Simplify your stack and build anything. Or everything.
Build tomorrow’s web with a modern solution you truly own.
Code-based nature means you can build on top of it to power anything.
It’s time to take back your content infrastructure.

Not able to reset the password

default discord avatar
dev18002 years ago
10

I am trying to reset password of currently logged in user


const res = await server.get('/users/me')
  const token = res.data.token
  console.log({ token })
  await server.post('/users/reset-password', {
    token,
    password: newPassword,
  })

I am getting an error - token is valid or expired



Also if the http only cookie is already set do i still have to pass the token: '' in request body ?

  • default discord avatar
    jessrynkar2 years ago

    Hey

    @796632640202735616

    have you looked at the example here?

    https://payloadcms.com/docs/authentication/operations#reset-password

    And does this work if you pass:


      {
        data: {
          { 
            token,
            password: newPassword,
          }
        }
      }
  • default discord avatar
    dev18002 years ago

    I have tried it but its not working, its showing an error "the token is invalid or expired"





  • default discord avatar
    jessrynkar2 years ago

    try wrapping lines 10 & 11 in this object

    data: {...}

    , does that work?

  • default discord avatar
    dev18002 years ago
    async function changePassword(input: ChangePasswordInputType) {
      const res = await server.get("/users/me")
      const token = res.data.token
      console.log({ token })
      return await server.post("/users/reset-password", {
        data: {
          token,
          password: input.newPassword,
        },
      })
    }


    like this ?

  • default discord avatar
    jessrynkar2 years ago

    yep like that

  • default discord avatar
    dev18002 years ago


    I am passing the JWT token here, do i have to pass any other token ?



    maybe the _verificationToken, how can i generate it ?

  • default discord avatar
    jessrynkar2 years ago

    Okay you can revert that change - your initial request looks correct.



    So I believe you have to pass the token that is generated when you first hit the

    /forgot-password

    route



    After a user has "forgotten" their password and a token is generated, that token can be used to send to the reset password operation along with a new password which will allow the user to reset their password securely.
  • default discord avatar
    dev18002 years ago

    i wan't to reset the password - forgot and reset are two different APIs, i have my old password but wanted to change it now, how can i do that?



    the forgot password route send the token on email, can i skip this part ?



    "the Forgot Password operation will generate an email and send it to the respective email address with a link to reset their password." can i get this token in '../forgot-password' API's response ?

  • default discord avatar
    jessrynkar2 years ago

    Yes you can disable the forgot password email by passing

    disableEmail: true

    and get the token from the API response - I'll dig into this further tonight to give you a clearer answer

  • default discord avatar
    igormfelast year

    Any news on this issue?

Star on GitHub

Star

Chat on Discord

Discord

online

Can't find what you're looking for?

Get dedicated engineering support directly from the Payload team.