WEBVTT 00:03.730 --> 00:05.140 Hated everyone that they shared. 00:05.140 --> 00:08.020 And in this video, we're going to work on the password reset. 00:08.020 --> 00:12.370 So so far, our user journey is that he has requested for forgot password. 00:12.370 --> 00:14.200 We have sent him instructions on the email. 00:14.200 --> 00:18.910 Now he is able to click not in theory, not able to click on the link, but actually able to copy and 00:18.910 --> 00:19.660 paste that link. 00:19.660 --> 00:21.370 But nothing happens so far. 00:21.370 --> 00:25.990 So we need to create a route exactly according how we created that URL. 00:25.990 --> 00:31.180 So in the URL we say that we will be sending you things onto localhost, whatever, slash password, 00:31.180 --> 00:32.650 slash, reset, slash token. 00:32.650 --> 00:35.170 So we need to grab the token from exactly this place. 00:35.170 --> 00:39.700 And by the way, I have added comments here, so I hope you can appreciate that and send me an instant. 00:39.700 --> 00:40.450 Hello there. 00:40.660 --> 00:45.580 I have added exact meaningful comment so that it's easier for you to follow through later on. 00:45.760 --> 00:47.770 Okay, so this is all good. 00:47.770 --> 00:51.760 Let's go ahead and kind of let's copy this actually. 00:51.880 --> 00:55.810 We'll be just deleting everything inside it, but I'd love to copy and paste these methods. 00:55.810 --> 00:57.460 Saves me just a second. 00:57.580 --> 00:59.260 So forgot password is there. 00:59.260 --> 01:07.180 Now we have to simply say this is forgot password reset or let's call this one as simply password reset, 01:07.420 --> 01:09.070 whatever, whatever makes sense to you. 01:09.070 --> 01:09.970 Just the method name. 01:09.970 --> 01:11.110 Nothing of a big deal. 01:11.290 --> 01:14.890 Let me go ahead and remove all of these details inside it. 01:14.890 --> 01:16.660 We won't be needing any of that. 01:17.170 --> 01:18.700 Okay, so what is the step one? 01:18.700 --> 01:20.080 Obviously to grab the token. 01:20.080 --> 01:21.310 So how are we going to grab the token? 01:21.310 --> 01:27.700 Let's go ahead and call this one as simply token and the token will be coming from request dot params 01:27.700 --> 01:29.140 dot token. 01:29.620 --> 01:29.970 Okay. 01:30.100 --> 01:31.540 So we have grabbed the token. 01:31.540 --> 01:38.500 Now most important thing is in case you remember what we have grabbed from the token inside this user 01:38.500 --> 01:41.890 model, user model, there we go. 01:42.550 --> 01:46.810 The token that we are grabbing is the token which is not encrypted. 01:46.810 --> 01:49.660 We want to actually encrypt this token on our own. 01:49.660 --> 01:54.820 So for this one, we are going to go ahead and copy this exact all of these things and let's go ahead 01:54.820 --> 01:57.280 and try to encrypt again on our back end. 01:57.490 --> 02:00.250 So I'll go back into the user controller. 02:00.250 --> 02:02.950 Now, this is kind of a regular token. 02:02.950 --> 02:09.460 We want to grab an encrypted token, so we're going to go ahead and say increase and create token, 02:09.730 --> 02:14.320 encrypted token basically, and we're going to go ahead and use the crypto library. 02:14.350 --> 02:16.330 We obviously need to require that at the top. 02:16.330 --> 02:18.130 So let's go ahead and first bring that in. 02:18.130 --> 02:22.870 So we're going to go ahead and say crypto that is going to come up from require. 02:24.040 --> 02:30.430 And let's go ahead and say, hey, we need crypto, okay, now that crypto is here, we can go ahead 02:30.430 --> 02:35.620 and say, hey, this encrypted token, you are going to go ahead and say, hey, crypto dot create hash 02:35.620 --> 02:40.030 use the same algorithm SHA 256 or 256 in case you are worried. 02:40.030 --> 02:45.280 And let's pass on the same token that we grabbed from the URL itself and we're going to create a digest 02:45.280 --> 02:45.790 hex of it. 02:45.790 --> 02:46.600 So exactly. 02:46.600 --> 02:51.790 So in theory, if we are actually using the same method and we are sending this on to the front end, 02:51.790 --> 02:54.250 we should receive this exact same on the back end. 02:54.490 --> 02:57.790 Okay, moving forward that assume that everything is all great. 