You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@couchdb.apache.org by Martin Broerse <ma...@gmail.com> on 2016/11/19 07:39:08 UTC
Password reset
Hi,
I an using e-mail addresses as usernames in the _user database. What is the
best practice to create a password reset mail option on cloudant?
- Martin
Re: Password reset
Posted by Martin Broerse <ma...@gmail.com>.
Hi Garren,
My app is a Couchapp that uses
https://github.com/martinic/ember-cli-deploy-couchdb so openwhisk seems to
be an option to build this.
- Martin
On Mon, Nov 21, 2016 at 11:00 AM, Garren Smith <ga...@apache.org> wrote:
> Hi Martin,
>
> Do you have a backend or is your app a Couchapp?
>
> Cheers
> Garren
>
> On Sun, Nov 20, 2016 at 10:03 PM, Martin Broerse <martin.broerse@gmail.com
> >
> wrote:
>
> > Is it perhaps possible to solve this with openwhisk ? Has anybody done
> this
> > already?
> >
> > - Martin
> >
> >
> > ---------- Forwarded message ----------
> > From: Martin Broerse <ma...@gmail.com>
> > Date: Sat, Nov 19, 2016 at 8:39 AM
> > Subject: Password reset
> > To: user@couchdb.apache.org
> >
> >
> > Hi,
> >
> > I an using e-mail addresses as usernames in the _user database. What is
> the
> > best practice to create a password reset mail option on cloudant?
> >
> > - Martin
> >
>
Re: Password reset
Posted by Garren Smith <ga...@apache.org>.
Hi Martin,
Do you have a backend or is your app a Couchapp?
Cheers
Garren
On Sun, Nov 20, 2016 at 10:03 PM, Martin Broerse <ma...@gmail.com>
wrote:
> Is it perhaps possible to solve this with openwhisk ? Has anybody done this
> already?
>
> - Martin
>
>
> ---------- Forwarded message ----------
> From: Martin Broerse <ma...@gmail.com>
> Date: Sat, Nov 19, 2016 at 8:39 AM
> Subject: Password reset
> To: user@couchdb.apache.org
>
>
> Hi,
>
> I an using e-mail addresses as usernames in the _user database. What is the
> best practice to create a password reset mail option on cloudant?
>
> - Martin
>
Fwd: Password reset
Posted by Martin Broerse <ma...@gmail.com>.
Is it perhaps possible to solve this with openwhisk ? Has anybody done this
already?
- Martin
---------- Forwarded message ----------
From: Martin Broerse <ma...@gmail.com>
Date: Sat, Nov 19, 2016 at 8:39 AM
Subject: Password reset
To: user@couchdb.apache.org
Hi,
I an using e-mail addresses as usernames in the _user database. What is the
best practice to create a password reset mail option on cloudant?
- Martin
Re: Password reset
Posted by Martin Broerse <ma...@gmail.com>.
Yes but openwhisk is a backend in modern form ;-) That is why it seems one
way to solve it.
- Martin
On Tue, Nov 29, 2016 at 3:20 PM, Garren Smith <ga...@apache.org> wrote:
> Hi Martin,
>
> Sorry I'm not sure. I am not a big fan of couchapps. I would rather have a
> backend that can do that all for me.
>
> Cheers
> Garren
>
> On Tue, Nov 29, 2016 at 12:42 PM, Martin Broerse <martin.broerse@gmail.com
> >
> wrote:
>
> > Hi Garren,
> >
> > Do you think setting this up with openwhisk is an option? How do others
> > solve this?
> >
> > - Martin
> >
> > On Sat, Nov 19, 2016 at 8:39 AM, Martin Broerse <
> martin.broerse@gmail.com>
> > wrote:
> >
> > > Hi,
> > >
> > > I an using e-mail addresses as usernames in the _user database. What is
> > > the best practice to create a password reset mail option on cloudant?
