WEBVTT

00:03.760 --> 00:04.600
Hey, did everyone.

00:04.690 --> 00:05.200
They sure.

00:05.200 --> 00:06.940
And welcome to another video.

00:06.970 --> 00:11.440
In this video, we're going to talk about how we can create a forgot password token.

00:11.470 --> 00:12.790
Now, let me break it to you.

00:13.060 --> 00:18.880
The token literal meaning of the token is something which actually encapsulates some of the information

00:18.880 --> 00:21.370
like user ID, expiry time and a whole bunch of things.

00:21.400 --> 00:26.360
In the technicality, that is considered as token in the case of forgot password.

00:26.380 --> 00:27.760
This is not really a token.

00:27.760 --> 00:29.740
This is just a random string.

00:29.770 --> 00:34.240
Yes, we do call it as a token to call it or to sound a little bit more complex.

00:34.240 --> 00:38.650
But in reality, it's just a string that you have stored in the database itself and you are sending

00:38.650 --> 00:40.290
it to somebody in the front end as well.

00:40.300 --> 00:42.340
So this is really the most important thing.

00:42.700 --> 00:44.560
Now let's go ahead and work on with that.

00:44.560 --> 00:54.520
So what we're going to go ahead and call this one is simply to generate, generate, forgot password.

00:54.760 --> 00:55.390
Token.

00:55.390 --> 00:59.830
But I'm going to go ahead and write this into the bracket that this is basically a string, nothing

00:59.830 --> 01:00.660
more than that.

01:00.670 --> 01:05.320
So let's go ahead and again, call this user schema that, hey, user schema, you will be having an

01:05.320 --> 01:13.240
access to a method and we are going to call this one as get forgot for God password.

01:14.090 --> 01:15.740
Let's take their password.

01:15.830 --> 01:17.730
Token okay.

01:18.050 --> 01:24.170
Again, reminding you again, this is not itself a token so we don't use JWT or anything in that you

01:24.170 --> 01:26.240
can, but there is no point of using it.

01:26.240 --> 01:30.170
In fact, you are bringing a lot of unwanted heat onto yourself.

01:30.170 --> 01:31.430
You shouldn't be doing that.

01:31.430 --> 01:34.850
So let's work on how to generate the random string here.

01:34.850 --> 01:37.670
So we're going to go ahead and say, Hey, this is going to be a basic function.

01:37.670 --> 01:39.830
We don't need any input from the user itself.

01:39.830 --> 01:42.110
We just can have this method on its own.

01:42.200 --> 01:52.730
The first rule is to generate a long, long and random string so how we can generate a random string

01:52.730 --> 01:53.600
in the JavaScript.

01:53.600 --> 01:57.530
This is again a topic of a lot of debate that you can work on with.

01:57.860 --> 02:00.050
And again, let me show you a couple of examples.

02:00.260 --> 02:03.200
The first example is to be dependent on some packages.

02:03.200 --> 02:05.000
So there is packages like Nano ID.

02:05.000 --> 02:07.820
Some of you might be familiar with the UUID as well.

02:07.820 --> 02:12.440
And as soon as you use this, this is going to give you something like this, which is definitely in

02:12.440 --> 02:16.190
a unique itself and definitely usable, 100% usable.

02:16.190 --> 02:17.300
No problem at all.

02:17.300 --> 02:21.020
In case you want to bring this package, just go ahead and say, hey, I want to import this and I want

02:21.020 --> 02:23.720
to say whatever this is and model nano ID.

02:23.720 --> 02:28.400
So really a simple one of the most simplest tool to use in case you don't like this one.

02:28.400 --> 02:33.320
There is no shortage of such packages like there is a random string package and you can just say npm,

02:33.320 --> 02:38.480
install random string and as soon as you are going to say, hey, I want to require this and then simply

02:38.480 --> 02:41.240
say generate it going to generate a random string for you.

02:41.270 --> 02:45.920
You can also say that I want to generate random string of seven values or only alpha numeric.

02:45.920 --> 02:50.660
So there's a whole lot of options, no shortage of such options, and in fact they are pretty much popular

02:50.660 --> 02:51.290
as well.

02:51.290 --> 02:52.880
A lot of people like to use that.

02:53.000 --> 02:58.130
What I personally like to use that is something which comes up right out of the box from the node itself.

02:58.130 --> 03:02.660
And if you'll if you'll just search it on the StackOverflow somewhere, how to generate the random string.

03:02.660 --> 03:04.580
You'll find a lot of debate about it.

03:04.580 --> 03:05.530
Which one is good?

03:05.540 --> 03:06.560
3000 votes.

03:06.560 --> 03:06.830
Come on.

