infinitechess.org icon indicating copy to clipboard operation
infinitechess.org copied to clipboard

Published 20 hours ago verified publisher icon Infinite-Chess

Password Reset

Open Naviary2 opened this issue 7 months ago • 3 comments

There is no automated way yet to reset a user's password when they forget it. Currently they have to email me, and I have to manually delete their account json data, ask them to recreate their account, then after I reinstate their account details.

Proposal

When you enter your password incorrectly, add a "Forgot password?" button that when pressed will ask for your username or email associated with your account, then send a password reset email to that user if they exist.

The link in that email leads you to a one-time use page to change your password.

Expire the link after 5m?

Validate their identity with their browser-id cookie.

Naviary2 avatar Jul 02 '24 03:07 Naviary2