Password Reset in GraphQL
I’m sharing my working notes on here to force myself to articulate my understanding as I build a GraphQL project. This isn’t a tutorial, sorry if you came here looking for one.
How it works: 2 key resolvers
requestReset
Arguments
email
Finds user with that
email
in dbCreates random bytes as
resetToken
Creates a date as
resetTokenExpiry
Adds
resetToken
andresetTokenExpiry
to the user in the dbSends an email to the user that has the token
resetPassword
Arguments:
email
password
confirmPassword
resetToken
Find the the user in the db with that
resetToken
Make sure
resetTokenExpiry
date hasn’t expiredHash the new
password
Update the user in the db
password
: The new hashed passwordresetToken
: nullresetTokenExpiry
: null
Return the user
Here’s a look at the code for each:
How to test the Password Reset flow in GraphQL Playground
1. Run the requestReset
mutation:
2. Check MailTrap (my dev test email inbox) or the database (I’m using postgres) to get the resetToken
:
Example commands for postgres in Terminal:
3. Run the resetPassword
mutation in GraphQL Playground:
If all went well, it should return the user.