That’s all perfect! Being able to update the user with an already hashed password is exactly what i was missing.
And you are right about the setWithQuery method: the possibility of returning multiple records is a real risk and I don’t see why a developper would want to change multiple basic users infos at once. getWithQuery followed by updateis enough.
You are also right about the fact I want to keep password generation internal and I already thought about the logic (it seems that again we were on the same page):
-
Someone registers with an already registered email
-
The app warns the user and propose to reset the password by clicking a ‘reset’ button.
-
As the button is clicked the newly generated password is sent to the server and stored on a database table along with a unique key and the related email.
-
The server sends an email with the reset link (which refers the unique key) to the email address.
-
As the user clicks on the link which directs to a Page module where the server compares the key to the one existing in the database and updates the user password with the stored one.
-
Done! The new device can now log in.
Thanks for your quick feedbacks. I will change my code to use the sendConfirmationLink method instead of my custom made solution as soon as v2.6 is released.
Thanks again.