Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GH-3245 Change password from settings page #3538

Merged
merged 44 commits into from
Jan 25, 2024
Merged

GH-3245 Change password from settings page #3538

merged 44 commits into from
Jan 25, 2024

Conversation

i-am-chitti
Copy link
Contributor

@i-am-chitti i-am-chitti commented Jan 18, 2024
edited
Loading

Description

This PR adds password reset feature to change password from settings page. Here is the workflow -

  1. On clicking "Change Password", a reset token is generated. This is done via emailPasswordResetLink mutation. It generates the token and store its hash in DB with an expiry. It sends back the confirmation to user.
  2. It mails the user their plain token. If user tries to generate the token again within a certain time defined in constant PASSWORD_RESET_TOKEN_EXPIRES_IN, it will throw error. Also, this constant is optional. Its default is 5 minutes.
  3. Once user opens the link present in the email, he will be directed to reset-password/:token path. Here a validation of token is carried out through validatePasswordResetToken query. If invalid, in case of non-logged in, redirected to sign in page else to index page.
  4. Next, password reset form appears. He enters the new password. Updation is done via mutation updatePasswordViaResetToken. It validates the token again and then, new password. New password should be same as old. On success, it updates the password and sends the success confirmation.
  5. Now, if user was logged in, he will be directed to sign in page. Else, he is logged in programatically and directed to sign in page.

Have a look at the attached Gdrive link where complete flow has been recorded.

Issue

Note

  • Migration has been already added to add the DB column for storing token and expiry.
  • There was some unknown error during graphql data generation. Hence, had to use skipValidation in codegen.cjs. This error is not related to mine changes. It started popping once I synced the main branch. Request you to kindly regenerate the graphql files before merging.
image

Screenshots

image image image image image

Screencast

https://drive.google.com/file/d/1y6q6ocakQa6sScMuPZQYdDeXGuuNyFyQ/view?usp=sharing

@i-am-chitti
twentyhqGH-3245 add passwordResetToken and passwordResetTokenExpiresA…
1c47a86 
…t column on user entity
@i-am-chitti
Add password reset token expiry delay env variable
b3bca79
@i-am-chitti
Add generatePasswordResetToken mutation resolver
a095d3b
@i-am-chitti
Update .env.sample file on server
332a6bf
@i-am-chitti
Add password reset token and expiry migration script
28d56aa
@i-am-chitti
Add validate password reset token query and a dummy password update (…
a822926 
…WIP) resolver
@i-am-chitti
Fix bug in password reset token generate
2e3b5ab
@i-am-chitti
Merge branch 'main' into twentyhqGH-3245/password-reset
949ade1
@i-am-chitti
add update password mutation
bd16ea6
@i-am-chitti
Merge branch 'main' into twentyhqGH-3245/password-reset
fe2249d
@i-am-chitti
Update name and add email password reset link
ea035a6
@i-am-chitti
Add change password UI on settings page
a519dd2
@i-am-chitti
Add reset password route on frontend
48b4d04
@i-am-chitti
Add reset password form UI
1e1a82d
@i-am-chitti
Merge branch 'main' into twentyhqGH-3245/password-reset
f5f91e1
@i-am-chitti
sign in user on password reset
dcd3533
@i-am-chitti
format code
fe45e11
@i-am-chitti
make PASSWORD_RESET_TOKEN_EXPIRES_IN optional
f09ebff
@i-am-chitti
add email template for password reset
50bb409
@i-am-chitti
Improve error message
431668f
@i-am-chitti
Rename methods and DTO to improve naming
f2dc994
@i-am-chitti
fix formatting of backend code
7c63e14
@i-am-chitti
Merge branch 'main' into twentyhqGH-3245/password-reset
8ca7d72
@i-am-chitti
Update change password component
ee13204
@i-am-chitti
Update password reset via token component
75ffcbd
@i-am-chitti
update graphql files
fd6f562
@i-am-chitti
spelling fix
2711d36
@i-am-chitti
Make password-reset route authless on frontend
dc34769
@i-am-chitti
show token generation wait time
8075361
@github-actions GitHub Actions
Copy link

github-actions bot commented Jan 18, 2024
edited
Loading

Warnings
⚠️

Changes were made to package.json, but not to yarn.lock - Perhaps you need to run yarn install?
⚠️ Changes were made to the environment variables, but not to the documentation - Please review your changes and check if a change needs to be documented!

Generated by 🚫 dangerJS against 4f481df

@martmull
Copy link
Contributor

@i-am-chitti merging main in your branch should fix the graphql:data:generate command also

@i-am-chitti
Copy link
Contributor Author

Thanks @martmull for the review. I'll be pushing the updates soon.

@i-am-chitti
Copy link
Contributor Author

@martmull, I've made the changes. You can have a re-review.

@i-am-chitti i-am-chitti requested a review from martmull January 23, 2024 21:47
martmull
martmull requested changes Jan 24, 2024
View reviewed changes
Copy link
Contributor

@martmull martmull left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey @i-am-chitti, that's really good work. I have some minor changes regarding email css and code style. I don't want to be too touchy on that so don't hesitate to ask me to pass those changes! Also, I will ask @lucasbordeau to double check the front part. Then we will be able to merge 🎉. Really nice job again!

packages/twenty-emails/src/components/Link.tsx Outdated Show resolved Hide resolved
packages/twenty-emails/src/emails/password-reset-link.email.tsx Outdated Show resolved Hide resolved
packages/twenty-emails/src/emails/password-reset-link.email.tsx Outdated Show resolved Hide resolved
packages/twenty-emails/src/emails/password-update-notify.email.tsx Outdated Show resolved Hide resolved
packages/twenty-emails/tsup.index.tsx Outdated Show resolved Hide resolved
@lucasbordeau
Copy link
Contributor

Nice work !

@martmull
Copy link
Contributor

@i-am-chitti , this diff will fix your tests also
image

@i-am-chitti
Copy link
Contributor Author

@martmull Thanks for the diff and helping hand. Indeed, feel free to push the changes in PR itself.
Thanks @lucasbordeau for the review. I've pushed changes for PR feedbacks.

I've pushed the diff, but seems there are further tests failing related to emails. Could you have a look once and direct me how to get them fixed?

@martmull
Copy link
Contributor

@i-am-chitti thank you for your changes. I have added one last commit to fix the CI (it was an issue with twenty-emails package, not your fault). Think we are able to merge now 🚀. Thank you very much for your contrib, it is really good job. Cheers 🤗

@martmull martmull merged commit 46f0eb5 into twentyhq:main Jan 25, 2024
10 checks passed
@martmull martmull linked an issue Jan 26, 2024 that may be closed by this pull request
Change password from settings #3245
Closed
@FelixMalfait
Copy link
Member

Great work @i-am-chitti !!! Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lucasbordeau lucasbordeau lucasbordeau left review comments

@martmull martmull martmull approved these changes

Assignees

@martmull martmull

Labels
-PR: awaiting author
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Change password from settings
5 participants
@i-am-chitti @charlesBochet @martmull @lucasbordeau @FelixMalfait