Hi Sander, Users in the application have a profile. They can change their passwords whenever they want. This is not a password reset because they forgot their password. Currently the way the application is set the user id in the url is used to grab the specific user. So someone can try to change the url to a different user id, but I check that the user that logged in is the same user that is being passed in the url. I use a route change event to check.
I could also skip the 'users' prefix in the url altogether and just have password/userId/edit which is what I have now. But I m thinking I want to prefix urls with 'users'. This is all being done for preference really, to try to follow a restful pattern in terms of the urls as close as possible. I am not using an opinionated framework that forces you to these types of URLs On Saturday, July 25, 2015 at 7:17:02 AM UTC-4, Sander Elias wrote: > > Hi Billy, > > My preference would go to /users/:user_id/password/edit. Its a bit more > describing on what it is going to do. You are editing the password, not the > user right? > All in all, it does not make a big difference. Also I would reconsider > placing the userId in the URL? I don’t think there will be multiple users > logged in at the same time, or that your user will edit other users their > password. > > so, my vote: /password/reset which will only work with a token that is > send via email. > > Does that help you a bit? > Regards > Sander > > -- You received this message because you are subscribed to the Google Groups "AngularJS" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/angular. For more options, visit https://groups.google.com/d/optout.
