Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backend Feature Request: Forgot Password Endpoint #76

Open
hashim6789 opened this issue Feb 22, 2025 · 1 comment
Open

Backend Feature Request: Forgot Password Endpoint #76

hashim6789 opened this issue Feb 22, 2025 · 1 comment
Assignees
@hashim6789
Labels
authentication Related to user authentication & security backend Backend required enhancement New feature or request

Comments

@hashim6789
Copy link
Contributor

Forgot Password Feature Implementation

Description

We need to implement a Forgot Password endpoint to allow users to securely request a password reset link in case they forget their password. This will enhance the security and usability of the Inker platform.

Feature Requirements

1. Forgot Password Endpoint

  • Create a new API endpoint /api/auth/forgot-password to handle forgot password requests.
  • Accept a request body containing the user's email address.
  • Validate the provided email address to ensure it is associated with an existing account.
  • Generate a unique password reset token with an expiration time (e.g., 24 hours).
  • Send an email containing the password reset link with the token to the user's email address.

2. Token Generation and Storage

  • Implement logic for generating secure, unique tokens.
  • Store the generated tokens in the database, associated with the user's email and expiration time.
  • Ensure that tokens are securely stored and are not easily guessable.

3. Email Service Integration

  • Integrate with an email service provider to send password reset emails.
  • Use a predefined email template to create user-friendly emails containing the password reset link.

API Specification

Endpoint: Forgot Password Request

Method: POST
URL: /api/auth/forgot-password

Request Body

{
  "email": "user@example.com"
}

Response (Success)

Status Code: 200 OK

{
  "status":200,
  "message": "Password reset link has been sent to your email."
}

Response (Failure - Invalid Email)

Status Code: 400 Bad Request

{
  "error": "Invalid email address or user does not exist."
}

Security Considerations

  • Ensure rate limiting to prevent abuse of the forgot password endpoint.
  • Encrypt the reset token before storing it in the database.
  • Implement email verification to prevent unauthorized reset attempts.
  • Set expiration time (e.g., 24 hours) for the reset token.

Next Steps

  • Implement the Reset Password endpoint to allow users to update their password using the reset token.
  • Add frontend integration for password reset requests.
  • Test the implementation with different email providers and edge cases.
@AJMALAJU3 AJMALAJU3 added enhancement New feature or request backend Backend required authentication Related to user authentication & security labels Feb 22, 2025
@AJMALAJU3
Copy link
Contributor

@hashim6789 Have you completed this issue?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hashim6789 hashim6789

Labels
authentication Related to user authentication & security backend Backend required enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@AJMALAJU3 @hashim6789