Update password
anikarni opened this issue · comments
This story if for us to actually update the password when the user submitted the recovery code and new password.
Acceptance Criteria
Given I changed my password with the recovery code, when I log out, I should be able to log back in and see emails with the new password.
Given I changed my password with the recovery code, when I log out, I should not be able to login with my old password.
In Scope
- Decrypt secret with recovery code
- Encrypt secret with new password
- Update password in Webapp when login in with recovery code (already implemented)
Out of Scope
- Does not include updating the recovery code
- Does not include redirecting on success