couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kyle Snavely <kjsnav...@gmail.com>
Subject Re: Password reset
Date Tue, 29 Nov 2016 16:46:07 GMT
If you have an email service setup (such that you can programatically send
emails) a password reset flow isn't too complicated. Here is a simple
overview that would get you started:
  - The (unauthenticated) user hits your API/backend with a password reset
email request.
  - The API generates a random token which is both emailed to the user and
stored by you.
  - Having received the token, the user hits another API endpoint you offer
which accepts the token and the new password. If the token matches what you
have stored, the API/backend then changes the users password.

That is a simple overview and some best practices are outlined here:
  - https://www.owasp.org/index.php/Forgot_Password_Cheat_Sheet

Information on updating a user's password in the _users database:
  -
https://couchdb.readthedocs.io/en/latest/intro/security.html#password-changing


I don't believe this can be accomplished from just a couchapp -- you will
need some sort of backend that can access your user information and send
emails (or SMS etc.). OpenWhisk is an option, especially if you plan on
using other types of triggers/actions in the future, and want to design a
ready-to-scale service. This would also be a fairly simple node or python
server behavior.


I'm not sure if this solution would work for you, but here's a couchdb auth
lib written in node/express that makes reference to forgot-password-email
flow, something to get started with:
  - https://github.com/twilson63/express-couchUser

On Tue, Nov 29, 2016 at 10:19 AM, Martin Broerse <martin.broerse@gmail.com>
wrote:

> Is there some backend ready code that lets you mail password reset mails?
>
> - Martin
>
> On Tue, Nov 29, 2016 at 3:20 PM, Garren Smith <garren@apache.org> wrote:
>
> > Hi Martin,
> >
> > Sorry I'm not sure. I am not a big fan of couchapps. I would rather have
> a
> > backend that can do that all for me.
> >
> > Cheers
> > Garren
> >
> > On Tue, Nov 29, 2016 at 12:42 PM, Martin Broerse <
> martin.broerse@gmail.com
> > >
> > wrote:
> >
> > > Hi Garren,
> > >
> > > Do you think setting this up with openwhisk is an option? How do others
> > > solve this?
> > >
> > > - Martin
> > >
> > > On Sat, Nov 19, 2016 at 8:39 AM, Martin Broerse <
> > martin.broerse@gmail.com>
> > > wrote:
> > >
> > > > Hi,
> > > >
> > > > I an using e-mail addresses as usernames in the _user database. What
> is
> > > > the best practice to create a password reset mail option on cloudant?
> > > >
> > > > - Martin
> > > >
> > >
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message