WEBVTT

00:04.540 --> 00:06.820
OC hey that everyone had their share.

00:06.820 --> 00:08.320
And welcome to another video.

00:08.350 --> 00:12.850
Now in this video, I will give you a brief walkthrough that how the forgot password feature actually

00:12.850 --> 00:13.420
works.

00:13.450 --> 00:18.460
Now, by understanding this, you will also understand that in case you want to allow the feature of

00:18.460 --> 00:23.440
verifying the user and their verifying their email, also, this is exactly how it works.

00:23.470 --> 00:26.020
A lot of time people just work into the code itself.

00:26.020 --> 00:28.460
That's why they are not able to visualize this properly.

00:28.480 --> 00:32.890
Once you understand this here, writing the code for it is going to be much, much easier.

00:32.890 --> 00:34.630
So let me show you that, how it works.

00:34.660 --> 00:36.610
So this is the database that you have created.

00:36.610 --> 00:38.550
It can be MongoDB, MySQL, whatever.

00:38.560 --> 00:41.790
This is an abstraction concept and it works exactly same everywhere.

00:41.800 --> 00:45.970
And this is you with your computer or your laptop, whatever you are doing.

00:45.970 --> 00:48.190
Now, let's just say you have forgot your password.

00:48.190 --> 00:53.500
So what happens is you actually make a request that, hey, I have forgot my password in that you write

00:53.500 --> 00:58.360
your email and you simply send that, Hey, send me the instruction, how can I reset my password?

00:58.390 --> 01:03.620
Now in the back end, you actually go ahead and check whether this user exists in your database or not.

01:03.640 --> 01:07.660
If he exists, then we simply create a method which is a token generation.

01:07.750 --> 01:11.740
Now, this token generation method actually go ahead and creates a token.

01:11.890 --> 01:13.870
And now what is going to happen after that?

01:13.870 --> 01:15.340
This is the most important thing.

01:15.340 --> 01:20.890
This token generation is going to create a token, and this token will be sent to both database and

01:20.890 --> 01:21.740
to you as well.

01:21.760 --> 01:23.560
Now, what's going to be inside this token?

01:23.590 --> 01:30.220
A simple string, obviously complex a string or long number of crypto hash and then expiry date as well.

01:30.250 --> 01:35.290
Now, once you have this into the database as well as being sent to the user, the next request needs

01:35.290 --> 01:36.870
to come from the user itself.

01:36.910 --> 01:42.790
User will be sending this exact token from the URL or maybe from other places as well.

01:42.790 --> 01:43.780
Doesn't really matter.

01:43.780 --> 01:47.500
You might have seen this sometimes that an email comes up, you simply click on that.

01:47.500 --> 01:51.850
When you click on that, you are actually transform into a long, long string up there.

01:51.940 --> 01:57.640
Now after that, you simply go ahead and send me the new passwords or the password, whatever it is,

01:57.640 --> 02:01.050
or maybe confirm password and all of that, and you send it to the back end.

02:01.060 --> 02:05.980
Now in the back end, it is my responsibility to first check the expiry that the token that you are

02:05.980 --> 02:11.230
bringing up in the URL, does the expiry has expired or is it still a valid token?

02:11.230 --> 02:16.450
If the expiry is still valid, then I go ahead and compare the token itself that the token which is

02:16.450 --> 02:22.240
stored in my database is actually exactly the token which you have sent me from the front end or from

02:22.240 --> 02:23.350
your end as well.

02:23.380 --> 02:28.240
Now, if the both of them matches, then I simply go ahead and allow you to change the password.

02:28.240 --> 02:30.370
And that's how the forgot password works on.

02:30.550 --> 02:33.880
Now, for a moment, I hope you have understood this one for a moment.

02:33.880 --> 02:38.760
Thing that how you can actually use this exact same flow in verifying the user.

02:38.770 --> 02:40.810
Can we have a brainstorming on that as well?

02:40.810 --> 02:45.040
We won't be implementing it, but I am pretty sure having this brainstorming session will help you to

02:45.040 --> 02:46.060
understand this one.

02:46.060 --> 02:48.790
So let's just say a user has registered on their website.

02:48.790 --> 02:51.280
He has created email, password and everything.

02:51.280 --> 02:52.840
Now you want to verify him.

02:52.840 --> 02:57.610
So what you're going to do, you're going to just simply add a field onto your database which says is

02:57.610 --> 03:01.590
user verified or something similar and it's going to be default as false.

03:01.600 --> 03:06.520
Now you also go ahead and request this token generation that, hey, create me a token generation,

03:06.520 --> 03:13.050
and this will help me to actually turn this flag or a simple field is user verified to on and off.

03:13.060 --> 03:16.330
Now this is not the job of this token generation to check that field.

03:16.330 --> 03:18.640
This is the job in the back end controller itself.

03:18.640 --> 03:21.970
The job of this token generation is to simply create a token.

03:22.510 --> 03:27.280
Now, what we're going to do again, we're going to go ahead and send this token to both places, the

03:27.280 --> 03:28.990
database and to the user as well.

03:29.020 --> 03:31.450
The user clicks on the link and that's it.

03:31.450 --> 03:34.210
We are going to just take that link onto the database.

03:34.210 --> 03:36.850
We are going to first match whether the link has expired or not.

03:36.850 --> 03:38.170
No, it has not expired.

03:38.170 --> 03:42.580
Then we're going to verify the string that the string that I am holding in the database is actually

03:42.580 --> 03:45.190
the same string that is being sent to the user itself.

03:45.190 --> 03:50.230
If both the string matches, that means the user is verified and I can turn on the flag as on that.

03:50.230 --> 03:55.360
Yes, this user is verified so that later in the future I don't have to create this token again.

03:55.360 --> 03:59.590
Again, this is a brainstorming session and these sessions are really important to actually understand

03:59.590 --> 04:00.670
what you are about to do.

04:00.670 --> 04:05.470
So in the next video I will walk you through that how we can add a couple of more fields, including

04:05.470 --> 04:10.420
this token generation and some more fields so that we can provide the functionality of the forgot password

04:10.420 --> 04:11.230
to any user.

04:11.230 --> 04:12.790
So I hope this diagram will help you.

04:12.790 --> 04:16.210
Again, these are all presentations that everything will be available to you so that you can actually

04:16.210 --> 04:17.950
revise it whenever you want to.

04:17.980 --> 04:20.020
Let's go ahead and catch up in the next video.