I am using play framework and Java to build an web application. I have a reset password feature in my application. I do not want to generate temporary passwords and email them to the users. Instead, I want to generate temporary URL that is valid for x days and email it to the user where he/she an use it to reset his/her password. I am not sure how I can implement that in Play Framework, or even if it is possible in Play.
[Update] I want to know how to add the temporary URL to my application routes file. I am not even sure if this the right place add the temporary URL. How to generate the link, I believe I know how to implement that, but how to add it to my application, I am not sure if my question is clear enough, sorry about that
Simple, add two fields stored in DB to your User model:
String token
andDate tokenValidityDate
.When user requests password change set new
token
to database which is perfectly unique ie.123,6svv376d.foo.bar.loooong.hash
where123
is ID of user and rest after comma is random hash calculated with application secret. intokenValidityDate
field add the final date when token is valid let's say now + 1 hour.then generate an absolute link i.e.:
http://domain.com/password-reset/123,6svv376d.foo.bar.loooong.hash
to send in email.Ater receiving such request you can:
tokenValidityDate
isn't less the now -> display form for setting new pass and process as usually.Your token expired, start again
, also settoken
andtokenValidityDate
for this user to null.