If you have an email service setup (such that you can programatically send emails) a password reset flow isn't too complicated. Here is a simple overview that would get you started: - The (unauthenticated) user hits your API/backend with a password reset email request. - The API generates a random token which is both emailed to the user and stored by you. - Having received the token, the user hits another API endpoint you offer which accepts the token and the new password. If the token matches what you have stored, the API/backend then changes the users password.
That is a simple overview and some best practices are outlined here: - https://www.owasp.org/index.php/Forgot_Password_Cheat_Sheet Information on updating a user's password in the _users database: - https://couchdb.readthedocs.io/en/latest/intro/security.html#password-changing I don't believe this can be accomplished from just a couchapp -- you will need some sort of backend that can access your user information and send emails (or SMS etc.). OpenWhisk is an option, especially if you plan on using other types of triggers/actions in the future, and want to design a ready-to-scale service. This would also be a fairly simple node or python server behavior. I'm not sure if this solution would work for you, but here's a couchdb auth lib written in node/express that makes reference to forgot-password-email flow, something to get started with: - https://github.com/twilson63/express-couchUser On Tue, Nov 29, 2016 at 10:19 AM, Martin Broerse <[email protected]> wrote: > Is there some backend ready code that lets you mail password reset mails? > > - Martin > > On Tue, Nov 29, 2016 at 3:20 PM, Garren Smith <[email protected]> wrote: > > > Hi Martin, > > > > Sorry I'm not sure. I am not a big fan of couchapps. I would rather have > a > > backend that can do that all for me. > > > > Cheers > > Garren > > > > On Tue, Nov 29, 2016 at 12:42 PM, Martin Broerse < > [email protected] > > > > > wrote: > > > > > Hi Garren, > > > > > > Do you think setting this up with openwhisk is an option? How do others > > > solve this? > > > > > > - Martin > > > > > > On Sat, Nov 19, 2016 at 8:39 AM, Martin Broerse < > > [email protected]> > > > wrote: > > > > > > > Hi, > > > > > > > > I an using e-mail addresses as usernames in the _user database. What > is > > > > the best practice to create a password reset mail option on cloudant? > > > > > > > > - Martin > > > > > > > > > >
