forked from services/password-reset-web
extend documentation
This commit is contained in:
Thomas Dedek
19
README.md
19
README.md
@@ -2,6 +2,25 @@
|
||||
|
||||
Web interface for end users to request a password reset. The users private email address is being used as a bilateral secret to send him a private link that allows him to set a new password. The link has a limited lifetime (default is 49 hours). This value can be overridden in [the configuration of the Account Service Backend](https://git.ecogood.org/services/account-svc-backend#configuration).
|
||||
|
||||
## Workflow
|
||||
|
||||
The process is split into two steps:
|
||||
|
||||
1. **Request a password reset**
|
||||
|
||||
The user is asked to enter it's **ECG account ID**. The backend looks for the appropriate user and sends him an email with a **private link** including a **secret token**. This link leads the user to the second part. After revisiting the site after the submitting the request a hint is shown including the timestamp of the recent action. The step can be repeated on demand.
|
||||
|
||||
2. **Set a new password**
|
||||
|
||||
The private link leads the user to a website. After opening that site the **secret token** is being validated first. Then a form is shown to the user that allows him to provide a new password. This new password is being validated against a **password strength** estimator using a minimum strength of 4 (out of 0-4 with 4 being the maximum). The password change is **applied immediately** after submitting the form.
|
||||
|
||||
## Technology stack
|
||||
|
||||
- frontend: Vue.js 2
|
||||
- module packer: webpack
|
||||
- password strength validation: <https://github.com/dropbox/zxcvbn>
|
||||
- CSS framework: Bootstrap
|
||||
|
||||
## Requirements
|
||||
|
||||
### Client
|
||||
|
||||
Reference in New Issue
Block a user