Open mirceaalexandru opened 8 years ago
Reset token should not be part of an not-restricted HTTP response.
The reset token should be sent on e-mail to the recipient for example, using custom client implementation that is not part of this module feature.
So create_reset_token will be able to create the token using seneca-user but not send it in the response.
@rjrodger , @geek , @mihaidma - opinions about this?
Reset token should not be part of an not-restricted HTTP response.
The reset token should be sent on e-mail to the recipient for example, using custom client implementation that is not part of this module feature.
So create_reset_token will be able to create the token using seneca-user but not send it in the response.
@rjrodger , @geek , @mihaidma - opinions about this?