Implement POST /api/auth/reset-password Endpoint #23

Closed
opened 2025-10-17 22:50:45 +00:00 by Rodrigo2003-PT · 1 comment
Rodrigo2003-PT commented 2025-10-17 22:50:45 +00:00 (Migrated from github.com)

Allows the user to set a new password, validating their single-use token.

Tasks:

  • Create the route for POST /api/auth/reset-password.
  • Expect token and new_password in the request body.
  • Hash the provided token and search for it in the password_reset_tokens table.
  • Check if the token exists and has not expired.
  • If the token is valid:
    • Use the password_service to hash the new_password.
    • Update the password_hash in the users table for the associated user_id.
    • Delete the token from password_reset_tokens to ensure it cannot be reused.
    • Return 200 OK.
  • If the token is invalid or expired, return 400 Bad Request.
Allows the user to set a new password, validating their single-use token. ### Tasks: - Create the route for `POST /api/auth/reset-password`. - Expect `token` and `new_password` in the request body. - Hash the provided `token` and search for it in the `password_reset_tokens` table. - Check if the token exists and has *not* expired. - If the token is valid: - Use the `password_service` to hash the `new_password`. - Update the `password_hash` in the `users` table for the associated `user_id`. - Delete the token from `password_reset_tokens` to ensure it cannot be reused. - Return `200 OK`. - If the token is invalid or expired, return `400 Bad Request`.
Cordeir01 commented 2025-10-23 15:57:18 +00:00 (Migrated from github.com)

No need for password reset service because the credentials management will be centralized.

No need for password reset service because the credentials management will be centralized.
Sign in to join this conversation.
No description provided.