Change Password with Recovery Token
POST/company/auth/recovery_password
Endpoint to reset a user's password using the recovery token received via email.
Allows a user to set a new password after forgetting the previous one, validating the recovery token received by email.
Use Cases
- User completes the recovery form with a new password
- User submits the form data to the backend
- System updates the password and notifies of success
Process Flow
- User completes the recovery form with a new password
- Client sends POST with token, password, and password_confirm
- Server validates that passwords are present and not empty
- Server validates that password and password_confirm match
- Server searches for user by recovery token in the database
- If the token is valid, updates the password with bcrypt hash
- The recovery token is deleted (marked as used)
- Success HTML template is rendered
- If the token does not exist, renders an error
Security
- Password is hashed with bcrypt before saving
- Token is deleted after use (not reusable)
- New password must have a minimum of 8 characters
- It is validated that password and password_confirm match exactly
Request
Responses
- 200
- 400
- 404
Success HTML Page
Passwords do not match or invalid data.
Token not found