What is the best approach to have forgot password function in grails?

725 views Asked by At

I read some documents in grails and related article but I'm confused which approach is the best to have forgot password in login page. I know I can use Spring Security UI Plugin or Acegi plugin. But I'm not sure which way is the best.

1

There are 1 answers

4
Burt Beckwith On

Please don't use the Acegi plugin - it's been abandoned for a long time and replaced by the http://grails.org/plugin/spring-security-core plugin that the UI plugin extends.

I think that the forgot-password workflow in the UI plugin is pretty good. You have to have already stored the user's email, so when they're authenticated they can start the process without providing an email address to send to. The plugin generates a random unique token and stores it in the database, and sends an email with that code. When the user clicks the link in the email, they can then choose a new password.

If you don't want to use the whole UI plugin, feel free to borrow that part of the code.