• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
User authentication: customize verification email?
#20
(01-14-2020, 09:26 PM)efrain.c Wrote:
(01-10-2020, 10:22 AM)WhenInSpace Wrote: It's good that there's now an email and landing page customization feature. 
I see it also covers password reset requests and temporary password. 
However, I can't find anywhere in the documentation what code to use to actually trigger the password reset request? Could you please explain?

Hi WhenInSpace,

The API for resetting passwords is not available at the moment. There has to be more thought put into it. Currently, a hash of the user's password is used to encrypt the local data on disk. If a user were to forget their password and change it, all of that local data would no longer be accessible. Unfortunately, we found this out the hard way in one of our apps. This is why there is no documentation on how to trigger a password reset. We will make the API available once we resolve this issue.

OK, this is interesting and a bit worrying. We have developed our own password reset/change features, as every app with a user login function must have one. People will always forget passwords, and in any case, changing your password from time to time is encouraged security behavior. 
But what you're saying then is that each time a user changes the password, the local data will become inaccessible?

This is less of a problem for my main project, as cloud will be master data and can always be sync:ed again. But what happens to the inaccessible local data then? Is it wiped and replaced by the new cloud -> local sync or would we get a build-up of abandoned garbage data, if users change their password often?
  Reply


Messages In This Thread
RE: User authentication: customize verification email? - by WhenInSpace - 01-23-2020, 11:58 AM

Forum Jump:


Users browsing this thread: 2 Guest(s)