Answer the question
In order to leave comments, you need to log in
How to competently implement password recovery with dying links? Is my logic correct?
Sketched an authorization system on JWT tokens.
Asked about password recovery.
As I understand it, there will be 3 post requests on the back.
The first is for the presence of email in the database and send an email with a secret code to email. The same secret code will be written to the database.
(If not stored in the database, then where?)
The second is to compare the code in the database and the response from the request body. (!)
The third is to update the password in the database.
At the front - react, mobX.
In one component I will process the first 2 requests.
After the second successful request, I will add a new state, call isReset = true and transfer the unauthorized user to the new route.
The route is available as long as isReset = true. After changing the password, the state becomes false. And the route for it now does not exist.
Those who know, tell me if I planned correctly? And how to make the letter one-time, so that it is impossible to activate the password reset several times? I am using nodemailer. Thank you.
Answer the question
In order to leave comments, you need to log in
everything is stolen before us.
The user base has several fields
ResetField, IsResetComplite, ResetDate,
respectively, the first one contains some value that is obtained during the reset, the second controls the reset process, and the third is the reset time, and it is controlled by the time interval.
You can supplement at will, for example, codes from SMS
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question