Not able to reset the password

default discord avatar
dev1800
8 months ago
10

I am trying to reset password of currently logged in user


const res = await server.get('/users/me')
  const token = res.data.token
  console.log({ token })
  await server.post('/users/reset-password', {
    token,
    password: newPassword,
  })

I am getting an error - token is valid or expired



Also if the http only cookie is already set do i still have to pass the token: '' in request body ?

  • discord user avatar
    jesschow
    Payload Team
    8 months ago

    Hey @dev1800 have you looked at the example here?

    https://payloadcms.com/docs/authentication/operations#reset-password

    And does this work if you pass:


      {
        data: {
          { 
            token,
            password: newPassword,
          }
        }
      }
  • default discord avatar
    dev1800
    8 months ago

    I have tried it but its not working, its showing an error "the token is invalid or expired"





    image.png
    code.png
  • discord user avatar
    jesschow
    Payload Team
    8 months ago

    try wrapping lines 10 & 11 in this object

    data: {...}

    , does that work?

  • default discord avatar
    dev1800
    8 months ago
    async function changePassword(input: ChangePasswordInputType) {
      const res = await server.get("/users/me")
      const token = res.data.token
      console.log({ token })
      return await server.post("/users/reset-password", {
        data: {
          token,
          password: input.newPassword,
        },
      })
    }


    like this ?

  • discord user avatar
    jesschow
    Payload Team
    8 months ago

    yep like that

  • default discord avatar
    dev1800
    8 months ago


    I am passing the JWT token here, do i have to pass any other token ?



    maybe the _verificationToken, how can i generate it ?

    image.png
  • discord user avatar
    jesschow
    Payload Team
    8 months ago

    Okay you can revert that change - your initial request looks correct.



    So I believe you have to pass the token that is generated when you first hit the

    /forgot-password

    route



    After a user has "forgotten" their password and a token is generated, that token can be used to send to the reset password operation along with a new password which will allow the user to reset their password securely.
  • default discord avatar
    dev1800
    8 months ago

    i wan't to reset the password - forgot and reset are two different APIs, i have my old password but wanted to change it now, how can i do that?



    the forgot password route send the token on email, can i skip this part ?



    "the Forgot Password operation will generate an email and send it to the respective email address with a link to reset their password." can i get this token in '../forgot-password' API's response ?

  • discord user avatar
    jesschow
    Payload Team
    8 months ago

    Yes you can disable the forgot password email by passing

    disableEmail: true

    and get the token from the API response - I'll dig into this further tonight to give you a clearer answer

    Screen_Shot_2023-01-11_at_5.42.05_PM.png
  • default discord avatar
    shisue
    2 weeks ago

    Any news on this issue?

Open the post
Continue the discussion in Discord
Like what we're doing?
Star us on GitHub!

Star

Connect with the Payload Community on Discord

Discord

online

Can't find what you're looking for?

Get help straight from the Payload team with an Enterprise License.