Password reset overview

With the password reset feature your users can safely reset their passwords when they forget it.

An email is sent to your users with a verification token which is used later by your application when submitting the new password.

note

To use this feature you need to make sure your users are registered with an email.


To set use this feature you need to follow the steps below:

  • Add an email configuration to your project.

You need to provide a configuration JSON with your email provider settings. YAWE uses nodemailer internally, the provided options need to be compatible with nodemailer transporter.

This is done in the project view, where you also create endpoints.

  • Create a Reset email template.

These HTML templates are used to send emails to your users with the verification token. The template must include the placeholders {{verificationtoken}} and {{email}}.

In the template, you should also provide a link to your application, where your users can enter the verification token, the password and password confirmation.

You can create multiple templates, this is useful for example when your application is available in multiple languages.

This is done in the project view, where you also create endpoints.

  • Send a email to reset the password to a specific user email.

To send an email to reset the password, you use the existing Authentication endpoint with the query parameter passwordreset=true. You need to send a POST request, the body needs to include email and templateName.

For example:

await axios({
method: "POST",
url: "https://app.yawe.dev/api/1/ce/project1-auth?key=4c1224a62bd74174be63f0026354b98a&passwordreset=true",
data: {
templateName: "your-template-name"
}
);

If the email configuration is correct and the provided email exists in the data of the used authentication endpoint, en email will be send to your user.

The verification token is only valid for 1 hour.

  • Submit the new password.

After receiving the email, your user should be redirected to a page in your application for password reset confirmation, where he enters the verification token (verificationtToken), password and password confirmation (passwordConfirmation).

These details are sent in a POST request to the Authentication endpoint with the query parameter passwordresetconfirmation=true.

Example:

await axios({
method: "POST",
url: "https://app.yawe.dev/api/1/ce/project1-auth?key=4c1224a62bd74174be63f0026354b98a&passwordresetconfirmation=true",
data: {
verificationToken: "13cc15faf7c4197fc285b84dfe5a3d515a383516",
password: "some-new-password",
passwordConfirmation: "some-new-password"
}
);

If everything is correct the password will be changed for your user and he can now login again.