From the course: React: Authentication

The basic password reset process - React.js Tutorial

From the course: React: Authentication

Start my 1-month free trial Buy for my team

The basic password reset process

- [Instructor] All right, now that we've got the email verification process working for our application, the next thing we're going to do is move on to implementing another very important auth-related feature of any website, and that is allowing users to reset their passwords. Now, I'm sure it's happened to all of us, that we forget our password for a given website, and in those situations, it's very important that websites provide us with a backup method for resetting our password. Now, the process for doing this is actually very similar to the email verification process, so let's just go over it here and make sure we understand the basic steps before we implement it. So the first step here is that the user clicks the Forgot password button on the login page, and this will then take them to a page where they have to enter their email address. And the next step is that the user enters their email into that page and clicks Submit, which will send this email address to a server endpoint. And this server endpoint, basically what that does, is it checks to see if a user with this given email address even exists, right? If it does, the server generates a random verification hash, and it will send a link with that hash to the user's email. Again, this is very similar to the way the initial email verification flow works. Now, when the user clicks the link in the email, they're going to be taken to a reset password landing page that will ask them to enter their new password. Once they've done this, the new password that they've entered will be sent to another server endpoint, which checks to make sure their verification hash matches. And if it does, it will replace the user's old password hash in the database with a hash created from the new password that they've provided. And that's really it. Once the user has reset their password, all they need to do is log into our app now with that new password. Well, that's the basic password reset process, so let's get started implementing it.

Contents