Jacob Ruiz

View Original

Password Reset in GraphQL

I’m sharing my working notes on here to force myself to articulate my understanding as I build a GraphQL project. This isn’t a tutorial, sorry if you came here looking for one.

How it works: 2 key resolvers

requestReset

  • Arguments

    • email

  • Finds user with that email in db

  • Creates random bytes as resetToken

  • Creates a date as resetTokenExpiry

  • Adds resetToken and resetTokenExpiry to the user in the db

  • Sends an email to the user that has the token

resetPassword

  • Arguments:

    • email

    • password

    • confirmPassword

    • resetToken

  • Find the the user in the db with that resetToken

  • Make sure resetTokenExpiry date hasn’t expired

  • Hash the new password

  • Update the user in the db

    • password : The new hashed password

    • resetToken : null

    • resetTokenExpiry : null

  • Return the user

Here’s a look at the code for each:

See this content in the original post

How to test the Password Reset flow in GraphQL Playground

1. Run the requestReset mutation:

See this content in the original post

2. Check MailTrap (my dev test email inbox) or the database (I’m using postgres) to get the resetToken:

Example commands for postgres in Terminal:

See this content in the original post

3. Run the resetPassword mutation in GraphQL Playground:

See this content in the original post

If all went well, it should return the user.