Skip to content

[FEAT]: Password Reset Email Link - Backend #51

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
7 tasks
Waptech07 opened this issue Jul 18, 2024 · 1 comment
Open
7 tasks

[FEAT]: Password Reset Email Link - Backend #51

Waptech07 opened this issue Jul 18, 2024 · 1 comment
Assignees
@Waptech07
Labels
approved auth Issues categorised by authentication and users

Comments

@Waptech07
Copy link
Contributor

Description

Implementing a feature that enables users to request a password reset link sent to their email.

Acceptance Criteria

Purpose

To ensure that users can initiate a password reset request and promptly receive a reset link via email, allowing them to regain access to their accounts in case they forget their password.

Requirements

  • Provide an endpoint for initiating the password reset process.
  • Verify the user exists in the database.
  • Generate a unique token for the password reset link.
  • Store the token in the database with an expiration time.
  • Send the password reset email with the reset link containing the token.
  • Handle errors appropriately and return the correct status codes and messages.
  • Notify the user to check their email for a reset link after initiating the request.

Expected Outcome

  • Users should be able to initiate a 'reset password' request and immediately receive a password reset link once the request is made.

Endpoints

Reset Password Email [POST] /api/v1/auth/password-reset-email

Description

Given a request with a valid email, when the user clicks on 'Forgot Password', the system should send a password reset link to the email provided with a 200 status code.

Request

POST /api/v1/auth/password-reset-email
{
  "email": "String"
}

Successful Response

{
  "message": "Password reset email sent successfully.",
  "reset_link": "https://endpoint.api/reset-password?token=unique_token"
}

Error Response

For an Invalid Email:

{
  "message": "String",
  "error": "String",
  "status_code": "Int"
}

Testing

Unit Tests:

  • Verify that the endpoint returns a 200 status and the correct response when a valid email is provided.
  • Verify that the endpoint returns a 404 status and the correct error message when an invalid email is provided.
  • Verify that a unique token is generated and stored in the database with an expiration time.
  • Verify that the email is sent with the correct reset link.

Integration Tests:

  • Test the entire password reset process from the user's perspective, including initiating the request, receiving the email, and verifying the token storage.
  • Test edge cases such as multiple requests in a short period, expired tokens, and invalid token formats.

Database Design

Untitled (4)

Implementation Details

Request Password Reset:

  • User clicks 'Forgot Password' and enters their email.
  • Verify if the email exists in the database.
  • If the email exists, generate a unique token.
  • Store the token in the password_reset_tokens table with an expiration time.
  • Send an email to the user with the reset link containing the token.
@laban254 laban254 added the auth Issues categorised by authentication and users label Jul 19, 2024
@Waptech07 Waptech07 mentioned this issue Jul 21, 2024
Closed
9 tasks
This was referenced Jul 24, 2024
Closed
Closed
@joboy-dev
Copy link
Contributor

Approved

@Meskana Meskana mentioned this issue Feb 28, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Waptech07 Waptech07

Labels
approved auth Issues categorised by authentication and users
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@laban254 @Waptech07 @joboy-dev