03:06.830 --> 03:10.160
This is something which a lot of people are interested in still.

03:10.340 --> 03:15.920
So we can just have a characters and can generate on that simple for loop is going to work through my

03:15.920 --> 03:18.020
favorite method again personal preference here.

03:18.020 --> 03:22.640
My favorite method is not to use this random but actually to use a package which is crypto.

03:22.670 --> 03:26.060
And I'll tell you the reason why we I actually love that personally.

03:26.060 --> 03:27.920
So all you got to do is require the crypto.

03:27.920 --> 03:29.000
You don't need to install it.

03:29.000 --> 03:31.490
It comes up right out of the box from the node itself.

03:31.490 --> 03:35.960
And then simply you can just generate a random byte just like this, and it will generate your random

03:35.960 --> 03:39.440
byte of string just like that that finds that is great.

03:39.440 --> 03:43.640
In fact, I'm going to go ahead and copy this line and work on with that.

03:43.640 --> 03:45.260
So go ahead and copy this.

03:45.560 --> 03:46.640
Come back onto here.

03:46.640 --> 03:48.410
First, let's import the crypto.

03:48.410 --> 03:52.310
So I'm going to go ahead and say, hey, I need a package known as crypto.

03:52.340 --> 03:57.830
It is already installed in you so you can just say require and just say crypto again.

03:57.830 --> 03:59.900
Default node package.

04:00.230 --> 04:03.170
I'll come back here and I'll say, Hey, I need a token.

04:03.170 --> 04:10.430
So I'll just say Var let's replace this with const and this is my forgot password token.

04:10.430 --> 04:14.750
So I'm going to say forgot token.

04:14.750 --> 04:16.520
Yeah, that's a decent name.

04:16.520 --> 04:17.990
So Forgot Token is there.

04:18.020 --> 04:22.910
Now this is absolutely 100% fine and you can just directly go ahead and save this.

04:22.910 --> 04:29.150
In fact, you can you can just go ahead and say, hey, I want to just go ahead and say that this dot

04:29.750 --> 04:38.540
forgot password token that is going to be updated by this forgot token, this is absolutely 100% fine.

04:38.540 --> 04:40.250
There is no problem in this one.

04:40.370 --> 04:44.960
But I like to go ahead and move on to one step further onto this one and would like to introduce you

04:44.960 --> 04:46.580
a small concept here as well.

04:46.700 --> 04:49.820
There is something, a concept known as cryptographic hash function.

04:49.820 --> 04:51.890
Now, again, this is not too much required here.

04:51.890 --> 04:54.380
You can skip this, but I love to do it.

04:54.530 --> 05:00.200
Now, what this actually does, it actually is an algorithm that maps the data of arbitrary size that

05:00.200 --> 05:04.010
can that means any size to a bit area of fixed size.

05:04.010 --> 05:09.230
So whenever you actually go ahead and give it a string, it always generates a kind of a string which

05:09.230 --> 05:10.850
is always fixed in size.

05:10.850 --> 05:17.510
But the advanced thing is that the only way to to find the message, what's inside this string is actually

05:17.510 --> 05:22.760
brute force, which can take a really long years, and the information is not going to be valuable.

05:22.760 --> 05:25.250
So cryptographic functions are basic need of it.

05:25.250 --> 05:29.660
So we would love to hash this generated string which is generated again.

05:29.660 --> 05:34.820
This is already a very secure string, but I personally love to actually go ahead and kind of encrypt

05:34.820 --> 05:35.450
this one.

05:35.450 --> 05:37.310
So for this, it's really simple.

05:37.310 --> 05:39.290
It's just a couple of lines that you have to write.

05:39.290 --> 05:43.550
So crypto dot simply create hash, that's all you got to do.

05:43.730 --> 05:46.850
But a little bit more methods are chained on on top of that.

05:46.850 --> 05:50.270
So first you need to define what kind of hashing algorithm you want to use.

05:50.270 --> 05:54.950
Again, notice they are mentioning it here algorithm as a string, then option and crypto hash option.

05:54.950 --> 05:56.570
So you need to use all of them.

05:56.570 --> 05:58.490
Again, there is no shortage of such algorithm.

05:58.490 --> 06:04.040
One of the favorite ones for everyone is to 56 SHA, because encryption done by this algorithm takes

06:04.070 --> 06:10.280
years to decrypt even with the brute force, then you can just pass on what is the value that you want

06:10.280 --> 06:10.880
to update.

06:10.880 --> 06:13.430
So my value is just this forgotten.

06:13.500 --> 06:16.230
Token and I want to create a digest on that.

06:16.230 --> 06:21.660
So I'm going to go ahead and say, hey, digest and digest is going to be of type of hex.

