To reset the password for an existing user account, the accounts.reset_password() method can be called from anywhere on your server.
Example Usage
index.server.js
import joystick, { accounts } from '@joystick.js/node';
joystick.app({
routes: {
'/admin/accounts/reset-password': {
method: 'POST',
handler: async (req = {}, res = {}) => {
const reset_password = await accounts.reset_password({
password: req?.body?.password,
token: req?.body?.token,
});
res.cookie('joystick_login_token', reset_password?.token, { httpOnly: true, secure: process.env.NODE_ENV !== 'development' });
res.cookie('joystick_login_token_expires_at', reset_password?.token_expires_at, { httpOnly: true, secure: process.env.NODE_ENV !== 'development' });
res.status(200).send({ user_id: reset_password?.user?._id });
},
},
},
})Above, we create an advanced route for a special /admin/accounts/reset-password endpoint that administrators can use to reset a user's password on their behalf (e.g., during a support session).
Of note, because we're implementing the raw server API for accounts.reset_password(), we need to manually set the joystick_login_token and joystick_login_token_expires_at cookies in order for the login after the reset to actually succeed (without this, a session is created in the database but not in the browser so for the user, it doesn't look like they logged in).
API
Definition
accounts.reset_password(options: object) => PromiseParameters
- options object required
-
An object defining the parameters for the user account to reset.
- password string required
- The new password for the existing user account.
- token string required
- The password reset token for the existing user account.