Reset Password (api/resetPassword.ts)

Endpoint Overview

Handles password reset functionality by updating a user's password with a new hashed password. Works in conjunction with the email service for the complete password reset flow.

Request Handlers

POST

• Body:

  {
    userId: number;
    newPassword: string;
  }
  

• Response:

  {
    message: string; // "Password reset successful" on success
  }
  

• Status: 200 OK, 405 Method Not Allowed, 500 Internal Server Error

Error Handling

try {
  const hashedPassword = await bcrypt.hash(newPassword, 12);
  const result = await prismadb.users.update({...});
  res.status(200).json({ message: 'Password reset successful' });
} catch (error) {
  console.error('Error resetting password:', error);
  res.status(500).json({ message: 'Internal Server Error' });
}

Common errors: - 405: Non-POST request method - 500: Database update failure - 500: Password hashing error - 400: Invalid user ID

Usage Example

const response = await fetch("/api/resetPassword", {
  method: "POST",
  headers: { 
    "Content-Type": "application/json"
  },
  body: JSON.stringify({ 
    userId: 123,
    newPassword: "newSecurePassword123"
  })
});

const result = await response.json();
if (result.message === 'Password reset successful') {
  // Handle success
}

Implementation Details

• Uses bcrypt for password hashing (12 rounds)
• Updates password in database
• Validates user existence
• Uses Prisma for database operations
• Handles error logging
• Returns success message

Pages/Components Referenced By

• Reset Password Page - Password reset form
• Email API - Reset token generation
• Sign In Component - Reset password flow

Notes

• Rate limited to prevent abuse
• Password hashed before storage
• No password validation (handled by frontend)
• Requires valid user ID
• Part of password reset flow
• Used after email verification
• Logs errors for monitoring