06:21.660 --> 06:23.310
Again, it moved on to the next line.

06:23.550 --> 06:25.500
So let me show you it on one line.

06:25.500 --> 06:26.010
There we go.

06:26.010 --> 06:29.760
So this is how it looks, this forgot password and all of that.

06:30.210 --> 06:32.250
Now, I would like to add a comment here.

06:32.250 --> 06:33.720
So now you see that on one line.

06:33.720 --> 06:34.830
I can go back here.

06:35.040 --> 06:38.490
Now, I would also like to add one line of comment here for you.

06:38.970 --> 06:43.470
So this is actually we are getting a hash.

06:44.490 --> 06:55.740
So this means that if you are using this method, then make sure to get a hash on on the back end as

06:55.740 --> 06:56.250
well.

06:56.250 --> 07:00.960
Now, this is a model this is this is definitely a back end, but this is so when the user is going

07:00.960 --> 07:07.200
to give us because we are storing inside the database this hash, we are not storing this forgot token.

07:07.200 --> 07:11.340
And what will be sending to the user is simply this forgot token.

07:11.340 --> 07:14.820
We will not be sending this hash to value because we want to compare this.

07:14.820 --> 07:19.710
So whatever user sends me there, I will again run the exact same function on this.

07:19.710 --> 07:23.910
And if the token is going to be same, I'll get the exact same value here.

07:23.910 --> 07:28.950
So again, really the simple this is kind of a my way of tokenizing the thing and then let's set a time

07:28.950 --> 07:32.070
on this time of token.

07:32.070 --> 07:38.610
So again, this needs to go into the database so I can go ahead and say, hey, this dot forgot password

07:38.610 --> 07:42.660
expiry and this is going to start from date now.

07:42.660 --> 07:48.360
So whenever somebody calls this method, let's go ahead and add probably 20 minutes is fine.

07:48.360 --> 07:54.210
So let's go ahead and say 20 minutes and I have to multiply it by 1000.

07:54.210 --> 07:56.160
So this is how we get it again.

07:56.160 --> 07:59.490
Do you want to control this time from the E and V?

07:59.490 --> 08:01.020
Just go ahead and add this one.

08:01.020 --> 08:06.780
You can just add one more field which says, let's just say call it as forgot password expiry and you

08:06.780 --> 08:10.050
can just cut this entire line and that's it.

08:10.050 --> 08:14.790
And in place of here, you just have to write, processed and be not forgot password expiry time.

08:14.790 --> 08:16.050
That's all you've got to do.

08:16.170 --> 08:21.300
Now, again, the most important thing here is that make sure you go ahead and return.

08:21.300 --> 08:23.520
What you are returning really, really is important.

08:23.520 --> 08:26.280
We are going to return this forgot token.

08:26.280 --> 08:30.180
Yes, I could have stored this entire value into a string, could have returned that.

08:30.180 --> 08:31.920
But again, that doesn't make any sense.

08:31.920 --> 08:35.970
You can return why we are doing any hash if we just want to return this hash.

08:35.970 --> 08:41.610
So again, remember what I'm trying to say is we are creating a token on this random number, but in

08:41.610 --> 08:47.280
the database the hash values are stored and we are sending this user this forgot token only.

08:47.280 --> 08:52.950
So when he sends me back, then this comment line comes in that makes sure whatever user is sending

08:52.950 --> 08:57.690
you back this token, you make sure you encrypt that and then compare it with the database.

08:57.690 --> 09:03.930
If the both value matches, that means the value was not tampered, the value was not being manipulated

09:03.930 --> 09:05.430
and you are getting exactly the same.

09:05.460 --> 09:07.650
Do we need to go through with this much of the things?

09:08.220 --> 09:09.390
Probably not.

09:09.510 --> 09:14.850
But again, I wanted to show you a little bit on how more complex can go when you design a pro backend.

09:14.850 --> 09:18.720
Again, totally optional in case you don't want to do this much of the thing.

09:19.080 --> 09:19.620
No worries.

09:19.620 --> 09:24.420
You can just store this forgot password into the database itself, send it on the front end, match

09:24.420 --> 09:25.830
it at the time and that's it.

09:25.860 --> 09:27.090
Totally a total.

09:27.090 --> 09:27.660
Total.

09:27.690 --> 09:28.740
Your choice.

09:28.740 --> 09:30.150
Okay, so that's it.

09:30.150 --> 09:33.120
I guess that's all what we wanted to do into this user model.

09:33.120 --> 09:34.620
Had a great discussion on this one.

09:34.620 --> 09:37.230
I hope you enjoyed that many details as well.

09:37.230 --> 09:39.180
Let's go ahead and catch up in the next video.