Exploring the possibilities with the Firebase authentication solution for user registration and login in my Ionic application has led me to a hurdle in implementing the 'password reset flow'.
When a user forgets their password, the current flow initiates as shown below:
html:
<p class="forgot-text" ng-click="login.resetPassword()" ng-show="login.email">Forgot password?</p>
controller:
vm.resetPassword = function() {
authService.resetPassword(vm.email);
};
authService:
function resetPassword(email) {
auth.$resetPassword({
email: email
}).then(function() {
$location.path('/intro');
}).catch(function(error) {
alert(error);
});
}
In this process, a user receives an email with a temporary password. Conveniently, there is an isTemporaryPassword field within the authData object upon user login.
I make use of this in my authService:
function loginUser(email, password) {
auth.$authWithPassword({
email: email,
password: password
}).then(function(authData) {
if (authData.password.isTemporaryPassword) {
$location.path('/reset');
} else {
$location.path('/people');
}
}).catch(function(error) {
alert(error);
});
}
However, when the user lands on the /reset screen, I aim for them to simply input their new password twice for confirmation. Unfortunately, Firebase's $changePassword method mandates entry of not just the email and new password, but also the old password. This seems unnecessary as the user already provided their old (temporary) password to reach that point. The changePassword function from my authService looks like this:
function changePassword(email, oldPassword, newPassword) {
auth.$changePassword({
email: email,
oldPassword: oldPassword,
newPassword: newPassword
}).then(function() {
$location.path('/people');
}).catch(function(error) {
alert(error);
});
}
I could opt to make the user re-enter their temporary password, or store it in $rootScope, but I believe there must be a more efficient approach. Any suggestions?