Skip to content

[FEAT]: Password Reset Email Link - Backend #51

New issue
New issue
Open
Open
[FEAT]: Password Reset Email Link - Backend#51
Assignees
Waptech07
Labels
approvedauthIssues categorised by authentication and users
@Waptech07

Description

@Waptech07
Waptech07
opened on Jul 18, 2024

Description

Implementing a feature that enables users to request a password reset link sent to their email.

Acceptance Criteria

Purpose

To ensure that users can initiate a password reset request and promptly receive a reset link via email, allowing them to regain access to their accounts in case they forget their password.

Requirements

  • Provide an endpoint for initiating the password reset process.
  • Verify the user exists in the database.
  • Generate a unique token for the password reset link.
  • Store the token in the database with an expiration time.
  • Send the password reset email with the reset link containing the token.
  • Handle errors appropriately and return the correct status codes and messages.
  • Notify the user to check their email for a reset link after initiating the request.

Expected Outcome

  • Users should be able to initiate a 'reset password' request and immediately receive a password reset link once the request is made.

Endpoints

Reset Password Email [POST] /api/v1/auth/password-reset-email

Description

Given a request with a valid email, when the user clicks on 'Forgot Password', the system should send a password reset link to the email provided with a 200 status code.

Request

POST /api/v1/auth/password-reset-email
{
  "email": "String"
}

Successful Response

{
  "message": "Password reset email sent successfully.",
  "reset_link": "https://endpoint.api/reset-password?token=unique_token"
}

Error Response

For an Invalid Email:

{
  "message": "String",
  "error": "String",
  "status_code": "Int"
}

Testing

Unit Tests:

  • Verify that the endpoint returns a 200 status and the correct response when a valid email is provided.
  • Verify that the endpoint returns a 404 status and the correct error message when an invalid email is provided.
  • Verify that a unique token is generated and stored in the database with an expiration time.
  • Verify that the email is sent with the correct reset link.

Integration Tests:

  • Test the entire password reset process from the user's perspective, including initiating the request, receiving the email, and verifying the token storage.
  • Test edge cases such as multiple requests in a short period, expired tokens, and invalid token formats.

Database Design

Untitled (4)

Implementation Details

Request Password Reset:

  • User clicks 'Forgot Password' and enters their email.
  • Verify if the email exists in the database.
  • If the email exists, generate a unique token.
  • Store the token in the password_reset_tokens table with an expiration time.
  • Send an email to the user with the reset link containing the token.

Metadata

Metadata

Assignees

Labels

approvedauthIssues categorised by authentication and users

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions