Skip to content

Instantly share code, notes, and snippets.

@BoDonkey
Created September 14, 2022 19:14
Show Gist options
  • Save BoDonkey/51b8661cf6cf676adb617567efea9cec to your computer and use it in GitHub Desktop.
Save BoDonkey/51b8661cf6cf676adb617567efea9cec to your computer and use it in GitHub Desktop.
password reset

TLDR; Basically you have to implement a button in Vue that when click redirects to a page that collects the users email and checks they exist. Then you generate a (time-sensitive?) code you send them by email. That email redirects to a third page which collects and error sniffs the new password. If it checks out, the password is changed or an error is thrown.

Within an a2 project, the password reset code is primarily in node_modules/apostrophe/lib/modules/apostrophe-login. There is code in the index.js file, plus several HTML pages in the views folder of that folder. The passwordResetRequest.html file is a form for requesting a password change. The passwordReset.html is the file for actually having the user change the password. The passwordResetEmail.html is what is emailed to the user and would contain the link back to the passwordReset.html page.

Going forward, when we implement this in house we will do it with Vue.

With regards to the login.js file. There are multiple areas of code that deal with password resets. Part of it is used to force legacy users who have bad passwords to reset. You don't need to worry about that.

The first section is: https://github.com/apostrophecms/apostrophe/blob/2.0/lib/modules/apostrophe-login/index.js#L757 That section catches submission of the request form and sends the password reset email That function is here: https://github.com/apostrophecms/apostrophe/blob/2.0/lib/modules/apostrophe-login/index.js#L1118

The next section catches the person coming in from the sent email: https://github.com/apostrophecms/apostrophe/blob/2.0/lib/modules/apostrophe-login/index.js#L797 If all is copacetic it allows them to submit the for, otherwise it throws an error. In the a2 version the reset code was given a finite lifetime. You may not want this.

THe next section sets the password and throws errors: https://github.com/apostrophecms/apostrophe/blob/2.0/lib/modules/apostrophe-login/index.js#L839

I think that is all of it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment