xforgot - a library for generating password reset tokens
xforgot generates and verifies time-limited one time passwords suitable for
including in password reset links.
npm install --save xforgot
var xforgot = ;var token = ;// Send token to user via URL...if xforgot// Reset the user's password...
Alternatively, you may create an instance of XForgot to override the default settings:
var XForgot = XForgot;var xforgot = salt: "xyzzy";// Continue as before...
secret option is required to both generate and verify user-specific
tokens. Otherwise, everyone would be able to reset each other's passwords 😱
On the other hand, the
salt option is used to make it more difficult for
someone to generate valid tokens if a hacker were to somehow gain access to the
user-specific secret. The salt may be generated per token or set per
application. In either case, the salt should be stored separately from the user-
specific secret for better security.
Full documentation at http://mikepb.github.io/xforgot/