couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Broerse <i...@martinbroerse.com>
Subject Re: Password reset
Date Tue, 29 Nov 2016 20:04:06 GMT
Thanks Kyle! Will try to create it. If someone knows off an existing
solution please let me know.

- Martin

On Tue, Nov 29, 2016 at 5:46 PM, Kyle Snavely <kjsnavely@gmail.com> wrote:

> If you have an email service setup (such that you can programatically send
> emails) a password reset flow isn't too complicated. Here is a simple
> overview that would get you started:
>   - The (unauthenticated) user hits your API/backend with a password reset
> email request.
>   - The API generates a random token which is both emailed to the user and
> stored by you.
>   - Having received the token, the user hits another API endpoint you offer
> which accepts the token and the new password. If the token matches what you
> have stored, the API/backend then changes the users password.
>
> That is a simple overview and some best practices are outlined here:
>   - https://www.owasp.org/index.php/Forgot_Password_Cheat_Sheet
>
> Information on updating a user's password in the _users database:
>   -
> https://couchdb.readthedocs.io/en/latest/intro/security.
> html#password-changing
>
>
> I don't believe this can be accomplished from just a couchapp -- you will
> need some sort of backend that can access your user information and send
> emails (or SMS etc.). OpenWhisk is an option, especially if you plan on
> using other types of triggers/actions in the future, and want to design a
> ready-to-scale service. This would also be a fairly simple node or python
> server behavior.
>
>
> I'm not sure if this solution would work for you, but here's a couchdb auth
> lib written in node/express that makes reference to forgot-password-email
> flow, something to get started with:
>   - https://github.com/twilson63/express-couchUser
>
> On Tue, Nov 29, 2016 at 10:19 AM, Martin Broerse <martin.broerse@gmail.com
> >
> wrote:
>
> > Is there some backend ready code that lets you mail password reset mails?
> >
> > - Martin
> >
> > On Tue, Nov 29, 2016 at 3:20 PM, Garren Smith <garren@apache.org> wrote:
> >
> > > Hi Martin,
> > >
> > > Sorry I'm not sure. I am not a big fan of couchapps. I would rather
> have
> > a
> > > backend that can do that all for me.
> > >
> > > Cheers
> > > Garren
> > >
> > > On Tue, Nov 29, 2016 at 12:42 PM, Martin Broerse <
> > martin.broerse@gmail.com
> > > >
> > > wrote:
> > >
> > > > Hi Garren,
> > > >
> > > > Do you think setting this up with openwhisk is an option? How do
> others
> > > > solve this?
> > > >
> > > > - Martin
> > > >
> > > > On Sat, Nov 19, 2016 at 8:39 AM, Martin Broerse <
> > > martin.broerse@gmail.com>
> > > > wrote:
> > > >
> > > > > Hi,
> > > > >
> > > > > I an using e-mail addresses as usernames in the _user database.
> What
> > is
> > > > > the best practice to create a password reset mail option on
> cloudant?
> > > > >
> > > > > - Martin
> > > > >
> > > >
> > >
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message