Customize forgot password flow

I want to customize the forgot passord flow. of the User Permissions plugin
Currently the system sends an email with a long base64 code. I want to modify that code to a 6-digit temporary code (for using in mobile app). What is the best way to do it? I have some options in mind:

(1) Completely rewrite the APIs to handle the flow
(2) Use a middleware to modify the ctx request & response (as instructed here: Extending /auth/local/register endpoint with custom logic - #4 by Konstantin_Cube)

Option 1 requires too much work which I do not prefer.
Option 2 seems to extend the API, not modify the API.

My short question is, how could I replace the default route defined here

{
method: ‘POST’,
path: ‘/auth/forgot-password’,
handler: ‘auth.forgotPassword’,
config: {
middlewares: [‘plugin::users-permissions.rateLimit’],
prefix: ‘’,
},
}

→ change the “handler” to my own function?

You can achieve that by overriding User-permission plugin Auth API methods.

image1344×907 150 KB

Check the above image. If you only want to override Forgot password API then you have to override Reset Password API together.

image905×773 64.6 KB

( I’m using v4. The structure seems to be different )
Do you mean to modify directly the code inside the plugin?

Look at the 1st screenshot where the User-permissions plugin were overridden to src/extensions/users-permissions. I have developed this on V4 (Currently running on v4.9.0).

oh yeah, I see this doc (Plugins extension | Strapi Documentation)

Thanks a lot

oh, one more point. I seem overriding the forgotpassword un strapi-server.js does not STOP the default forgotpassword function in the plugin. For example, I try to send a false reponse, but the default function still run

image760×293 34.6 KB

(ie. I still receive forgot password email)

How to prevent that?

ok my bad.
The function to override should be forgotPassword, not forgotpassword Thanks a lot @Shekhar