Implement the resetPasswordUsingToken Feature

[rishabhpoddar]

• Functions implemented by this feature.
• API implemented by this feature.
• Should have its own config in the init function as explained in this comment
• There will be default validators for email and password as mentioned in this comment

[rishabhpoddar]

Functions exposed by this feature

createResetPasswordToken(userId: string) => Promise<string>
THROWS:
- {errType: "UNKNOWN_USER_ID_ERROR"}
- {errType: "GENERAL_ERROR", message: string}

One side note: We want to take the userId in and not the email because, we do not want to have a pause in the core if the email doesn't exist since if we have it there, then the output would also need to generate a fake token.. which is strange.

---

resetPasswordUsingToken(token: string, newPassword: string) => Promise<void>
THROWS:
- {errType: "RESET_PASSWORD_INVALID_TOKEN_ERROR"}
- {errType: "GENERAL_ERROR", message: string}

[rishabhpoddar]

APIs implemented by this feature

Send reset password email

https://github.com/supertokens/frontend-driver-interface/blob/master/v1.3.0.md#send-reset-password-email

1. Call the email validator
   • If there is an error, then convert that to a FIELD_ERROR and send it to the user.
2. Get userId from email using getUserByEmail
   • If undefined, then pause for a random time between 300-700 and return OK
3. Call createResetPasswordToken from the core
   • if UNKNOWN_USER_ID_ERROR, then pause for a random time between 300-700 and return OK
4. Generate the reset password link
   • If the user has defined getResetPasswordURL, then use that
   • If not, then use the appInfo information
5. Send API response
6. If the user has defined createAndSendCustomEmail, call that using await and then send "OK"
7. Call our API with email, appName (from appInfo) and the password reset link. Our API will send the email to the user using [email protected]. If the user has defined the logoFullURL (from appInfo) then send that as well: Related issue: Call SuperTokens API to send the password reset email #38

Reset password API

https://github.com/supertokens/frontend-driver-interface/blob/master/v1.3.0.md#reset-password

1. Call the password validators on the input password
   • If there is an error, then convert that to a FIELD_ERROR and send it to the user.
2. Call the resetPasswordUsingToken function to the core
   • If the error is RESET_PASSWORD_INVALID_TOKEN_ERROR, then send the same to the frontend
3. Send OK to the frontend

[rishabhpoddar]

Config given to init

resetPasswordUsingTokenFeature: {
   disableDefaultImplementation: true,
   getResetPasswordURL: (user: {id: string, email: string}) => Promise<string> // should return the URL without the token
   createAndSendCustomEmail: (user: {id: string, email: string}, passwordResetURLWithToken) => Promise<void>,
}

• We use the password validator from the sign up feature.
• The getResetPasswordURL should return a full URL without any query params. Anything else must throw an error.