Activating the "password reset" feature of Apostrophe

← Previous: Accessing images inside related pages

Apostrophe includes a "password reset" feature for your users. This feature follows the usual pattern: the user must prove they control the email address associated with their account.

For security reasons, and because most sites don't have the apostrophe-email module configured yet, this option must be turned on for your site:

// in app.js
modules: {
  'apostrophe-email': {
    // See the nodemailer documentation, many
    // different transports are available, this one
    // matches how PHP does it on Linux servers
    nodemailer: {
      sendmail: true,
      newline: 'unix',
      path: '/usr/sbin/sendmail'
    }
  },
  'apostrophe-login': {
    passwordReset: true,
    // The default: you have 48 hours to use a password reset link,
    // once it is sent to you
    passwordResetHours: 48,
    email: {
      from: 'password-reset@example.com'
    }
  }
}

Once you enable the feature, the user will automatically see a "Reset My Password" link at the bottom of the login form at /login. If you don't see that link, make sure you haven't previously overridden our loginBase.html template.

Next: How do I enable site-wide full text search? →