Forgot password

[jcoppieters]

Add it to UserController.

But first get the flow right:
(any one has better idea's?)

• In the login page, have a "tab" with "forget password"
• accept email address,
• look it up in the userlist,
• generate (and save in user table) a url with a long random string + timestamp,
• send it by email,
• have a form to enter the new password,
• check the random string against the user record + check if timestamp is not older than 1 day
• change the password
• log in

[himankbhalla]

@jcoppieters This flow will work fine. Just one slight addition. A random string stored with respect to a user should be valid for a limited time(like 2 days). So you might be tempted to use a Redis client instead.

[jcoppieters]

Yep. You're right. I've changed it.
We have the core part of the system running for a couple of years now, but is not yet integrated with cody-cms.
It is fully async/await based and implements the above flow, including phone by SMS validation and so on.
We never found time to port the CMS part onto the new Core part.