Chapters
00:00 - Creating Our Forgot Password Page & Form
03:32 - Defining Our Forgot Password Routes
04:50 - Password Reset Send Validator
05:40 - Try Send Password Reset Email Action
08:36 - Expire Password Reset Tokens Action
09:54 - Continuing the Try Send Action
12:30 - Installing & Configuring AdonisJS Mail
14:38 - Sending Our Password Reset Email
17:14 - Forgot Password Send Route Handler
17:39 - Forgot Password Index Route Handler
19:13 - Testing Our Forgot Password Flow
19:46 - Creating Our Reset Password Page & Form
22:18 - Reset Password Route Handler
22:44 - Verify Password Reset Token Action
24:35 - Continuing Our Reset Password Handler
25:28 - Password Reset Validator
26:30 - Reset Password Action
27:27 - Reset Password Update Route Handler
28:38 - Testing Our Reset Password Flow
Forgot Password Email
You can find the complete forgot password email from this lesson, on GitHub. This email was created using maily.to.
Join The Discussion! (8 Comments)
Please sign in or sign up for free to join in on the dicussion.
mykl
Hello Tom,
First of all, thank you for all this amazing work.
I have an warning that I can't fix; in my console, I see the warning message below, even though I do have an authenticated user.
Warning message:
[Vue warn]: Invalid prop: type check failed for prop "user". Expected Object, got Undefined
at <AppLayout user=undefined errors= {} exceptions= {} ... >
at <Inertia initialPage= {
component: 'home',
version: '1',
props: {
user: undefined,
errors: {},
exceptions: {},
messages: {},
version: 6
},
If I do a console log of user, I indeed get undefined:
sharedData: {
user: async (ctx) => {
const user = ctx.auth.use('web').user
console.log(user)
return user && new UserDto(user)
},
However, if I retrieve the user this way:
const user = await ctx.auth.use('web').authenticate()
I do have my user connected. On the other hand, if I log out and return to the login page, I get the message: "The page isn't redirecting properly."
Do you have any idea what the problem is?
Please sign in or sign up for free to reply
tomgobich
For the authenticated user to be populated you must inform AdonisJS to check for it. This saves the roundtrip to populate the user in cases where it isn't needed.
To populate the user, you have two options
authenticate- Requires an authenticated user. If an authenticated user is not found, an exception is thrown.check- Will check to see if a user is authenticated, and populate that user if so. The request goes on as usual if an authenticated user is not found.In terms of middleware, you have three options
auth- Will callauthenticateand redirect the user to the login page by default if an authenticated user is not found.guest- Will callcheckand redirect the user, I believe to the home page, by default if an authenticated user is found.silent_auth- Will callcheckand progress with the request as usual.So, you're most likely getting "the page isn't redirecting properly" because your authenticate on the login page is attempting to redirect the user to the login page, resulting in an infinite redirect loop.
You most likely will want to replace your
authenticateon the login page with theguestmiddleware and that should fix the redirect loop. Then, for internal pages, you can either useauthenticateif the user must be authenticated to access the page,checkif the user may or may not be authenticated to access the page, or one of the corresponding middleware.Please sign in or sign up for free to reply
mykl
Thank you for this quick response. So if I understand correctly, at the current stage of the course (5.6), it's normal to receive this warning message since our 'home' route doesn't have any middleware.
Please sign in or sign up for free to reply
tomgobich
Anytime! Yes, sorry, we'll move our home page into our group protected by the
authmiddleware in the next lesson (6.0). So, that warning specifically on the home page will go away in the next lesson.Please sign in or sign up for free to reply
aaron-ford
When you say we might want to add a referrer policy to this page, how do we do that?
Please sign in or sign up for free to reply
tomgobich
Hi Arron!
Great question, I now wish I would've injected this into the lesson; I think I'll make a note to do that.
The Referrer-Policy mentioned is a response header. So, in the controller rendering this page you'd add it using the HttpContext's response, like below. This is a step recommended by OWASP.
Please sign in or sign up for free to reply
aaron-ford
Thanks!
Please sign in or sign up for free to reply
tomgobich
Anytime, Aaron!!
Please sign in or sign up for free to reply