Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement Forget and Reset Password API #38

Closed
1 of 4 tasks
sanjaysah101 opened this issue Aug 26, 2024 · 0 comments · Fixed by #54
Closed
1 of 4 tasks

Implement Forget and Reset Password API #38

sanjaysah101 opened this issue Aug 26, 2024 · 0 comments · Fixed by #54
Assignees
@sanjaysah101
Labels
enhancement New feature or request
Milestone
User Management

Comments

@sanjaysah101
Copy link
Collaborator

sanjaysah101 commented Aug 26, 2024
edited
Loading

Description:

According to the flow diagram, I've attached, we should implement APIs for the Forget Password and Reset Password functionalities. This will allow users to recover their accounts by generating a One-Time Password (OTP) sent via email, verifying the OTP, and resetting their password.

Flow Overview:

  1. Forget Password Flow:

    • Endpoint: POST /api/v1/auth/forget-password
    • Payload: { email }
    • Process:
      • Validate the request.
      • Verify if the email exists.
      • Generate an OTP and set an expiry time.
      • Save the OTP and send it via email to the user.

  2. OTP Verification Flow:

    • Endpoint: POST /api/v1/otp/verify
    • Payload: { otp }
    • Process:
      • Verify the OTP.
      • If valid, generate a token for password reset.
      • Return the token to the user.

  3. Reset Password Flow:

    • Endpoint: POST /api/v1/auth/reset-password
    • Payload: { password, confirmPassword, token }
    • Process:
      • Verify the token.
      • Validate password and confirmPassword.
      • Encrypt and store the new password.
      • Send a confirmation email that the password has been changed.

Notification Service Integration

  • The OTP and password reset emails will be sent through the Notification Service using:

    • Endpoint: POST /api/v1/emails

    • Payload example:

      export type EmailNotification = {
    to: string;
    eventType: string;
    payload: { otp: string };
    subject: string;
};

Edge Cases:

  • Implement a limit for the number of OTP entry attempts.
  • Ensure proper error handling for scenarios like expired OTP, invalid tokens, or mismatched passwords.

Tasks:

  • Create forget-password endpoints to handle the OTP generation process.
  • Implement otp/verify endpoint to validate the OTP and generate a password reset token.
  • Implement a reset-password endpoint to handle the new password submission, validation, and storage.
  • Integrate with the Notification Service to send OTP and password change confirmation emails.

References

Image
@ansopedia ansopedia added the enhancement New feature or request label Sep 10, 2024
@sanjaysah101 sanjaysah101 changed the title Implement API for Password Reset and Forgot Password Implement Forget and Reset Password API Sep 11, 2024
@sanjaysah101 sanjaysah101 mentioned this issue Sep 16, 2024
Merged
@sanjaysah101 sanjaysah101 linked a pull request Sep 16, 2024 that will close this issue
Feat/38 account recovery #54
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sanjaysah101 sanjaysah101

Labels
enhancement New feature or request
Projects
None yet
Milestone
User Management
Development

Successfully merging a pull request may close this issue.

Feat/38 account recovery ansopedia/user-service
1 participant
@sanjaysah101