xforgot
- a library for generating password reset tokens
xforgot
generates and verifies time-limited one time passwords suitable for
including in password reset links.
Install
npm install --save xforgot
Usage
var xforgot = ;var token = ; // Send token to user via URL... if xforgot // Reset the user's password...
Alternatively, you may create an instance of XForgot to override the default settings:
var XForgot = XForgot;var xforgot = salt: "xyzzy";// Continue as before...
Note the secret
option is required to both generate and verify user-specific
tokens. Otherwise, everyone would be able to reset each other's passwords 😱
On the other hand, the salt
option is used to make it more difficult for
someone to generate valid tokens if a hacker were to somehow gain access to the
user-specific secret. The salt may be generated per token or set per
application. In either case, the salt should be stored separately from the user-
specific secret for better security.
Documentation
Full documentation at http://mikepb.github.io/xforgot/
License
MIT