CyberWolves

Posted on May 23, 2021 • Updated on May 24, 2021

Forgot password & Password reset flow in node.js

#node #mongodb #javascript

Hi guys today we gonna implement password reset via email in node.js. If you user forgot there password, we send an link to you user email account. From that link user can add there new password. If you just wanna know how this concept works, you can start from Model section .

So let's start coding...

Demo Video

Project Github Link

App Overview :
Project Structure

Following table shows the overview of Rest APIs that exported

Methods	Urls	Actions
POST	/users	create user
POST	/password-reset	Send password reset link
POST	/password-reset/:userId/:token	Reset user password

create Node.js App

$ mkdir node-email-password-reset
$ cd node-email-password-reset
$ npm init --yes
$ npm install express mongoose dotenv nodemailer joi

Express : Express is minimal and flexible Node.js web applicaton framework.
Mongoose : Mongoose is an Object Data Modeling (ODM) library for MongoDB and Node.js.
Nodemailer : Nodemailer allow us to send email.
Joi : Joi is an object schema description language and validator for javascript objects.
Dotenv : It loads environment variables from a .env file.

package.json

{
  "name": "node-email-password-reset",
  "version": "1.0.0",
  "description": "",
  "main": "index.js",
  "scripts": {
    "test": "echo \"Error: no test specified\" && exit 1"
  },
  "keywords": [],
  "author": "",
  "license": "ISC",
  "dependencies": {
    "dotenv": "^9.0.2",
    "express": "^4.17.1",
    "joi": "^17.4.0",
    "mongoose": "^5.12.10",
    "nodemailer": "^6.6.0"
  }
}

Setup Express Web Server
In the root folder, let's create index.js file :

require("dotenv").config();
const express = require("express");
const app = express();

app.use(express.json());

const port = process.env.PORT || 8080;
app.listen(port, () => console.log(`Listening on port ${port}...`));

Configure Environment Variables
In the root folder, let's create .env file :

DB = // mongodb url
HOST = // email host
USER = // email id
PASS = // email password
SERVICE = // email service
BASE_URL = "http://localhost:8080/api"

Configure MongoDB Database
In the root folder, let's create db.js file :

const mongoose = require("mongoose");

module.exports = connection = async () => {
    try {
        const connectionParams = {
            useNewUrlParser: true,
            useCreateIndex: true,
            useUnifiedTopology: true,
        };
        await mongoose.connect(process.env.DB, connectionParams);
        console.log("connected to database.");
    } catch (error) {
        console.log(error, "could not connect database.");
    }
};

import db.js in index.js and call it :

//....
const connection = require("./db");
const express = require("express");
const app = express();

connection();

app.use(express.json());
//....

Define The Models
In the root directory create models folder.
models/user.js like this :

const mongoose = require("mongoose");
const Schema = mongoose.Schema;
const Joi = require("joi");

const userSchema = new Schema({
    name: {
        type: String,
        required: true,
    },
    email: {
        type: String,
        required: true,
    },
    password: {
        type: String,
        required: true,
    },
});

const User = mongoose.model("user", userSchema);

const validate = (user) => {
    const schema = Joi.object({
        name: Joi.string().required(),
        email: Joi.string().email().required(),
        password: Joi.string().required(),
    });
    return schema.validate(user);
};

module.exports = { User, validate };

models/token.js file like this :

const mongoose = require("mongoose");
const Schema = mongoose.Schema;

const tokenSchema = new Schema({
    userId: {
        type: Schema.Types.ObjectId,
        required: true,
        ref: "user",
    },
    token: {
        type: String,
        required: true,
    },
    createdAt: {
        type: Date,
        default: Date.now,
        expires: 3600,
    },
});

module.exports = mongoose.model("token", tokenSchema);

Configure The Email Transporter
In the root directory create utils folder.
utils/sendEmail.js file like this :

const nodemailer = require("nodemailer");

const sendEmail = async (email, subject, text) => {
    try {
        const transporter = nodemailer.createTransport({
            host: process.env.HOST,
            service: process.env.SERVICE,
            port: 587,
            secure: true,
            auth: {
                user: process.env.USER,
                pass: process.env.PASS,
            },
        });

        await transporter.sendMail({
            from: process.env.USER,
            to: email,
            subject: subject,
            text: text,
        });

        console.log("email sent sucessfully");
    } catch (error) {
        console.log(error, "email not sent");
    }
};

module.exports = sendEmail;

Define The Routes
In the root directory create routes folder.
routes/users.js file like this :

const { User, validate } = require("../models/user");
const express = require("express");
const router = express.Router();

router.post("/", async (req, res) => {
    try {
        const { error } = validate(req.body);
        if (error) return res.status(400).send(error.details[0].message);

        const user = await new User(req.body).save();

        res.send(user);
    } catch (error) {
        res.send("An error occured");
        console.log(error);
    }
});

module.exports = router;

routes/passwordReset.js file like this :

const { User } = require("../models/user");
const Token = require("../models/token");
const sendEmail = require("../utils/sendEmail");
const crypto = require("crypto");
const Joi = require("joi");
const express = require("express");
const router = express.Router();

router.post("/", async (req, res) => {
    try {
        const schema = Joi.object({ email: Joi.string().email().required() });
        const { error } = schema.validate(req.body);
        if (error) return res.status(400).send(error.details[0].message);