02:57.790 --> 03:02.560 Now let's go ahead and try to find a user based on this encryption token. 03:02.740 --> 03:05.290 Again, we don't know which user to reset the password. 03:05.290 --> 03:07.330 This is the only way how we can find that. 03:07.350 --> 03:10.150 Again, this is a very unique field in the database. 03:10.150 --> 03:11.530 It is almost like an email. 03:11.530 --> 03:16.360 So just like we were able to find one through the email, we will be able to find a user based on the 03:16.360 --> 03:17.440 encryption token. 03:17.560 --> 03:19.330 So let's go ahead and use the same thing. 03:19.330 --> 03:23.410 So we're going to say, hey user, let's go ahead and simply find one. 03:23.620 --> 03:27.880 And previously we were saying, hey, go ahead and find the user based on email. 03:27.880 --> 03:32.320 Now we'll be able to say, Hey, go ahead and find the user based on this increase token. 03:32.560 --> 03:39.040 Okay, now this is the encryption token that user will be having this one. 03:39.250 --> 03:46.270 But again, there is one more thing we need to worry about because we want to find a user based on this 03:46.270 --> 03:47.440 encryption token. 03:47.440 --> 03:53.710 But in case you remember, we only want to find the user whose this forgot password expiry is in the 03:53.710 --> 03:54.190 future. 03:54.190 --> 03:57.610 If anybody in the past is there, we really don't care about that. 03:57.700 --> 04:03.310 So how we can go ahead and work on with that, we have to provide one more field here that find based 04:03.310 --> 04:04.900 on this encryption token. 04:04.900 --> 04:10.180 Let me go ahead and move on to the next line and we can actually move this one also on the next line. 04:10.180 --> 04:11.110 Make sense. 04:11.380 --> 04:11.860 Okay. 04:11.860 --> 04:16.750 Now let's go ahead and copy another field from the database that I want to find. 04:16.750 --> 04:22.240 We're passing two properties here and they work like both should be true in the basic mongoose. 04:22.240 --> 04:24.250 So this field is also there. 04:24.940 --> 04:27.340 And for this field, I'm going to pass on a property. 04:27.340 --> 04:29.380 This is a classic MongoDB query. 04:29.470 --> 04:35.170 I will simply say, hey, a dollar get this means greater than if the time is greater than. 04:35.170 --> 04:38.020 So I'm going to go ahead and say date dot now. 04:38.110 --> 04:38.920 There we go. 04:39.010 --> 04:40.300 So what will happen? 04:40.300 --> 04:44.020 It will try to look for both of these parameters, which are accurate. 04:44.020 --> 04:48.730 So either the encryption token should be there in the user and further down the road it will say that, 04:48.730 --> 04:54.940 hey, your time should be greater than time now if your time is in the past itself, because remember 04:54.940 --> 05:01.720 we are setting this password time as well and at the time is 20 minutes above, then the password. 05:01.850 --> 05:02.280 Six five. 05:02.330 --> 05:03.290 So pretty simple logic. 05:03.290 --> 05:04.340 Pretty simple logic. 05:04.700 --> 05:06.260 Okay, let's go ahead and hold this user. 05:06.260 --> 05:08.390 So let's go ahead and call this one as simply user. 05:08.390 --> 05:12.800 Since database is on another continent, we go ahead and save this one. 05:12.920 --> 05:17.390 Now, importantly, if we don't find the user, let's go ahead and work on with that first. 05:17.600 --> 05:22.400 So we're going to go ahead and say, if I don't find the user, I will obviously throw you an error. 05:22.430 --> 05:25.100 Let's go ahead and wrap it up in the next new. 05:25.460 --> 05:29.060 Let's go ahead and use the custom error command, custom error. 05:29.720 --> 05:39.770 And we're going to say simply that now token is invalid or expired. 05:39.770 --> 05:44.690 So either one of the case is there that token is invalid or is expired. 05:44.690 --> 05:46.040 So these are the two cases. 05:46.130 --> 05:50.720 But again, based on that, that now if we have the user, if we have passed through this conditional 05:50.720 --> 05:52.370 check, that means user is there. 05:52.400 --> 05:55.990 Now we want to go ahead and reset the user's password. 