Password reset component
This adds:
- A backend component which handles sending the password reset email and updating the User object.
- A frontend component which walks the user through the process of resetting their password.
The flow is:
- User follows link from login form to "password reset" page in client.
- User enters username; username posted to server.
- Server generates token + timestamp, stores on User object (could be a separate "PasswordReset" object, but easier to re-use User).
- Server sends email containing URL of "password reset" page in client (URL contains username and token in query string).
- User follows link in email and enters new password; username, password and token posted to server.
- Server finds User object using the username, validates the token, updates password on User object, removes token + timestamp, saves User object.
- User follows link to login form and logs in with their new password.
Config:
'mail-transport': {
sendmail: true
// service: 'mailgun',
// auth: {
// user: 'foo',
// pass: 'bar'
// }
},
'password-reset': {
url: 'http://localhost:3000/password-reset',
sender: 'foo@example.com'
}Closes #23
Requires pubsweet-server!62 (merged)
