Skip to content

[P2] Add password reset tokens #152

New issue
New issue
Open
Open
[P2] Add password reset tokens#152
Labels
backendRelated to server / worker codeenhancementNew feature or requesthelp wantedExtra attention is needed
@willroberts

Description

@willroberts
willroberts
opened on Oct 16, 2022

Summary

Since we removed email-based forgot password flows (see git log for original code), we should add an alternative system for password resets. One way to do this is with "recovery tokens", as seen on sites with MFA flows. We could give a user one recovery token which can be used to validate a one-time password reset, which then grants a new recovery token. These could be stored as (user_id, token) in a new Postgres table, and can be deleted after successful use.

Metadata

Metadata

Assignees

No one assigned

    Labels

    backendRelated to server / worker codeenhancementNew feature or requesthelp wantedExtra attention is needed

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions