Reset password

[julianpoy]

I sent the beta to my mother, who used it and then logged out. After she logged out, she realized that google chrome hadn't saved her password, and that she didnt remember what it was.

Password reset functionality is one of the most basic and fundamental things account based programs have. Typically, a reset is provided if a user verifies two known pieces of information. These two can vary, but are most commonly username and email. Upon completing this verification a reset link is emailed to the user.

The problem as it stands with our software, is that we do not know anything about our user. We had a discussion the other night, about not asking for email addresses upon signup, however I believe that we may need to. Without a contact method for our user, we have no way of verifying that they are who they claim to be.

I suggest we approach the issue as following.

1. Switch usernames to be email addresses, so a user signs up with email and password
2. Password reset link asks for username, and then emails the user
3. Email contains link to automatic login with a valid session token
4. If user clicks on that link, it logs them in and sends them to the my-account page, where they can change their password. This approach also makes #26 a lot easier. This way, users can send links to other people's email. I don't know my mother's username, but I sure do know her email.

[julianpoy]

@torch2424 Waiting on your feedback.

[torch2424]

Yeah, I guess we will have to do email adresses :'( thank you though! <3

[julianpoy]

Are you sure you want to? We could try something with phone numbers? Do you have any other ideas?

[torch2424]

I dont want to twilio haha, I'll google some methods right now

[torch2424]

Well are answers now are security questions, like: what's your mother's maiden name. Or email. Honestly at this point, I think e-mail may be the way to go

[julianpoy]

Just an FYI, this is currently in progress.

[torch2424]

@julianpoy I noticed thank you :D