web
web copied to clipboard
UPchieve
Conditionally Allows Email for Password Reset
Links
Task: https://www.notion.so/upchieve/2-issues-with-reset-password-link-user-input-email-643910b97c9f41608c3abe4446ccde4c
Description
Two Bugs
- After user received the reset password email, they needed to re-input their email. No need for this because already sending verification token which, according to standard reset password practices, is secure enough. Instead only uses token to identify user, and then updates password given that.
- There were to instances when the password needs to be reset: when the password is forgotten so you cannot login or when the user would like to change their password. These instances should be treated differently, for the user should not have to re-input their email if they are already logged in. Changed to only allowing user to input email if no user is logged in.
Important!: Also got rid of # signs that were in both volunteer verification emails and password reset emails. This is crucial, for as of now users are not receiving valid links via email.
Related PR: https://github.com/UPchieve/server/pull/102
Developer self-review checklist
- [x] Task's requirements have been fully addressed
- [x] PR link has been posted in the task's comments
- [x] Potentially confusing code has been explained with comments
- [x] No warnings or errors have been introduced; all known error cases have been handled
- [x] Any appropriate documentation (within the code, README.md, docs, etc) has been updated
- [x] There are no new spelling/grammar mistakes in the UI, code, or documentation
- [ ] Branch has been deployed to staging, and all edge cases have been manually tested
- [x] Task and PR have been updated to show that this is ready for review
