Forgot Password possibilities / Best practices

[quantuminformation]

I opened this issue gothinkster/realworld#419 but would like to think about the best Svelte way to implement this on the front end. Since the backend would need an

• extra API for storing the change password email link details
• and changing the password with email link verification

this isn't something that would happen soon officially on Real-World, but I do want to implement it on my own Svelte apps.

So here are my thoughts.

• A route called /changepassword which contains an email input. Once it is submitted the same page tells the user to check their email and click on a link. The user can then exit this screen.
• Once the user has the email it takes them to another route, say /resetpassword where the user is given a from with a password input and submit. The form is only activated if the data (PAD password authorisation data) in the link given in the email matches certain data in the backend and the password is only changed if the new password along with the PAD in a separate new request.

Thoughts?

I might go ahead and implement this on my fork with a back backend for this if someone is interested.

[Conduitry]

If this isn't something that's supported by the official realworld backend, I don't think it makes sense to consider for our frontend.