Now I'm using payloadcms to create my web application.
You know, it supports built-in password recovery which can be used like this:
forgotPassword: {
generateEmailHTML: async ({ req, token, user }: any) => {
const url = `${process.env.NEXT_PUBLIC_SERVER_URL}/auth/reset-password?token=${token}`
console.log('URL', url)
// return `Hey ${user.email}, reset your password by clicking here: ${url}`
const email = SendVerifyEmailTemplate({ email: user.email, url })
const ReactDOMServer = (await import('react-dom/server')).default
return ReactDOMServer.renderToString(email);
},
},
It works okay but what I'm worrying about is an attacker can use this api for email bombing.
So I want to add some verification to this endpoint.
But there's no verification option for this built-in service so I guess I should make an endpoint by myself.
Therefore I need to know how to use forgotPassword function of payloadcms module.
I can import the function like this:
import { forgotPasswordOperation } from 'payload/operations';
If you've already encountered to this problem and solved it, I need your help.
Try this
const token = await payload.forgotPassword({
collection: 'users',
data: {
email: accountInfo.email,
},
disableEmail: true,
req: req
})
There is a forgotPassword function in BasePayload type. You can enable/disable email feature for you choice.