Important: This documentation covers Yarn 1 (Classic).
For Yarn 2+ docs and migration guide, see yarnpkg.com.

Package detail

lockit-forgot-password

zemirco54MIT1.3.2

forgot password middleware for lockit

lockit, forgot, password

readme

Lockit forgot password

Build Status NPM version Dependency Status

Help users who forgot their passwords for your Express app. The module is part of Lockit.

Installation

npm install lockit-forgot-password

var ForgotPassword = require('lockit-forgot-password');
var utils = require('lockit-utils');
var config = require('./config.js');

var db = utils.getDatabase(config);
var adapter = require(db.adapter)(config);

var app = express();

// express settings
// ...
// sessions are required - either cookie or some sort of db
app.use(cookieParser());
app.use(cookieSession({
  secret: 'this is my super secret string'
}));

// create new ForgotPassword instance
var forgotPassword = new ForgotPassword(config, adapter);

// use forgotPassword.router with your app
app.use(forgotPassword.router);

Configuration

More about configuration at Lockit.

Features

  • allow password reset for users
  • input validation
  • link expiration times
  • user email verification via unique token
  • hash password using pbkdf2
  • token format verification before database querying

Routes included

  • GET /forgot-password
  • POST /forgot-password
  • GET /forgot-password/:token
  • POST /forgot-password/:token

REST API

If you've set exports.rest in your config.js the module behaves as follows.

  • all routes have /rest prepended
  • GET /rest/forgot-password is next()ed and you can catch /forgot-password on the client
  • POST /rest/forgot-password stays the same but sends JSON
  • GET /rest/forgot-password/:token sends JSON and you can catch /forgot-password/:token on the client
  • POST /rest/forgot-password/:token sends JSON

Test

$ npm test

License

MIT

changelog

1.3.2 / 2015-07-06
  • update dependencies
1.3.1 / 2015-06-30
  • update dependencies
  • use make instead grunt
  • use eslint
  • add node 0.12 to travis
1.3.0 / 2014-09-27
  • update dependencies
1.2.0 / 2014-07-23
  • add events 'forgot::sent' and 'forgot::success'
  • update dependencies
1.1.1 / 2014-05-27
  • set autocomplete="off"
  • use Bootstrap responsive classes
1.1.0 / 2014-05-23
1.0.0 / 2014-04-19
  • requires Express 4.x

  • makes use of express.Router(). No need to pass app around as argument.

    old

    var ForgotPassword = require('lockit-forgot-password');

var forgotPassword = new ForgotPassword(app, config, adapter);

    new

    var ForgotPassword = require('lockit-forgot-password');

var forgotPassword = new ForgotPassword(config, adapter);
app.use(forgotPassword.router);

  • proper Error handling. All Errors are piped to next middleware.

    old

    if (err) console.log(err);

    new

    if (err) return next(err);

    Make sure you have some sort of error handling middleware at the end of your routes (is included by default in Express 4.x apps if you use the express-generator).

0.5.0 / 2014-04-11
  • username becomes name