Implement forgot password flow

[johnny-t06]

Description

This is a branch off of #36 before some requested nit changes. Ideally we merge #36 into main, rebase this branch, and then merge. Still, we wanted to give some time to review this.

This is a dupe PR of #37 because of git issues.

In this PR, we created two new api routes /password and /verify-code.
/password has two methods: POST and PUT

• POST is the initial forgot password request. In this we verify the user's email is a valid email and generate a random 4 digit code with an expiration time. This code and expiration time is stored into Code collection that relates to the User. We then send an email from our server + [email protected] with the 4 digit code to the user's email.
• PUT is used to replace the user's password with the new password

/verify-code is another route with a POST method to verify the user's entered code against the code stored in our database. It returns success if the codes do match, error otherwise.

We also added some front end error messages for the forgot password flow.

Issues

Completes #29

Screenshots

Test

Reach out for the new .env or you won't be able to test

1. You should create a new account because the DB has been wiped. Visit the root localhost and then sign in with the account [email protected], PW: 123456.
2. Once you sign in, you will be directed to a mock sign up form. Fill that out with a valid email to receive reset-password emails.
3. Visit the forgot password flow at /public/forgot-password and go through steps with your own email + account. Test edge cases in wrong email, code, etc..

Possible Downsides

N/A

Additional Documentations

https://www.nodemailer.com/smtp/oauth2/

dismiss

[hanahkim1]

Looks good!