> > >
> > > - Martin
> > >
> >
>
Re: Password reset
Posted by Martin Broerse <in...@martinbroerse.com>.
Thanks Kyle! Will try to create it. If someone knows off an existing
solution please let me know.
- Martin
On Tue, Nov 29, 2016 at 5:46 PM, Kyle Snavely <kj...@gmail.com> wrote:
> If you have an email service setup (such that you can programatically send
> emails) a password reset flow isn't too complicated. Here is a simple
> overview that would get you started:
> - The (unauthenticated) user hits your API/backend with a password reset
> email request.
> - The API generates a random token which is both emailed to the user and
> stored by you.
> - Having received the token, the user hits another API endpoint you offer
> which accepts the token and the new password. If the token matches what you
> have stored, the API/backend then changes the users password.
>
> That is a simple overview and some best practices are outlined here:
> - https://www.owasp.org/index.php/Forgot_Password_Cheat_Sheet
>
> Information on updating a user's password in the _users database:
> -
> https://couchdb.readthedocs.io/en/latest/intro/security.
> html#password-changing
>
>
> I don't believe this can be accomplished from just a couchapp -- you will
> need some sort of backend that can access your user information and send
> emails (or SMS etc.). OpenWhisk is an option, especially if you plan on
> using other types of triggers/actions in the future, and want to design a
> ready-to-scale service. This would also be a fairly simple node or python
> server behavior.
>
>
> I'm not sure if this solution would work for you, but here's a couchdb auth
> lib written in node/express that makes reference to forgot-password-email
> flow, something to get started with:
> - https://github.com/twilson63/express-couchUser
>
> On Tue, Nov 29, 2016 at 10:19 AM, Martin Broerse <martin.broerse@gmail.com
> >
> wrote:
>
> > Is there some backend ready code that lets you mail password reset mails?
> >
> > - Martin
> >
> > On Tue, Nov 29, 2016 at 3:20 PM, Garren Smith <ga...@apache.org> wrote:
> >
> > > Hi Martin,
> > >
> > > Sorry I'm not sure. I am not a big fan of couchapps. I would rather
> have
> > a
> > > backend that can do that all for me.
> > >
> > > Cheers
> > > Garren
> > >
> > > On Tue, Nov 29, 2016 at 12:42 PM, Martin Broerse <
> > martin.broerse@gmail.com
> > > >
> > > wrote:
> > >
> > > > Hi Garren,
> > > >
> > > > Do you think setting this up with openwhisk is an option? How do
> others
> > > > solve this?
> > > >
> > > > - Martin
> > > >
> > > > On Sat, Nov 19, 2016 at 8:39 AM, Martin Broerse <
> > > martin.broerse@gmail.com>
> > > > wrote:
> > > >
> > > > > Hi,
> > > > >
> > > > > I an using e-mail addresses as usernames in the _user database.
> What
> > is
> > > > > the best practice to create a password reset mail option on
> cloudant?
> > > > >
> > > > > - Martin
> > > > >
> > > >
> > >
> >
>
Re: Password reset
Posted by Kyle Snavely <kj...@gmail.com>.
If you have an email service setup (such that you can programatically send
emails) a password reset flow isn't too complicated. Here is a simple
overview that would get you started:
- The (unauthenticated) user hits your API/backend with a password reset
email request.
- The API generates a random token which is both emailed to the user and
stored by you.
- Having received the token, the user hits another API endpoint you offer
which accepts the token and the new password. If the token matches what you
have stored, the API/backend then changes the users password.
That is a simple overview and some best practices are outlined here:
- https://www.owasp.org/index.php/Forgot_Password_Cheat_Sheet
Information on updating a user's password in the _users database:
-
https://couchdb.readthedocs.io/en/latest/intro/security.html#password-changing
I don't believe this can be accomplished from just a couchapp -- you will
need some sort of backend that can access your user information and send
emails (or SMS etc.). OpenWhisk is an option, especially if you plan on
using other types of triggers/actions in the future, and want to design a
ready-to-scale service. This would also be a fairly simple node or python
server behavior.