05:56.000 --> 06:01.190 So what we're expecting now that if we have reached to this point, that user is sending me the password 06:01.190 --> 06:01.600 as well. 06:01.610 --> 06:06.380 Now it's up to you and your frontend guys or the designers that at this point you are providing what 06:06.380 --> 06:07.820 kind of feels to the user to see. 06:07.820 --> 06:10.970 Usually it is password and confirm password and submit that. 06:10.970 --> 06:16.910 So on the front end itself you can check whether the both the fields are kind of a same or not, but 06:16.910 --> 06:19.060 we can go ahead and use that as well. 06:19.070 --> 06:26.060 So let's go ahead and say that if let's go ahead and use that, we can hold them into a variable as 06:26.060 --> 06:26.600 well. 06:26.930 --> 06:29.270 But we're going to just go over directly like that. 06:29.270 --> 06:36.710 So we're going to go ahead and say request body dot password, you'll be sending me to fields is not 06:36.710 --> 06:43.520 equals to request dot body dot conf password. 06:43.520 --> 06:51.140 So go ahead and send me two passwords or we can say that confirm not to be too lazy writing the entire 06:51.140 --> 06:53.180 thing password. 06:53.180 --> 06:58.340 So if both of them are equal again, I have to send both these fields in the post one as well. 06:58.580 --> 07:02.180 If they are not equal, we're going to go ahead and return this response. 07:02.180 --> 07:06.200 So copy this, paste it up here and simply change the message. 07:06.200 --> 07:09.500 Again, we can pass on the message code here as well. 07:09.530 --> 07:12.440 I need to work on why the code is not actually transferring. 07:12.680 --> 07:17.300 I'll check that soon and we can say that the password. 07:19.170 --> 07:24.870 Password and confirm password. 07:25.260 --> 07:26.970 Do not match. 07:27.390 --> 07:27.980 Match. 07:27.990 --> 07:28.650 There we go. 07:30.120 --> 07:35.460 Assuming that we have also passed on with this check, that means the fields are also correct. 07:35.460 --> 07:37.290 Again, this was kind of a necessary check. 07:37.290 --> 07:38.910 You can just send one field only. 07:38.910 --> 07:40.410 That would be also fine. 07:40.620 --> 07:43.170 In this case I'll select user password. 07:43.170 --> 07:47.880 Remember user has this password field that will be filled by request dot body. 07:47.880 --> 07:51.660 I could have saved that into a variable that would be better. 07:51.660 --> 07:54.780 Now we are actually filling that field with the password. 07:54.810 --> 07:56.190 The most important thing. 07:56.190 --> 07:58.320 Yes, we are going to go ahead and save this one. 07:58.320 --> 08:01.170 So we're going to go ahead and say, hey, a user dot save. 08:01.170 --> 08:02.760 In this case, we can save it. 08:02.760 --> 08:03.780 We don't need to say that. 08:03.780 --> 08:08.880 Hey, don't check anything because things are all fine in this case because user is already registered. 08:08.880 --> 08:11.760 We are just resetting or kind of updating one field here. 08:12.660 --> 08:17.430 Now, one more interesting thing is if the user is all saved, then the most important thing is, which 08:17.430 --> 08:21.930 a lot of people forget, is you haven't actually reset these two fields. 08:22.080 --> 08:23.610 There is already a data in this. 08:23.610 --> 08:25.050 This should be now undefined. 08:25.050 --> 08:27.990 So let's go ahead and copy these fields and make them undefined. 08:28.080 --> 08:34.320 So we're going to come here and we're going to say user dot and we're going to duplicate this one and 08:34.320 --> 08:36.450 take another field which is expiry. 08:36.450 --> 08:37.470 Copy that. 08:38.520 --> 08:40.020 And there we go. 08:40.080 --> 08:47.440 So these all both are going to go ahead and let me go ahead and and we're going to go ahead and say, 08:47.440 --> 08:49.560 hey, both of these are undefined. 08:49.560 --> 08:50.340 So there we go. 08:50.340 --> 08:53.140 Save that, and now we can go ahead and save this one. 08:53.160 --> 08:56.610 Now, since we have saved this, there are a couple of options in front of you. 08:56.640 --> 08:59.340 You can go ahead and say that, hey, now these are all updated. 08:59.340 --> 09:01.230 You can actually go ahead and log in into that. 09:01.230 --> 09:06.030 Or once the user is actually set these password and successfully verified everything, you can send 09:06.030 --> 09:06.780 him the token. 09:06.780 --> 09:08.790 So it is totally your option. 