api/password end point added for reseting password which uses api/pas…

[danishjamal104]

New End Point

Implements the password reset workflow.

• api/password/forget -> generates a new token and sets expiry and sends the user an email by visiting which he can reset his passwrod
• api/password/reset -> takes new password and check if token is valid and updates the password.

api/password/forget

{
    "email": "useremail@demo.com"
}

api/password/reset

{
    "email": "useremail@demo.com",
    "token": "token viz send to users email",
    "password": "new password"
}

Changes

1. Added new field in the user model named resetInfo

   •  "token": "token viz used for verification",
      "expiry": "date obj which tells when this token is expired"

2. New file routes/reset.js viz contains two routes
   • /forget
   • /reset
3. Updated doc
4. Added new package crypto viz used to generate new token refer line 44 in routes/reset.js
5. Added new package nodemailer viz used for sending emails.

[Isha2103]

In src/app.js, line no. 22 missing semi-colon at last.
In src/docs/index.html, line number 44 Spelling error in password.

[lazycipher]

@danishjamal104, how are you checking/making sure if a token expired when a user tries to use an expired token?

[mohdorusaid]

Issue with comment on forget endpoint, check that out

[danishjamal104]

@danishjamal104, how are you checking/making sure if a token expired when a user tries to use an expired token?

file reset.js line 113

[lazycipher]

@danishjamal104, Email verification was added in the development branch which uses a feature of mongo maybe have a look!

[Isha2103]

Good to go!