I'm not sure if this solution would work for you, but here's a couchdb auth
lib written in node/express that makes reference to forgot-password-email
flow, something to get started with:
- https://github.com/twilson63/express-couchUser
On Tue, Nov 29, 2016 at 10:19 AM, Martin Broerse <ma...@gmail.com>
wrote:
> Is there some backend ready code that lets you mail password reset mails?
>
> - Martin
>
> On Tue, Nov 29, 2016 at 3:20 PM, Garren Smith <ga...@apache.org> wrote:
>
> > Hi Martin,
> >
> > Sorry I'm not sure. I am not a big fan of couchapps. I would rather have
> a
> > backend that can do that all for me.
> >
> > Cheers
> > Garren
> >
> > On Tue, Nov 29, 2016 at 12:42 PM, Martin Broerse <
> martin.broerse@gmail.com
> > >
> > wrote:
> >
> > > Hi Garren,
> > >
> > > Do you think setting this up with openwhisk is an option? How do others
> > > solve this?
> > >
> > > - Martin
> > >
> > > On Sat, Nov 19, 2016 at 8:39 AM, Martin Broerse <
> > martin.broerse@gmail.com>
> > > wrote:
> > >
> > > > Hi,
> > > >
> > > > I an using e-mail addresses as usernames in the _user database. What
> is
> > > > the best practice to create a password reset mail option on cloudant?
> > > >
> > > > - Martin
> > > >
> > >
> >
>
Re: Password reset
Posted by Martin Broerse <ma...@gmail.com>.
Is there some backend ready code that lets you mail password reset mails?
- Martin
On Tue, Nov 29, 2016 at 3:20 PM, Garren Smith <ga...@apache.org> wrote:
> Hi Martin,
>
> Sorry I'm not sure. I am not a big fan of couchapps. I would rather have a
> backend that can do that all for me.
>
> Cheers
> Garren
>
> On Tue, Nov 29, 2016 at 12:42 PM, Martin Broerse <martin.broerse@gmail.com
> >
> wrote:
>
> > Hi Garren,
> >
> > Do you think setting this up with openwhisk is an option? How do others
> > solve this?
> >
> > - Martin
> >
> > On Sat, Nov 19, 2016 at 8:39 AM, Martin Broerse <
> martin.broerse@gmail.com>
> > wrote:
> >
> > > Hi,
> > >
> > > I an using e-mail addresses as usernames in the _user database. What is
> > > the best practice to create a password reset mail option on cloudant?
> > >
> > > - Martin
> > >
> >
>
Re: Password reset
Posted by Garren Smith <ga...@apache.org>.
Hi Martin,
Sorry I'm not sure. I am not a big fan of couchapps. I would rather have a
backend that can do that all for me.
Cheers
Garren
On Tue, Nov 29, 2016 at 12:42 PM, Martin Broerse <ma...@gmail.com>
wrote:
> Hi Garren,
>
> Do you think setting this up with openwhisk is an option? How do others
> solve this?
>
> - Martin
>
> On Sat, Nov 19, 2016 at 8:39 AM, Martin Broerse <ma...@gmail.com>
> wrote:
>
> > Hi,
> >
> > I an using e-mail addresses as usernames in the _user database. What is
> > the best practice to create a password reset mail option on cloudant?
> >
> > - Martin
> >
>
Re: Password reset
Posted by Martin Broerse <ma...@gmail.com>.
Hi Garren,
Do you think setting this up with openwhisk is an option? How do others
solve this?
- Martin
On Sat, Nov 19, 2016 at 8:39 AM, Martin Broerse <ma...@gmail.com>
wrote:
> Hi,
>
> I an using e-mail addresses as usernames in the _user database. What is
> the best practice to create a password reset mail option on cloudant?
>
> - Martin
>