Add a link to the password reset view in "Your profile" when logged in #2476
Comments
|
Can I work on this? |
|
Sure @Sudhanva-Nadiger |
|
I have a doubt! currently, we have reset password api which sends email to the registered email. should we do the same here in the page too ? |
|
we do have reset password functionality in perl api but in dart API, we only have one functionality directly mentioned type as send_email, if we change can dynamically mention the type in reset password we can directly provide this feature without sending an email @teolemon and @M123-dev |
|
@monsieurtanuki could you clear my doubt? Thanks |
|
@Sudhanva-Nadiger I don't know what is the best practice, but sending an email does seem appropriate. If one day users comment on the app saying that "it's the best app in the world except that when you want to reset your password you have to receive an email", we'll see. |
|
As an inspiration, we can take the Gmail process!
|
|
Looks okay to me. We should only check if we even have a way to reset the password without the email |
|
I think we have that functionality written in perl api https://github.com/openfoodfacts/openfoodfacts-server/blob/main/templates/web/pages/reset_password/reset_password.tt.html |
|
@M123-dev Have worked on it! Please have a look at it. Thanks!
resetPassword.mp4 |
|
Looks good, now we have to ask for the old password |
|
Yeah, if user don't remember remember it he has option to go to forgot password link which is provided. if user remembers then s(he) can reset it directly ! |
|
So what should we do ?
? |
|
I don't know perl or what looks like a template file @VaiTon can probably answer if it is possible to reset without email |
|
@Sudhanva-Nadiger AFAIK that file is to show the "Forgotten password?" screen, but it should be indeed possible to reset the password without sending an email. For example, on the website, you can go to https://world.openfoodfacts.org/cgi/user.pl and, if you're logged in, you can change your password with the "Password" and "Confirm password" fields. For the API side of the thing, I don't really know if there is a JSON endpoint for that, as the field is submitted trough post and a multipart request. I therefore invoke the help of @alexgarel and @stephanegigandet for this one |
|
We currently don't have clean APIs to reset or to change passwords. While you can use /cgi/user.pl to send what the form expect, and then try to parse the resulting HTML, I don't recommend it, as it can easily get broken. Also I think this issue title is quite confusing, this is about changing one's password, not resetting it (because it's forgotten). As a matter of fact, the web version of this is not very good: we allow users to change their password if they are logged in even if they don't know the old one. So my recommendation would be to wait for a proper API to be available. |
|
@stephanegigandet any updates on this one ? |
|
@Sudhanva-Nadiger not yet |
|
@Sudhanva-Nadiger the very best would be to have Ory integrated server side ! (There are Open PR that do most of the work). That would open many use case. But we need someone to take it ! |
|
Could you elaborate it a bit ! 😐 |
What
Part of
The text was updated successfully, but these errors were encountered: