Add password recovery function.

[digisomni]

GET /ap1/v1/account/{{accountId}}/password/reset
Parameters:

(JSON) email: {{account's email}}

This request will submit a message to the email specified on the account's file if the passed in parameter of the email matches. This email will contain a clickable link with a verification code as a query parameter. This verification code will have a configurable expiration (configuration is done via iamus.json), it will default to 24 hours.

POST /api/v1/account/{accountId}/password/reset
Parameters:

(query) v: {{verification code}}

If the verification code is correct, this request will reset the user's password to a randomly generated one. It will then submit a message to the email specified on the account's file with the newly generated password. The verification code will be deleted from the server now that it has been used.

[Misterblue]

Since the reset password request will normally be done from a dashboard page, the initiating request could be a POST. Thus a "POST /api/v1/account/password/reset" would accept a "{"email": "[email protected]"}". This would cause sending an email to that email address (if it exists for an account) that would contain the verification link. This would additionally create a request entity so the password reset request is remembered and can timeout.
The verification request must be a GET as it will be clicked on in the email. It should be a "GET /api/v1/account/password/reset?a=accountId&v=verificationCode". This would redirect the user to a dashboard page for changing the password. This redirect would pass the accountId and verificationCode (or possibly create a new verification code for security). The dashboard page would confirm the verification code and the fact that a password reset request was outstanding before accepting the new password.