[Cosmo-dev] "Forgot Password" workflow

[Travis Vachon]

> Should the token expire after some time if it's not used?

Yeah, definitely, anyone have any thoughts on an appropriate default?  
I think this is something that should be configurable in  
cosmo.properties, any disagreements?

The way I'm implementing it users cannot use an expired token to  
change a password, but expired tokens will remain in the database  
until a user tries to use them. In the medium term we should probably  
come up with a pruning strategy, but I don't think that's necessarily  
needed for Preview. Thoughts?

> What happens if the users generates multiple tokens one after the  
> other?

An email will be sent for each token with a different "password  
recovery key" in each. At that point, either key will work for  
resetting the user's password.

Once a key has been used, that key will be deleted, but any other  
keys in the system that correspond to that user will still hang around.

-Travis