Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FEAT]: API Endpoint for Forgot and Reset Password #153

Open
6 tasks
AdeGneus opened this issue Jul 23, 2024 · 0 comments · Fixed by #255
Open
6 tasks

[FEAT]: API Endpoint for Forgot and Reset Password #153

AdeGneus opened this issue Jul 23, 2024 · 0 comments · Fixed by #255
Assignees
@AdeGneus
Labels
Approved

Comments

@AdeGneus
Copy link
Contributor

AdeGneus commented Jul 23, 2024
edited
Loading

Description

Implement an API endpoint for forgot and reset password functionality. This endpoint allows users to request a password reset link and reset their password using a token provided in the request parameters.

Endpoint Feature

  • This endpoint enables users to request a password reset link via email and reset their password using the provided token.
  • Limited to sending reset links to registered users' email addresses.

Acceptance Criteria

  • The forgot-password endpoint should be accessible at POST /api/v1/auth/forgot-password.
  • The reset-password endpoint should be accessible at POST /api/v1/auth/reset-password/:token.
  • The forgot-password endpoint should accept HTTP POST requests to send a reset link via email.
  • The reset-password endpoint should accept HTTP POST requests to reset the password using a token.
  • The forgot-password endpoint should return a 200 OK status code with a success message in the response body.
  • The reset-password endpoint should return a 200 OK status code with a success message in the response body.

Request Example (Forgot Password):
POST /api/v1/auth/forgot-password
Content-Type: application/json

{
  "email": "[email protected]"
}

Response Example (Forgot Password):

{
  "status": "success",
  "status_code": 200,
  "message": "Password reset link sent successfully."
}

Request Example (Reset Password):
POST /api/v1/auth/reset-password/:token
Content-Type: application/json

{
  "new_password": "newPassword123",
}

Response Example (Reset Password):

{
  "status": "success",
  "status_code": 200,
  "message": "Password reset successfully."
}

Data Validation

Input Validation:

  • Confirm that email is provided and valid.
  • Confirm that new_password is valid.
  • Confirm that token is valid
  • Example: If email is invalid or missing, return a 400 status code with an error message.
{
  "status": "unsuccessful",
  "status_code": 400,
  "message": "Valid email must be provided."
}
  • Example: If new_password is invalid or missing, return a 400 status code with an error message.
{
  "status": "unsuccessful",
  "status_code": 400,
  "message": "Valid new password and password confirmation must be provided."
}

Output Validation:

  • Ensure the response format is correct and includes appropriate status codes and messages.
  • If there is an error during the process, the API should return a 500 Internal Server Error status code with an appropriate message.
{
  "status": "unsuccessful",
  "status_code": 500,
  "message": "Failed to process request. Please try again later."
}

Authentication and Authorization

Authentication:

  • Authentication is not required for accessing the reset-password endpoint as the token serves as the authentication method.

Error Handling

Error Responses:

  • Define error responses for common failure scenarios.
  • Example: If the reset token is invalid or expired, return a 400 status code with an error message.
{
  "status": "unsuccessful",
  "status_code": 400,
  "message": "Invalid or expired reset token."
}

Edge Cases:

  • Consider edge cases such as multiple reset requests and expired tokens.

Performance and Security

Performance Considerations:

  • Review potential performance implications and optimize the API for efficiency.
  • Example: Implement rate limiting to prevent abuse.

Security Concerns:

  • Address security considerations such as data sanitization.
  • Example: Sanitize user inputs to prevent injection attacks.
  • Ensure the reset tokens are securely generated and stored.

Documentation

API Documentation:

  • Ensure that API documentation is updated to include details about the new endpoints, request/response formats, error handling, and authentication requirements.

Technical Notes:

  • Include any additional technical notes or considerations.

Testing Requirements

Unit Tests:

  • Write unit tests to validate input data and forgot/reset password logic.

Integration Tests:

  • Ensure end-to-end functionality is tested with integration tests.

Dependencies and Impact

Dependencies:

  • Identify dependencies on other tasks or systems, such as user authentication.

Impact Analysis:

  • Assess the potential impact on other features or components, ensuring that existing functionality is not disrupted.
@AdeGneus AdeGneus self-assigned this Jul 23, 2024
@AdeGneus AdeGneus linked a pull request Jul 24, 2024 that will close this issue
feat: add forgot and reset password #255
Merged
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@AdeGneus AdeGneus

Labels
Approved
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: add forgot and reset password AdeGneus/hng_boilerplate_expressjs
2 participants
@AdeGneus @PreciousIfeaka