Reset Password

[iamlax]

Added forget your password feature. The feature sends a verification code to your email that is then used to reset your password. Added userType field to model, so that we can verify the request is only from local users. Added internalization to the components to support the french translation created by @tusmanakhter this iteration.

You need to add a hotmail account to the .env in the server. I can give you one if u don't want to use yours and avoid accidentally committing your credentials. The email i can provide is linked to my phone number, so don't spam people with it please.

Demo Steps:

1. Navigate to website
2. Click login
3. Select the forget you password option
4. Enter an email and click next
5. Get verification code from email
6. Enter your verification code and click next
7. Enter you new password and click reset
8. Login using your new password.

Demo Steps with pictures: here

[iamlax]

Feature is working as expected using a random hotmail account I have. Very nicely done with this much needed feature. 💯

Few suggestions in terms of user experience that we can improve in the future:

1. If user fails the token, give them another chance instead of bringing them to last page, maybe we can verify token at the second step instead of last step.
2. Have a better email message, this one is good for now 🥇 Also still not too sure on our strategy of having different types of users for Google and Facebook instead of having one user type with different login methods. e.g linking Google and Facebook account to local account instead of signing up with those services separately. Ultimately up to stakeholders.

Hmm didn't think about that. Tries will be more user friendly and there is actually libraries for email templates that we can use to make it prettier.

[iamlax]

Very useful feature! It is working as intended. Using the credentials you provided I received a reset password verification code. The code worked as intended locally and was able to successfully reset password.

Food for thought: For security reasons we should not allow users to re-enter their same password... in other words, storing an equivalent hash again . Because as of now forget password is also a way to change user password. Unless of course in the future, in edit profile we allow users to change their password in a secure manner.

This is a very earlier stage of the app, but security should be kept in mind as we move into alpha testing. Well done Lax 💪

Not allowing a user to use the same password is a strategy many website uses. So we can look at ways to improve account security. We should add a user story for the profile change password.