Upd: Email service for forgot password added

[arnabsen1729]

Fixed: #14
Link to the org repo issue: dsc-x/omg-frames#2

Description

Just a rough idea of the system

I will go through the stages:

User Clicks on Forgot Password

The user will be redirected to a form where they will be asked to enter the email address with which they registered. After submitting the form, a POST request will be sent to the endpoint /send-reset-mail and will have the email in the body of the request.

method: POST 
endpoint: /send-reset-mail
body:

{
  "email": "string"
}

In Backend when the request is made

• The email in the body is checked if it exists in the database.
• If it does then it sends an email with the reset password URL link.
• The link contains the token which is generated using a secret key and contains the user_id as the payload. This token will be needed in the next stage

User clicks on the link in the mail

They will be redirected to the reset password page. Now when the user enters the new password and confirms it and presses submit. Another POST request will be sent to /update-password

method: POST
endpoint: /update-password
body:

{
  "password": "string",
  "token": "string"
}

The token has to be extracted from the URL. Here is a code snippet of how it can be achieved

const params = new URLSearchParams(window.location.search)
params.get('token')

so if the URL was https://iwasat.events/reset.html?token=abc the output will be abc i.e the token we need.

In Backend when the request is made

• Token is validated and checked if it is past expiry.
• If everything is okay, the password of the user withuser_id extracted from the token payload is updated.

If the response is 200 Ok then the frontend should redirect it to login page.

Minor changes:

• Readme file updated with the new domain
• Creating a new utils.py which contains all the utility functions like encoding jwt, or sending mail
• Small changes to improve code quality