09:08.790 --> 09:15.000 So send a JSON response or send a token. 09:15.000 --> 09:18.090 You are totally, totally capable of doing both of them. 09:18.090 --> 09:22.320 I'm going to go ahead and just simply send him the tokens and all the details. 09:22.320 --> 09:25.440 So let's go ahead and see that how we are doing it in the login. 09:26.310 --> 09:33.030 And we are saying that cookie tokens, so copy that and come back here and just paste that. 09:34.170 --> 09:40.320 Now in theory, if we actually grab this email and this link, we should be able to successfully do 09:40.320 --> 09:40.800 that. 09:40.800 --> 09:46.170 But the problem is we haven't said the link properly yet, so we're going to go ahead and make this 09:46.170 --> 09:46.980 link properly. 09:46.980 --> 09:54.420 So this is going to be a slash password slash reset, and then the tokens are copying it from here. 09:55.560 --> 09:57.540 And going into the roots. 09:57.540 --> 10:00.810 Let's go ahead and have this one since this will be sending some data. 10:00.840 --> 10:08.640 This needs to be a post route and the route is going to be slash two slashes, slash password, slash 10:08.640 --> 10:09.150 reset. 10:09.150 --> 10:14.370 And then we're going to say colon and make sure you call it as 100% token because that's we are extracting 10:14.370 --> 10:18.360 from the URL, but the method is not yet being exported. 10:18.360 --> 10:22.170 So let's go ahead and say that forgot token. 10:22.230 --> 10:26.010 No, this is not method name not even forgot password. 10:26.010 --> 10:26.970 Password reset. 10:26.970 --> 10:27.870 Copy that. 10:29.850 --> 10:31.410 And this needs to come up. 10:31.410 --> 10:32.220 So there we go. 10:32.250 --> 10:36.180 Password reset and this is lot will be handled by password reset. 10:36.330 --> 10:42.050 So hopefully in theory now we are capable of changing the password for a user. 10:42.060 --> 10:45.600 Let's go ahead and verify that it's not yet been 30 minutes. 10:45.600 --> 10:52.080 I'm back to back recording these videos so I can go back onto this one and let's go ahead and try to 10:52.290 --> 10:53.490 copy this. 10:54.920 --> 10:56.740 And go back to our postmen. 10:56.750 --> 10:58.580 Get another route up here. 10:59.210 --> 11:02.450 So let's go ahead and create a save as. 11:03.500 --> 11:07.610 And this one is going to be reset password. 11:08.750 --> 11:10.790 Password just like that. 11:10.940 --> 11:16.740 This one is obviously going to be a post route and this allow doesn't look like this. 11:16.760 --> 11:23.630 I need to grab I can actually grab the entire email itself so I can go ahead and say, hey, I want 11:23.630 --> 11:25.860 to send the email onto this entire route. 11:25.880 --> 11:27.680 This is what we are getting from the back end. 11:28.040 --> 11:31.160 And not only this route slash password slash reset. 11:31.160 --> 11:34.040 So we'll grab the token from here in the body. 11:34.040 --> 11:36.620 We need to send the password and confirm password. 11:36.890 --> 11:40.710 So password and we need to set. 11:40.730 --> 11:45.270 I'll just copy the things from the back end because I know I might make a mistake. 11:45.290 --> 11:45.920 So what? 11:45.920 --> 11:48.260 We are checking it for the confirm password. 11:48.260 --> 11:49.370 So copy that. 11:49.970 --> 11:51.080 Bring it up here. 11:52.190 --> 11:54.790 And the confirmed password both needs to be equal. 11:54.800 --> 11:57.260 So we're going to go ahead and work on with that. 11:57.650 --> 11:59.810 Let's go ahead and set another password. 11:59.810 --> 12:02.690 So this time, password is changing to one, one, two, two, three, three. 12:03.410 --> 12:06.860 And this also needs to be changed as one, one, two, two, three, three. 12:07.700 --> 12:09.680 So let's go ahead and moment of the truth. 12:09.680 --> 12:11.950 Let's go ahead and see if it is working or not. 12:11.960 --> 12:14.570 So sending that it says error cannot post. 12:14.660 --> 12:16.700 Password reset and all of that. 12:16.970 --> 12:20.050 So it looks like we are not accepting the post request. 12:20.060 --> 12:25.660 Let's go ahead and see and we are accepting password reset. 