Reset Password

To reset the password for an existing user account, the accounts.reset_password() method can be called from anywhere on your server:


import joystick, { accounts } from '@joystick.js/node';{
  routes: {
    '/admin/accounts/reset-password': {
      method: 'POST',
      handler: async (req = {}, res = {}) => {
        const reset_password = await accounts.reset_password({
          password: req?.body?.password,
          token: req?.body?.token,
        res.cookie('joystick_login_token', reset_password?.token, { httpOnly: true, secure: process.env.NODE_ENV !== 'development' });
        res.cookie('joystick_login_token_expires_at', reset_password?.token_expires_at, { httpOnly: true, secure: process.env.NODE_ENV !== 'development' });
        res.status(200).send({ user_id: reset_password?.user?._id });

Above, we create an advanced route for a special /admin/accounts/reset-password endpoint that administrators can use to reset a user's password on their behalf (e.g., during a support session).

Of note, because we're implementing the raw server API for accounts.reset_password(), we need to manually set the joystick_login_token and joystick_login_token_expires_at cookies in order for the login after the reset to actually succeed (without this, a session is created in the database but not in the browser so for the user, it doesn't look like they logged in).

API Reference

Function API

Function API

accounts.reset_password(options: object) => Promise;


  • options object

    An object defining the parameters for the user account to reset.

    • password string Required

      A string defining the new password for the existing user account.

    • token string Required

      A string defining the password reset token for the existing user account.

On This Page