Customize forgot password flow

I want to customize the forgot passord flow. of the User Permissions plugin
Currently the system sends an email with a long base64 code. I want to modify that code to a 6-digit temporary code (for using in mobile app). What is the best way to do it? I have some options in mind:

(1) Completely rewrite the APIs to handle the flow
(2) Use a middleware to modify the ctx request & response (as instructed here: Extending /auth/local/register endpoint with custom logic - #4 by Konstantin_Cube)

Option 1 requires too much work which I do not prefer.
Option 2 seems to extend the API, not modify the API.

My short question is, how could I replace the default route defined here

method: ‘POST’,
path: ‘/auth/forgot-password’,
handler: ‘auth.forgotPassword’,
config: {
middlewares: [‘plugin::users-permissions.rateLimit’],
prefix: ‘’,

→ change the “handler” to my own function?

You can achieve that by overriding User-permission plugin Auth API methods.

Check the above image. If you only want to override Forgot password API then you have to override Reset Password API together.

1 Like

( I’m using v4. The structure seems to be different )
Do you mean to modify directly the code inside the plugin?

Look at the 1st screenshot where the User-permissions plugin were overridden to src/extensions/users-permissions. I have developed this on V4 (Currently running on v4.9.0).

oh yeah, I see this doc (Plugins extension | Strapi Documentation)

Thanks a lot :slight_smile:

oh, one more point. I seem overriding the forgotpassword un strapi-server.js does not STOP the default forgotpassword function in the plugin. For example, I try to send a false reponse, but the default function still run

(ie. I still receive forgot password email)

How to prevent that?

ok my bad.
The function to override should be forgotPassword, not forgotpassword :slight_smile: Thanks a lot @Shekhar

1 Like