12:25.670 --> 12:26.810 Did I saved it? 12:28.170 --> 12:29.110 Oh, my bad. 12:29.130 --> 12:32.610 Just realize that we cannot actually go ahead and craft it like this. 12:32.880 --> 12:35.820 We need to use API slash V1 there. 12:35.820 --> 12:41.070 So if we need to change this one because this is actually a slash API slash v1. 12:41.070 --> 12:42.930 So we need to change the route a little bit. 12:42.930 --> 12:47.970 But this is exactly the route where we need to send that little bit tricky of a bug, but let's go ahead 12:47.970 --> 12:52.740 and try to see that and we can just add these two lines in the sending the email. 12:52.740 --> 12:56.570 So let's go ahead and send this one and say says token invalid or expired. 12:56.970 --> 12:58.770 So token has expired on our case. 12:59.040 --> 12:59.490 No big deal. 12:59.490 --> 13:03.450 Let's go ahead and send another forgot password token on to this one, which is two. 13:03.720 --> 13:05.460 Let's go ahead and send this one. 13:05.880 --> 13:07.790 Hopefully we'll receive another email. 13:07.800 --> 13:10.050 So seems like it's over 30 minutes now. 13:10.050 --> 13:13.200 You realize how much it takes to send to create the videos. 13:13.460 --> 13:14.490 Okay, another one. 13:14.490 --> 13:15.090 Let's go ahead. 13:15.090 --> 13:18.480 And this time, different token came in and again, we need to fix this. 13:18.480 --> 13:21.300 You are all part because this is API slash V1. 13:21.300 --> 13:27.870 This is where we need to go and let's go into the reset password, paste that and this time we need 13:27.870 --> 13:38.010 to go ahead and say this is slash API, slash V one slash password reset and the token and then we are 13:38.010 --> 13:40.050 sending the password and confirmed password. 13:40.050 --> 13:42.420 So send that and notice. 13:42.420 --> 13:46.020 Well we are now grabbing the user and token and everything. 13:46.020 --> 13:50.400 This means the password has successfully being changed for the to at the rate ae. 13:51.150 --> 13:57.360 Let's try to log in and verify that that inside the login we have this raw data or we're not sending 13:57.360 --> 13:58.890 any raw data into the login. 14:00.030 --> 14:00.870 Very strange. 14:01.620 --> 14:04.410 Let's go ahead and say that we are sending the email. 14:04.920 --> 14:14.250 The email is going to be to add the rate ae dot dev and let's go ahead and add a password. 14:15.420 --> 14:19.240 And the password is going to be one, one, two, two, three, three. 14:19.260 --> 14:20.820 Let's first try the old password. 14:20.820 --> 14:24.210 One, two, three, four, five, six and send that. 14:24.570 --> 14:26.250 And obviously it doesn't match. 14:26.250 --> 14:26.970 Fantastic. 14:26.970 --> 14:28.240 This is exactly what we want. 14:28.260 --> 14:31.230 Let's try one, one, two, two, three, three. 14:31.560 --> 14:34.770 Send that and voila, we are actually logging in. 14:34.770 --> 14:35.670 So that's great. 14:35.940 --> 14:39.660 The only thing is we have to craft our URL very, very carefully. 14:39.660 --> 14:42.870 Otherwise user may find it a little bit confusing. 14:43.140 --> 14:47.730 Let's go ahead and check the user controller and craft the email better. 14:47.730 --> 14:51.270 So this is the request host then we are having slash. 14:52.170 --> 14:58.110 We are we need to come here slash API slash v one slash password. 14:58.110 --> 15:00.960 So this is the exact root that should be there. 15:01.470 --> 15:06.060 No big deal, no need to test that again because we obviously know that just changing the URL is not 15:06.060 --> 15:07.080 going to bother us too much. 15:07.080 --> 15:10.020 But in the ideal case, I would love to check that again. 15:10.140 --> 15:12.660 Okay, so now let's see where we are. 15:13.230 --> 15:17.370 So we have sign up login logout, forgot password password reset token as well. 15:17.370 --> 15:21.870 Now we need to work on a user and when the user update password. 15:21.870 --> 15:26.820 Now this update password we have worked on when the user has no idea that how to actually login into 15:26.820 --> 15:27.180 that. 15:27.180 --> 15:32.130 If a user is already logged in, that is actually a simpler update, just a regular update and user 15:32.130 --> 15:36.020 might want to update his email or something else that we also need to take care. 15:36.030 --> 15:37.920 Let's go ahead and catch up in the next video.