string into Go value of type domain.passwordResetCode” coming i believe from line 138 in the domain.go file.
domwong
commented
2 years ago
I've been testing users/SendPasswordResetEmail and users/ResetPassword and found some faulty behaviors, first i have received the emails after 13-22 minutes on average which exceeds the ttl of 900 seconds of the otp code. Secondly, we set the value of Expiry in the domain.passowrdResetCode object to 24 hours!!!! and we store it as a record <something/password-reset-codes/userId-otp> and thirdly, we check if the value of Expiry has expired and also check for the validity of otp which both otp and Expiry have different lifespans!!!!. Fourthly, what would happen if the user after let's say 10 minutes did not receive an email and he then sent another email with new otp, a new record get stored and the store.Read will returns a slice of Records so, which one is the first element? is it the old otp or the new one, probably we should check if there is any record then delete it before storing the new one. Finally, there is an error “json: cannot unmarshal string into Go value of type domain.passwordResetCode” coming i believe from line 138 in the domain.go file.