Currently there are two ways to login:
when logging in for the first time and pressing the sign in button:
App.Auth.signin({
email: '[email protected]'
password: 'abc'
})
-
Makes a request url: http://localhost:9000/api/users/authenticate data: "{ email: [email protected], password: abc}"
-
The server responds with "{ id: 1, api_key: 23495783457834}"
-
ember auth logs you in and stores api_key in the cookie
The next time you do a hard refresh the app Ember Auth automatically calls
App.Auth.signin({
api_key: api-key-from-cookie
})
-
Makes a request url: http://localhost:9000/api/users/authenticate data: "{ api_key: 23495783457834}"
-
and the server responds with "{ id: 1, api_key: 23495783457834}"
-
ember auth logs you in and updates the api key in the cookie if the one returned was different
SO, the authenticate endpoint can handle those two scenarios for logging in.
I think for password reset, we should treat the password reset code as a one-time api_key for logging in.
-
user hits url flesh.io/passwordreset/123-my-reset-code
-
client calls App.Auth.signin({ api_key: '123-my-reset-code' })
request url: http://localhost:9000/api/users/authenticate data: "{ api_key: 123-my-reset-code}"
-
Server recognises the key as a one time key and response with a new permanent api key "{ id: 1, api_key: 2343243885}"
-
ember auth logs you in and updates the api key in the cookie if the one returned was different and redirects you to your password reset page