node package manager


forgot password middleware for lockit

Lockit forgot password

Help users who forgot their passwords for your Express app. The module is part of Lockit.

npm install lockit-forgot-password

var ForgotPassword = require('lockit-forgot-password');
var utils = require('lockit-utils');
var config = require('./config.js');
var db = utils.getDatabase(config);
var adapter = require(db.adapter)(config);
var app = express();
// express settings 
// ... 
// sessions are required - either cookie or some sort of db 
  secret: 'this is my super secret string'
// create new ForgotPassword instance 
var forgotPassword = new ForgotPassword(config, adapter);
// use forgotPassword.router with your app 

More about configuration at Lockit.

  • allow password reset for users
  • input validation
  • link expiration times
  • user email verification via unique token
  • hash password using pbkdf2
  • token format verification before database querying
  • GET /forgot-password
  • POST /forgot-password
  • GET /forgot-password/:token
  • POST /forgot-password/:token

If you've set in your config.js the module behaves as follows.

  • all routes have /rest prepended
  • GET /rest/forgot-password is next()ed and you can catch /forgot-password on the client
  • POST /rest/forgot-password stays the same but sends JSON
  • GET /rest/forgot-password/:token sends JSON and you can catch /forgot-password/:token on the client
  • POST /rest/forgot-password/:token sends JSON

$ npm test