A user also has the possibility to reset his password. However, for this to work you must have your mail settings configured correctly. Find out how to do that in the „Email settings section.
To test things out visit
/user/password/forgot in the browser and enter the email address of the account. After submission, you will receive an email with a link. The link includes a token that is valid for 60 minutes. Clicking on the link will bring you to a form where you can create a new password.
If you do not want the possibility for a user to reset her password, first delete the
/client/pages/password directory. Afterwards, you can (but don’t have to) navigate to
/client/store/auth/authActions.tsx and delete the functions
resetPassword. For security reasons you might also want to deny access to the backend route from the frontend to the API. To accomplish this, open
/config/cors.php and delete
"password/reset" from the