        const user = await User.findOne({ email: req.body.email });
        if (!user)
            return res.status(400).send("user with given email doesn't exist");

        let token = await Token.findOne({ userId: user._id });
        if (!token) {
            token = await new Token({
                userId: user._id,
                token: crypto.randomBytes(32).toString("hex"),
            }).save();
        }

        const link = `${process.env.BASE_URL}/password-reset/${user._id}/${token.token}`;
        await sendEmail(user.email, "Password reset", link);

        res.send("password reset link sent to your email account");
    } catch (error) {
        res.send("An error occured");
        console.log(error);
    }
});

router.post("/:userId/:token", async (req, res) => {
    try {
        const schema = Joi.object({ password: Joi.string().required() });
        const { error } = schema.validate(req.body);
        if (error) return res.status(400).send(error.details[0].message);

        const user = await User.findById(req.params.userId);
        if (!user) return res.status(400).send("invalid link or expired");

        const token = await Token.findOne({
            userId: user._id,
            token: req.params.token,
        });
        if (!token) return res.status(400).send("Invalid link or expired");

        user.password = req.body.password;
        await user.save();
        await token.delete();

        res.send("password reset sucessfully.");
    } catch (error) {
        res.send("An error occured");
        console.log(error);
    }
});

module.exports = router;

If you are using this routes in front-end, you might need another route in passwordReset.js. We need to show password reset form only if the link is valid. So, we need a GET route which will validate the link and show password reset form.

Import routes in index.js

//...
const passwordReset = require("./routes/passwordReset");
const users = require("./routes/users");
const connection = require("./db");
//.....

app.use(express.json());

app.use("/api/users", users);
app.use("/api/password-reset", passwordReset);
//....

That's it, test the APIs in postman, If you found any mistakes or making code better let me know in comment. For better understanding please watch Youtube video. Subscribe to my Youtube channel to get more knowledgeable content every week.

Arigato gozaimasu.. 🙂

Top comments (22)

Mwafrika Josué • Mar 27 '22

Thank you for this amazing tutorial, After watching it carefully I noticed a small bug that you can work on later. After reseting the password, The plain password is being kept in the database. I think you should concider encrypting the password before saving to the database after reseting it

subhash-oos • Dec 6 '22

no you are wrong thats not a bug please try to see this schema we have no need to encryptconst express =require("express") const mongoose=require("mongoose") const bcrypt = require('bcryptjs'); const schema=new mongoose.Schema({ firstName: { type: String, // required: true, }, lastName: { type: String, // required: true, }, image: { type: String, }, email:{ type:String, required: true, }, status: { type: String, enum: ['Pending', 'Active'], default: 'Pending' }, confirmationCode: { type: String, unique: true }, password:{ type:String, required: true, }, phone:{ type:String, // required: true, }, createdAt: { type: Date, default: Date.now, }, phoneOtp:String }, { timestamps: true } ) schema.pre('save', async function(next) { try { // check method of registration const user = this; if (!user.isModified('password')) next(); // generate salt const salt = await bcrypt.genSalt(10); // hash the password const hashedPassword = await bcrypt.hash(this.password, salt); // replace plain text password with hashed password this.password = hashedPassword; next(); } catch (error) { return next(error); } }); schema.methods.matchPassword = async function (password) { console.log(password) try { return await bcrypt.compare(password, this.password); } catch (error) { throw new Error(error); } }; const mens=new mongoose.model("APJ_Ecomusers",schema) module.exports=mens

StylesPRiley • May 20 '22

Getting this error message:
Error: connect ECONNREFUSED 127.0.0.1:587
at TCPConnectWrap.afterConnect as oncomplete {
errno: -4078,
code: 'ESOCKET',
syscall: 'connect',
address: '127.0.0.1',
port: 587,
command: 'CONN'
} email not sent

Tarun Purohit • Mar 10 '23

@cyberwolves can u show the solution for this error

Tarun Purohit • Mar 10 '23

How to solve this error.

Tarun Purohit • Mar 10 '23

@stylespriley if u got the solution please share. Facing the same issue here

Md Irshad • Aug 6 '21

Awesome Article I am new to this Web Development. Just by reading this i was able to understand the flow. Thank You. Keep writing such articles.

CyberWolves • Aug 6 '21

Thank you, subscribe to my Youtube channel youtube.com/channel/UCxyo2h1uAuMT1...

Adesoji1 • Nov 28 '23

Thanks, i did something similar to this using react,postgres and express.js

yayan • Nov 27 '22

nice share gan

iam from indonesia

mohit1607 • Nov 17 '22

Arigato gozaimasu.. senpai

kyzsu • Sep 29 '22

thanks mate, works fine!

Chadrack kyungu • Sep 19 '22

Thank you so much your blogs are amazing

abdul kalam • Oct 30 '21

UnhandledPromiseRejectionWarning: CastError: Cast to ObjectId failed for value "undefined" (type string) at path "_id" for model "User"
please help me

okumujustine • Sep 18 '21

Nice

Brave Normakoh • Aug 28 '21

This is really helpful. Thanks.

Himanshupal0001 • Apr 5 '23

Can you provide the music name that you used in your video.

StylesPRiley • May 19 '22

Can you please explain the .env variables?
HOST = // email host
USER = // email id
PASS = // email password
SERVICE = // email service
BASE_URL = "localhost:8080/api"