Skip to content

feat(site): add forgot password link #15108

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 11 commits into from
Oct 18, 2024
Merged

feat(site): add forgot password link #15108

merged 11 commits into from
Oct 18, 2024

Conversation

BrunoQuaresma
Copy link
Collaborator

Demo:

Screen.Recording.2024-10-16.at.14.00.35.mp4

@BrunoQuaresma BrunoQuaresma self-assigned this Oct 16, 2024
@BrunoQuaresma
Copy link
Collaborator Author

In the meantime, while I'm working on some front-end adjustments, I would appreciate a back-end review from @johnstcn and @mtojek.

@BrunoQuaresma BrunoQuaresma marked this pull request as ready for review October 16, 2024 18:40
@BrunoQuaresma BrunoQuaresma requested review from a team and bcpeinhardt and removed request for a team October 16, 2024 18:40
@MrPeacockNLB
Copy link
Contributor

MrPeacockNLB commented Oct 17, 2024
edited
Loading

@bpmct hint: always implement such a feature with care. Please consider to double check such feature on both sides frontend and backend. E.g.:

  • who is allowed to called such a route to change a password reset link
  • is the caller authenticated with a password or is the caller autheticated via a 3rd party
    • what is happening if someone use authentication from Azure ID/Entra ID
  • can this api being abused?

Just my 2 cents...

bcpeinhardt
bcpeinhardt reviewed Oct 17, 2024
View reviewed changes
coderd/database/migrations/000264_update_forgot_password_notification.up.sql Outdated
UPDATE notification_templates
SET
title_template = E'Reset your password for Coder',
body_template = E'Hi {{.UserName}},\n\nA request to reset the password for your Coder account has been made.\n\nIf you did not request to reset your password, you can ignore this message.',
Copy link
Contributor

@bcpeinhardt bcpeinhardt Oct 17, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you did not request to reset your password, you can ignore this message.

Did this language come from a developer or product?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good question! I just refactored the body template using the previous verbiage, but let's check with @stirby.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we can simplify.

Hi {{.UserName}},\n\nUse the link below to reset your password.\n\nIf you did not make this request, you can ignore this message.

bcpeinhardt
bcpeinhardt reviewed Oct 17, 2024
View reviewed changes
site/src/api/queries/users.ts
export const requestOneTimePassword = () => {
return {
mutationFn: (req: RequestOneTimePasscodeRequest) =>
API.requestOneTimePassword(req),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: Could we pass the function directly as below?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unfortunately, when we do that, we are not able to spy on the method. I'm not sure why, but we have encountered this issue in jest as well.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Weeeeird.

johnstcn
johnstcn requested changes Oct 17, 2024
View reviewed changes
Copy link
Member

@johnstcn johnstcn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There's a couple of small issues with the migration to update the template text. Other than that, I don't see any issues once those are addressed.

coderd/database/pubsub/psmock/gomock_reflect_2036580849/prog.go Outdated
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

chore: you can also delete this file.

coderd/database/dbmock/gomock_reflect_1559767992/prog.go Outdated
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

chore: you can delete this file. We should probably gitignore this path in future.

coderd/database/migrations/000264_update_forgot_password_notification.up.sql Outdated
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

chore (blocking): Please increment the migration number to one higher than what is currently in main.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You can use ./coderd/database/migrations/fix_migration_numbers.sh main to do this automatically, btw.

@johnstcn
Copy link
Member

@bpmct hint: always implement such a feature with care. Please consider to double check such feature on both sides frontend and backend. E.g.:

  • who is allowed to called such a route to change a password reset link

  • is the caller authenticated with a password or is the caller autheticated via a 3rd party

    • what is happening if someone use authentication from Azure ID/Entra ID

  • can this api being abused?

Just my 2 cents...

@MrPeacockNLB All good advice! There's more context on the design of the feature in #14232 if you're interested in looking futher.

mtojek
mtojek approved these changes Oct 18, 2024
View reviewed changes
Copy link
Member

@mtojek mtojek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ship it 👍

@BrunoQuaresma BrunoQuaresma merged commit aaa1223 into main Oct 18, 2024
29 checks passed
@BrunoQuaresma BrunoQuaresma deleted the bq/forgot-password branch October 18, 2024 12:50
@github-actions github-actions bot locked and limited conversation to collaborators Oct 18, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@stirby stirby stirby left review comments

@johnstcn johnstcn johnstcn approved these changes

@mtojek mtojek mtojek approved these changes

@bcpeinhardt bcpeinhardt bcpeinhardt approved these changes

@dannykopping dannykopping Awaiting requested review from dannykopping

Assignees

@BrunoQuaresma BrunoQuaresma

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@BrunoQuaresma @MrPeacockNLB @johnstcn @dannykopping @mtojek @stirby @bcpeinhardt