Middleware for password reset emails using nodemailer

npm install password-reset-nodemailer
3 downloads in the last week
22 downloads in the last month


middleware for managing password reset emails

TODO: Update this README and example


var fs = require('fs');
var express = require('express');
var app = express.createServer();

app.use(require('sesame')()); // for sessions

var forgot = require('password-reset')({
    uri : 'http://localhost:8080/password_reset',
    from : 'password-robot@localhost',
    host : 'localhost', port : 25,
app.use(forgot.middleware);'/forgot', express.bodyParser(), function (req, res) {
    var email =;
    var reset = forgot(email, function (err) {
        if (err) res.end('Error sending message: ' + err)
        else res.end('Check your inbox for a password reset message.')

    reset.on('request', function (req_, res_) {
        req_.session.reset = { email : email, id : };
        fs.createReadStream(__dirname + '/forgot.html').pipe(res_);
});'/reset', express.bodyParser(), function (req, res) {
    if (!req.session.reset) return res.end('reset token not set');

    var password = req.body.password;
    var confirm = req.body.confirm;
    if (password !== confirm) return res.end('passwords do not match');

    // update the user db here

    delete req.session.reset;
    res.end('password reset');

console.log('Listening on :8080');


var forgot = require('password-reset')(opts)

Create a new password reset session forgot with some options opts.

opts.uri must be the location of the password reset route, such as 'http://localhost:8080/_password_reset'. A query string is appended to opts.uri with a unique one-time hash.

opts.body(uri) can be a function that takes the password reset link uri and returns the email body as a string.

The rest of the options are passed directly to node-pony.

When the user clicks on the uri link forgot emits a "request", req, res event.

var reset = forgot(email, cb)

Send a password reset email to the email address. cb(err) fires when the email has been sent.

forgot.middleware(req, res, next)

Use this middleware function to intercept requests on the opts.uri.


Prevent a session from being used again. Call this after you have successfully reset the password.


Pass this value to forgot.expire(id).


reset.on('request', function (req, res) { ... })

Emitted when the user clicks on the password link from the email.

reset.on('failure', function (err) { ... })

Emitted when an error occurs sending email. You can also listen for this event in forgot()'s callback.

reset.on('success', function () {})

Emitted when an email is successfully sent.


With npm do:

npm install password-reset



credits to

Substack for the original module


With npm, do:

npm test
npm loves you