feat: implement api for "forgot password?" flow (#14915)

Relates to https://github.com/coder/coder/issues/14232 This implements two endpoints (names subject to change): - `/api/v2/users/otp/request` - `/api/v2/users/otp/change-password`
2025-07-03 16:13:58 +00:00 · 2024-10-04 11:53:25 +01:00
parent 8785a51b09
commit 4369f2b4b5
25 changed files with 1007 additions and 4 deletions
--- a/coderd/coderd.go
+++ b/coderd/coderd.go
@ -248,6 +248,9 @@ type Options struct {

 	// IDPSync holds all configured values for syncing external IDP users into Coder.
 	IDPSync idpsync.IDPSync
+
+	// OneTimePasscodeValidityPeriod specifies how long a one time passcode should be valid for.
+	OneTimePasscodeValidityPeriod time.Duration
 }

 // @title Coder API
@ -387,6 +390,9 @@ func New(options *Options) *API {
 		v := schedule.NewAGPLUserQuietHoursScheduleStore()
 		options.UserQuietHoursScheduleStore.Store(&v)
 	}
+	if options.OneTimePasscodeValidityPeriod == 0 {
+		options.OneTimePasscodeValidityPeriod = 20 * time.Minute
+	}

 	if options.StatsBatcher == nil {
 		panic("developer error: options.StatsBatcher is nil")
@ -984,6 +990,8 @@ func New(options *Options) *API {
 				// This value is intentionally increased during tests.
 				r.Use(httpmw.RateLimit(options.LoginRateLimit, time.Minute))
 				r.Post("/login", api.postLogin)
+				r.Post("/otp/request", api.postRequestOneTimePasscode)
+				r.Post("/otp/change-password", api.postChangePasswordWithOneTimePasscode)
 				r.Route("/oauth2", func(r chi.Router) {
 					r.Route("/github", func(r chi.Router) {
 						r.Use(