I’m sharing my working notes on here to force myself to articulate my understanding as I build a GraphQL project. This isn’t a tutorial, sorry if you came here looking for one.

How it works: 2 key resolvers

requestReset

• Arguments

  • email

• Finds user with that email in db

• Creates random bytes as resetToken

• Creates a date as resetTokenExpiry

• Adds resetToken and resetTokenExpiry to the user in the db

• Sends an email to the user that has the token

resetPassword

• Arguments:

  • email

  • password

  • confirmPassword

  • resetToken

• Find the the user in the db with that resetToken

• Make sure resetTokenExpiry date hasn’t expired

• Hash the new password

• Update the user in the db

  • password : The new hashed password

  • resetToken : null

  • resetTokenExpiry : null

• Return the user

Here’s a look at the code for each:

How to test the Password Reset flow in GraphQL Playground

1. Run the requestReset mutation:

2. Check MailTrap (my dev test email inbox) or the database (I’m using postgres) to get the resetToken:

Example commands for postgres in Terminal:

3. Run the resetPassword mutation in GraphQL Playground:

If all went well, it should return the user.