Missing Email Verification & Password Reset - Security Risk

[princexpoddar]

Issue:
lack of essential email-based security features, making it vulnerable to fake accounts and poor user experience when passwords are forgotten.

Current Problems:

• No email verification for new accounts (fake emails possible)
• No password reset functionality (users must create new accounts)
• No email service integration
• Poor user experience for forgotten passwords

Security Risks:

• Users can register with fake/non-existent emails
• No way to recover forgotten passwords
• Potential for spam/fake accounts
• Users abandon accounts when they forget passwords

Fix:

• Email Verification System:

  • Add email verification on signup
  • Create verification email templates
  • Add verification status to user accounts
  • Implement resend verification feature

• Password Reset System:

  • Add "Forgot Password" link on login page
  • Create password reset API endpoints
  • Implement secure reset token system
  • Add password reset email templates

• Email Service Integration:

  • Integrate with email service (Nodemailer/SendGrid)
  • Configure email templates
  • Handle email delivery errors

• Implementation Steps:

1. Set up email service (Nodemailer/SendGrid)
2. Create email templates
3. Add verification/reset API endpoints
4. Create frontend forms
5. Update user schema with verification fields
6. Test email delivery and token validation

i would like to work on this issue...please assign this to me under GSSoC

[ThakurAbhay9457]

@princexpoddar Assigned to you

[Kushanware]

I would like to work on this issue. Please assign it to me under GSSoC’25.
@ThakurAbhay9457