Forgot Password not working

[eeskildsen]

I haven't been able to get the Forgot Password flow working yet.

Reset token generation works. I wired up an email service that links to the reset URL: auth/reset-password?reset_password_token=TokenGoesHere.

The link takes the user to the Change password page. They enter a new password and click CHANGE PASSWORD.

Expectation: This posts the password to the restore-pass API endpoint in the demo .NET API. Actually, it posts it to reset-pass, which expects the user to be logged in.

I changed the config to point to /auth/restore-pass:

resetPass: {
    endpoint: '/auth/restore-pass',
    method: 'post',
},

Now the endpoint is hit. However, Nebular doesn't populate the RestorePasswordDTO's Email property, so password reset fails.

Steps To Reproduce

1. Clone the repo.
2. Follow the instructions in the .NET and Angular READMEs.
3. Run the .NET API.
4. Run the Angular app.
5. When prompted to log in, click Register.
6. Open Chrome DevTools.
7. Fill out and submit the form.
8. Navigate to the Network tab in DevTools and find the request-pass request.
9. Click the Preview tab and copy the value of the response's data property.
10. Navigate to http://localhost:4200/auth/reset-password?reset_password_token=TokenGoesHere
11. Fill out and submit the form.

Expected Behavior

The user's password is successfully reset.

Actual Behavior

• If reset-password's URL points to reset-password in the API, the API returns an auth error (HTTP 401) because the user isn't authenticated, since this is an anonymous "forgot password" request.
• If the URL points to restore-password, password reset fails because the Email property of RestorePasswordDTO isn't populated.

[eeskildsen]

Workaround here: akveo/nebular#340 (comment)