Add ability to change password
-
Hi Dominic,
At first glance it sounds not so reasonable taking into account the name of the plugin, but it will be great to have an ability to change passwords using verification codes. This can cover password management using REST API in WordPress. Existing code can be potentially re-used, I mean password reset request flow, just changing e-mail templates.
Smth. like:
Endpoint: /wp-json/bdpwr/v1/change-password
— HTTP Verb: POST
— Parameters (all required):
— emailAnother approach is requesting an old_password in the request body, but, probably, need more activities (unfortunately I’m not php/Wordpress “geek”)
Thoughts?
-
Hey @tivalii,
Thanks for the message and ideas for the plugin!
Are you talking about a logged in user changing their password as part of an account management type case?
If so, I’m not sure about adding a change password with code for existing users, I’m not sure that makes sense as a use case (could be wrong!) and could possibly be achieved using the existing filters if anyone wanted to achieved that.
I do kind of like the idea of adding a password reset where you provide the existing password in the request, I think this is a common approach and could be worth looking at. I’ve added an issue for this on GitHub to potentially be added.
As a side note, assuming you have an authenticated user you can already update their password by calling the
/users/<user-id>or/users/meroute in the API:If you were going to implement something like resetting a password and providing the old password to validate the request, you’d maybe want to consider deactivating the ability to reset a password with the
/users/memethod, otherwise you’ve kind of got a loop hole in the process. Don’t know what you think to that point?
- The topic ‘Add ability to change password’ is closed to new replies.
