Password Reset & SMTP

Password Reset & SMTP Configuration

The HCG AI application includes a secure password recovery system powered by Nodemailer. This allows users to request a password reset link via email if they lose access to their account.

1. Default SMTP Settings

By default, the application is configured to use Hostinger as the SMTP service provider. The pre-configured settings in simple-app-server.js are:

• SMTP Host: smtp.hostinger.com
• Port: 465 (Secure SSL/TLS)
• Sender Address: hello@in.hcgai.com

2. Required Environment Variables

To enable email functionality, you must provide the password for the default sender account in your .env file. Without this variable, the password reset feature will fail to initialize.

# .env file
SMTP_PASS=your_hostinger_email_password

3. Using a Custom SMTP Provider

If you wish to use a different email service (e.g., Gmail, SendGrid, or AWS SES), you must update the transporter configuration.

Navigate to simple-app-server.js and locate the createEmailTransporter function (lines 151–178). Modify the config object:

const config = {
  host: 'your.smtp.provider.com',
  port: 587, // Often 587 for STARTTLS or 465 for SSL
  secure: false, // Set to true for port 465
  auth: {
    user: 'your-email@domain.com',
    pass: process.env.SMTP_PASS
  }
};

Note: If using Gmail, you may need to generate an "App Password" rather than using your primary account password.

4. Password Reset Workflow

The system manages password recovery through a token-based handshake:

1. Request: The user clicks "Forgot Password" in the Login modal and enters their email.
2. Token Generation: The server generates a unique, time-sensitive reset token and stores it in the database.
3. Email Delivery: An email is dispatched containing a link: http://<your-domain>/reset-password?token=XYZ.
4. Verification: When the user clicks the link, the server validates the token and permits the password update.

5. API Endpoints

If you are developing a custom frontend or testing the service, use the following endpoints:

| Endpoint | Method | Description | Payload | | :--- | :--- | :--- | :--- | | /api/forgot-password | POST | Triggers the reset email | { "email": "user@example.com" } | | /api/reset-password | POST | Submits the new password | { "token": "...", "password": "..." } |

6. Troubleshooting

If emails are not being sent, check the following:

• Connection Timeout: Ensure your server's firewall allows outgoing traffic on ports 465 or 587.
• Authentication Error: Double-check that SMTP_PASS in your .env file is correct and contains no extra spaces.
• SSL/TLS Issues: If you are using port 587, set secure: false. If using port 465, set secure: true.
• Logs: The server is configured with debug: true and logger: true for Nodemailer. Check the terminal output where the server is running to see the raw SMTP handshake errors.