Overview
The password recovery process involves three main steps:- Email Verification: Confirm your account email address
- Reset Code Validation: Enter the unique code sent to your email
- Password Reset: Create and confirm your new password
The entire process is designed with security in mind, using time-limited reset codes and validation at each step.
Starting Password Recovery
Navigate to Login Page
Open MediGuide and ensure you’re on the Iniciar Sesión (Login) tab.You’ll see the standard login form with username and password fields.
Password Recovery Process
Step 1: Email Verification
Enter Your Email Address
In the Correo Electrónico (Email) field, enter the email address you used when creating your account.Email Validation:
- Must be a valid email format ([email protected])
- System checks:
^[^\s@]+@[^\s@]+\.[^\s@]+$
Submit Email
Click the “Enviar Código” (Send Code) button.During Processing:
- Button text changes to “Enviando…” (Sending)
- Button is disabled to prevent duplicate requests
- System searches for an account with that email
- If found, generates a 6-digit reset code
- Code is valid for 30 minutes
- Code is stored in database with expiration timestamp
Check for Confirmation
If Successful:
- Message: “Se ha enviado un código de recuperación a tu correo electrónico”
- A blue box displays your reset code (for testing/development)
- You automatically proceed to Step 2
- Error: “No se encontró cuenta con este correo”
- Verify the email address and try again
- Consider that you may have used a different email
Step 2: Reset Code Validation
After email verification, you’ll see the code entry form.Locate Your Reset Code
In Development/Testing:
The code is displayed on screen in a highlighted blue box for easy copying.In Production:
Check your email inbox (and spam folder) for the reset code.Code Format:
- 6-digit numeric code
- Example: 123456, 987654
- Valid for 30 minutes from generation
Enter Reset Code
In the Código de Recuperación (Recovery Code) field:
- Type or paste the 6-digit code
- Code must be exactly 6 characters
Verify Code
Click “Verificar Código” (Verify Code) button.During Processing:
- Button shows “Verificando…” (Verifying)
- System checks code against database
- Verifies code hasn’t expired (30-minute window)
- Message: “Código verificado. Ingresa tu nueva contraseña.”
- Proceed to Step 3 (password creation)
- Error: “Código de recuperación inválido”
- Code doesn’t match database record
- Check for typos and try again
- Error: “El código de recuperación ha expirado”
- 30 minutes have passed since code generation
- Start over from Step 1 to get a new code
Step 3: Create New Password
Once your code is verified, you’ll see the password creation form.Enter New Password
In the Nueva Contraseña (New Password) field:
- Type your desired new password
- Use the Mostrar/Ocultar (Show/Hide) button to toggle visibility
- Minimum 6 characters
- Must contain at least one special character:
!@#$%^&*()_+-=[]{};\':"|,.<>/?
- Too short: “La contraseña debe tener al menos 6 caracteres”
- No special char: “La contraseña debe contener al menos un carácter especial (!@#$%^&* etc.)”
Confirm New Password
In the Confirmar Contraseña (Confirm Password) field:
- Re-type your new password exactly
- Use the Mostrar/Ocultar button if needed
Submit New Password
Click “Actualizar Contraseña” (Update Password) button.During Processing:
- Button shows “Actualizando…” (Updating)
- System performs final validation
- Checks reset code is still valid
- Updates password in database
- Clears reset code and expiration
- Message: “¡Contraseña actualizada exitosamente! Redirigiendo…”
- After 2 seconds, automatically returns to login page
- You can now log in with your new password
Security Features
Time-Limited Reset Codes
- Validity Period: 30 minutes (1800 seconds)
- Expiration Check: Validated on each request
- Calculation:
Date.now() + 30 * 60 * 1000 - Single Use: Code is cleared after successful password reset
Code Generation
- Format: Random 6-digit numeric string
- Generation:
Math.random().toString().substring(2, 8) - Storage: Stored as
reset_codein user database record - Expiration: Stored as
reset_code_expirytimestamp
Validation Steps
- Email exists in database
- Reset code matches stored value
- Code hasn’t expired (compared to current time)
- New password meets strength requirements
- Passwords match (new and confirm)
- Code and expiration cleared after successful reset
API Endpoints Used
The password recovery process uses three backend endpoints:1. Request Reset Code
Endpoint:/api/users/forgot-password
- Method: POST
- Body:
{ email: "[email protected]" } - Response:
{ message: "Reset code sent", resetCode: "123456" }
2. Verify Reset Code
