Password reset
A user also has the possibility to reset his password. However, for this to work you must have your mail settings configured correctly. Find out how to do that in the „Email settings section.
To test things out visit /user/password/forgot
in the browser and enter the email address of the account. After submission, you will receive an email with a link. The link includes a token that is valid for 60 minutes. Clicking on the link will bring you to a form where you can create a new password.
If you do not want the possibility for a user to reset her password, first delete the /client/pages/password
directory. Afterwards, you can (but don’t have to) navigate to /client/store/auth/authActions.tsx
and delete the functions forgotPassword
and resetPassword
. For security reasons you might also want to deny access to the backend route from the frontend to the API. To accomplish this, open /config/cors.php
and delete "password/email"
and "password/reset"
from the paths
array.