feat: express endpoints for mail verification and password reset #1262
Conversation
🦋 Changeset detectedLatest commit: ccf35ee The changes in this PR will be included in the next version bump. This PR includes changesets to release 1 package
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| router.use(express.urlencoded({ extended: true })); | ||
|
|
||
| router.use(infosMiddleware); | ||
| router.get('/verify-email/:token', verifyEmail(app.injector)); |
Check failure
Code scanning / CodeQL
Missing rate limiting High
💻 Website PreviewThe latest changes are available as preview in: https://663afe5a.accounts-js.pages.dev |
Codecov ReportAttention:
Additional details and impacted files@@ Coverage Diff @@
## master #1262 +/- ##
==========================================
- Coverage 93.98% 93.00% -0.99%
==========================================
Files 114 116 +2
Lines 2428 2473 +45
Branches 542 556 +14
==========================================
+ Hits 2282 2300 +18
- Misses 136 159 +23
- Partials 10 14 +4 ☔ View full report in Codecov by Sentry. |
darkbasic
force-pushed
the
graphql-rest
branch
from
6ec2b07
to
7eb064b
Compare
| getHtml( | ||
| 'Email verification error', | ||
| ` | ||
| <h3>The email address couldn't be verified: ${err.message ?? 'unknown error'}</h3> | ||
| ` | ||
| ) |
Check warning
Code scanning / CodeQL
Exception text reinterpreted as HTML Medium
| getHtml( | ||
| 'Password reset error', | ||
| ` | ||
| <h3>The password couldn't be changed: ${err.message ?? 'unknown error'}</h3> | ||
| ` | ||
| ) |
Check warning
Code scanning / CodeQL
Exception text reinterpreted as HTML Medium
darkbasic
force-pushed
the
graphql-rest
branch
2 times, most recently
from
db804c6
to
a87a21c
Compare
darkbasic
force-pushed
the
graphql-rest
branch
from
930d43c
to
e3aba87
Compare
There were no endpoints to allow the user to validate the email or reset the password, so I created them.
Doing the email validation call directly from the client wasn't an option because it's not realistic to expect the user to manually type such a long token so instead he can simply click on the link in the email and he will be greeted by some static html confirming or denying the process.
Password reset on the other hand requires the user to type a new password so he will be presented with a static html form that in turn will call another REST endpoint that gets the job done. Again it is not realistic to expect the user to type such a long token, so with the client taken out of the equation the only other option would be to generate a new password from the backend instead of letting the user choose his own. This would still require a rest endpoint and it would negate the flexibility of letting the user choose his own password.
These endpoints can be used by both rest and graphql users. The graphql-yoga example shows how to create an express app which makes use of these endpoints and delegates the
/graphqlpath to yoga for graphql.