Endpoint:/api/users/verify-reset-code
- Method: POST
- Body:
{ email: "[email protected]", resetCode: "123456" } - Response:
{ message: "Reset code verified", userId: 123 }
3. Reset Password
Endpoint:/api/users/reset-password
- Method: POST
- Body:
{ email: "[email protected]", resetCode: "123456", newPassword: "newPass123!" } - Response:
{ message: "Contraseña actualizada exitosamente", userId: 123, username: "user" }
Navigation and Back Button
At any point during the recovery process:- “Volver a Iniciar Sesión” button is available
- Returns you to the main login page
- Aborts the current recovery attempt
- Can start over if needed
- Intercepted by the application
- Prevents accidental navigation away
- Use the provided “Volver” button instead
Error Messages Reference
Email Step Errors
| Error Message | Cause | Solution |
|---|---|---|
| ”Por favor ingresa un correo electrónico válido” | Invalid email format | Check for typos, ensure @ and domain |
| ”No se encontró cuenta con este correo” | Email not in database | Verify email, check if account was created with different email |
| ”Error: Servidor no respondió” | Server connection issue | Check internet connection, try again |
Code Verification Errors
| Error Message | Cause | Solution |
|---|---|---|
| ”El código debe tener al menos 6 caracteres” | Code too short | Enter all 6 digits |
| ”Código de recuperación inválido” | Wrong code entered | Double-check code, re-type carefully |
| ”El código de recuperación ha expirado” | More than 30 min passed | Request new code from Step 1 |
Password Creation Errors
| Error Message | Cause | Solution |
|---|---|---|
| ”Las contraseñas no coinciden” | New and confirm don’t match | Re-type password carefully |
| ”La contraseña debe tener al menos 6 caracteres” | Password too short | Use at least 6 characters |
| ”La contraseña debe contener al menos un carácter especial” | No special character | Add !, @, #, $, %, etc. |
Troubleshooting
I didn't receive a reset code
I didn't receive a reset code
In Development: The code is displayed on screen.In Production:
- Check spam/junk folder
- Verify email address is correct
- Wait a few minutes for email delivery
- If still missing, try requesting a new code
My reset code has expired
My reset code has expired
Reset codes are valid for 30 minutes. If expired:
- Click “Volver a Iniciar Sesión”
- Start password recovery again
- Complete the process within 30 minutes
What if I don't remember my email?
What if I don't remember my email?
Unfortunately, without your email address, you cannot recover your account through this system. Consider:
- Checking old emails or documents
- Looking for MediGuide confirmation emails
- Creating a new account if necessary
Password requirements too strict?
Password requirements too strict?
The requirements ensure account security:
- 6+ characters (easy to remember phrase)
- 1 special character (add ! or @ at the end)
- Example:
mypass!23orhealth@2024
Getting network errors
Getting network errors
Connection issues can occur. Try:
- Checking internet connectivity
- Refreshing the page
- Clearing browser cache
- Trying a different browser
- Waiting and retrying later
Reset code works but password won't update
Reset code works but password won't update
Verify that:
- You’re still within 30-minute window
- New password meets requirements (6+ chars, special char)
- Both password fields match exactly
- You haven’t modified the email or code
Best Practices
Use Strong Passwords
Choose passwords with 8+ characters, mixing letters, numbers, and symbols
Complete Quickly
Finish the process within 30 minutes to avoid code expiration
Verify Email
Double-check email address before requesting code
Store Securely
Use a password manager to remember new credentials
After Password Reset
Once your password is successfully reset:Login to Your Account
Access your MediGuide account with your new password
Enter Medical Data
Continue monitoring your health metrics
Security Tips
Technical Details
Reset Code Storage
In the database, two fields are used:reset_code: The 6-digit code (cleared after use)reset_code_expiry: Timestamp when code expires
Password Update Process
- Verify reset code and expiration
- Update
passwordfield with new value - Set
reset_codetoNULL - Set
reset_code_expirytoNULL - Return user ID and username
Code Expiration Logic
Summary
The password recovery process is:- Secure: Time-limited codes and multi-step verification
- User-Friendly: Clear instructions and helpful error messages
- Reliable: Validation at each step prevents errors
- Fast: Complete in just a few minutes
You now know how to recover your MediGuide account password securely. Keep your email accessible and complete the process promptly!