Password Reset
Complete password reset by providing verification code and setting a new secure password
PASSWORD UPDATE
Password Reset
Complete the password reset process by verifying the reset code and setting a new secure password for your account.
Step 2 of Password Reset
Use the 6-digit code from your email along with a new password to complete the reset process.
Overview
The resetPassword mutation completes the password reset process by validating the reset code sent to the user's email and setting a new password. This ensures that only the account owner can change the password.
GraphQL Schema
mutation {
resetPassword(
email: String!
code: String!
newPassword: String!
): String!
}Parameters
String
Email address of the account being reset. Must match the email used in forgot password request.
code
RequiredString
6-digit reset code received via email from the forgot password request.
newPassword
RequiredString
New secure password. Should meet application's password strength requirements.
Return Values
SuccessPassword has been successfully reset. User can now sign in with the new password.
FailedPassword reset failed. Reset code may be incorrect, expired, or new password doesn't meet requirements.
Example Usage
Complete Password Reset
mutation ResetPassword {
resetPassword(
email: "demouser@nyyu.io"
code: "123456"
newPassword: "NewS3cur3P@ssw0rd!"
)
}Response:
{
"data": {
"resetPassword": "Success"
}
}Password Updated
Your password has been successfully reset. You can now sign in with your new password.
Failed Reset
{
"data": {
"resetPassword": "Failed"
}
}Reset Failed
Password reset failed. The code may be incorrect or expired. Please request a new reset code.
Implementation Example
Frontend Integration
async function handleResetPassword(email, code, newPassword) {
// Validate password strength first
if (!validatePasswordStrength(newPassword)) {
showError("Password must be at least 8 characters with uppercase, lowercase, numbers, and special characters.");
return;
}
try {
const result = await graphqlClient.mutate({
mutation: gql`
mutation ResetPassword($email: String!, $code: String!, $newPassword: String!) {
resetPassword(email: $email, code: $code, newPassword: $newPassword)
}
`,
variables: {
email: email,
code: code,
newPassword: newPassword
}
});
const response = result.data.resetPassword;
if (response === "Success") {
// Clear stored reset email
sessionStorage.removeItem('resetEmail');
// Show success message
showSuccess("Password reset successfully!");
// Redirect to sign-in page
setTimeout(() => {
router.push('/signin');
showInfo("Please sign in with your new password.");
}, 2000);
} else {
// Handle failure
showError("Failed to reset password. Please check your code and try again.");
// Offer to resend code
showDialog({
title: "Reset Failed",
message: "The reset code may be incorrect or expired.",
actions: [
{
label: "Try Again",
onClick: () => clearCodeInput()
},
{
label: "Request New Code",
onClick: () => router.push('/forgot-password')
}
]
});
}
} catch (error) {
console.error("Password reset failed:", error);
showError("An error occurred. Please try again later.");
}
}
// Password strength validation
function validatePasswordStrength(password) {
const minLength = 8;
const hasUpperCase = /[A-Z]/.test(password);
const hasLowerCase = /[a-z]/.test(password);
const hasNumbers = /\d/.test(password);
const hasSpecialChar = /[!@#$%^&*(),.?":{}|<>]/.test(password);
return password.length >= minLength &&
hasUpperCase &&
hasLowerCase &&
hasNumbers &&
hasSpecialChar;
}
// Real-time password strength indicator
function updatePasswordStrengthIndicator(password) {
const strength = calculatePasswordStrength(password);
const indicators = {
weak: { color: 'red', text: 'Weak' },
medium: { color: 'orange', text: 'Medium' },
strong: { color: 'green', text: 'Strong' }
};
updateUI(indicators[strength]);
}Use Cases
Complete Password Recovery
Final step in regaining account access after forgetting password
Security Update
Changing password after suspected security breach or compromise
Routine Change
Regular password rotation as part of security best practices
Account Recovery
Regaining access to account after being locked out
Best Practices
🔐 Password Strength
Enforce strong password requirements: minimum 8 characters with uppercase, lowercase, numbers, and special characters
📊 Strength Indicator
Display real-time password strength indicator to guide users in creating secure passwords
👁️ Show/Hide Toggle
Provide password visibility toggle so users can verify they entered it correctly
✅ Confirm Password
Require password confirmation field to prevent typos and ensure user knows their new password
🔄 Clear Instructions
Provide clear feedback on password requirements and validation errors
🎯 Auto-Redirect
Automatically redirect to sign-in page after successful reset with clear instructions
Password Requirements
Recommended Password Criteria
Minimum Length: At least 8 characters (12+ recommended)
Uppercase Letters: At least one (A-Z)
Lowercase Letters: At least one (a-z)
Numbers: At least one digit (0-9)
Special Characters: At least one (!@#$%^&*)
Avoid: Common passwords, personal info, sequential patterns
Security Considerations
Email Notification: Send confirmation email about password change for security awareness
Session Invalidation: Automatically log out all active sessions when password is reset
Code Expiration: Reset codes expire and become invalid after use
Audit Trail: Log password reset events for security monitoring