System Information
Strapi Version : 3.6.2
Operating System : Ubuntu
Database : MySql
Node Version : 14.16.1
NPM Version : 6.14.12
Yarn Version : 1.22.5
So I was wondering if there is a way to check via the api request if the token exists, prior to running the request to reset a password?
I think it will be useful if upon loading the reset password page for the frontend user, to check if the token they are trying to use before a reset-password request is sent is in fact the latest token sent via email to the user (in case the user requested multiple times their password reset token, and since the mail server wasn’t responding fast enough to their liking, they went ahead and requested to use the forgot password again.)
dansp
January 13, 2024, 2:06pm
2
It’s been a while since you asked the question, but I’m answering to leave it here for possible community inquiries.
1 - I create a custom route called ‘user-x’;
2) Editing thecontroller
export default factories.createCoreController(
"api::user-x.user-x",
({ strapi }) => ({
// others codes ...
/**
* Check if password change token/code exists.
* @param ctx
* @return { Object }
*/
async checkIfTokenExists(ctx) {
try {
const { code } = ctx.request.params;
const entries = await strapi.entityService.findMany(
"plugin::users-permissions.user",
{
filters: {
resetPasswordToken: {
$eqi: code,
},
},
}
);
const counter = entries.length > 0;
return ctx.send(
{
link_valid: counter,
resetPasswordToken: counter ? entries?.[0]?.resetPasswordToken : "",
message: counter ? "" : "Invalid Link",
},
counter ? 200 : 404
);
} catch (e) {
return ctx.send(
{
link_valid: false,
resetPasswordToken: "error_token_code",
messsage: e?.message,
},
400
);
}
},
});
3) Criando as rotas personalizadas:
export default {
routes: [
// Others routes
{
method: "GET",
path: "/auth/reset-password/:code",
handler: "user-x.checkIfTokenExists",
config: {
auth: false,
},
},
],
};
4) Testing with a code that is in the bank (which must be sent to the user)
Example: http://localhost:1337/api/auth/reset-password/_code_here_
5) Request result
HTTP 200
HTTP 404
6) Displaying in documentation
If you don’t know how to add to swagger, read here.
I found some solutions to create custom routes and add them to the swagger documentation, it also includes removing methods that will not be used and there is also how to use other information based on swagger, such as summary, description and other resources you want.
Codes and where to change the files, here: https://gist.github.com/dansp89/dde3840fe0b2043e062391f58a001d9e
