Add Password Recovery and Email Change #4

New issue

Closed

opened 2023-02-19 20:29:16 +00:00 by Valbou · 0 comments

Valbou commented

2023-02-19 20:29:16 +00:00

(Migrated from github.com)

And a process to change email securely.
1- add a endpoint to request email change
2- send an email to old email with a code 2FA like
3- send an email to new email with a hash
4- use endpoint to send new email with code and hash
5- if ok, the new email is set

All according to OWASP recommendations.

Add a process to recover a forgotten password : 1- add an endpoint to demand a new password with an email 2- endpoint respond only a 200 ok (no error here). 2- send an email with a hash 3- use hash to find user's demand 4- use endpoint to send hash, email and new password 5- if ok, the new password is set And a process to change email securely. 1- add a endpoint to request email change 2- send an email to old email with a code 2FA like 3- send an email to new email with a hash 4- use endpoint to send new email with code and hash 5- if ok, the new email is set All according to OWASP recommendations.