I found it very difficult to do password recovery, since I've never done it before.
So far I have web app which has:
Spring Security, where password is properly hashed and user roles implemented and work correctly.
The strategy hints research from stackoverflow:
- User hits forgot-password button, where he enters his email address.
- Dynamic link is sent to email address
- User opens link in email address
- Which redirects him to password reset page
What is not known:
- How to give link dynamic nature - methods of generations
- Link has a timeout - some questions were found here, but often involve custom handler or extension to spring security functionality
- A request mapping methods to respond to such dynamic link
- Temporary link storage methods - database, session etc. ?
As you can see the list is quite severe for a single question. So was hoping you might be able to provide guide resources to how to do it step by step. I was a little surprised I could not find much on this in Spring Security documentation. Thanks.
I am student so don't know really industry best practices for doing so especially in the context of Java, so I really hope anyone will be able to help.