The request body JSON object must contain a user email, and password as string entries.

The email address is tested against following regex: /^[a-zA-Z0-9+_.-]+@[a-zA-Z0-9.-]+$/.

The ACL can be restricted for email addresses provided as process.env.USER_DOMAINS.

A valid password must be provided. Password rules can be defined as process.env.PASSWORD_REGEXP. The default rule for password being '(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9])^.{10,}$'.

The req.body.password will be hashed with bcrypt.

A req.body.verificationtoken will be created with crypto.

The req.body.language will be checked against Intl.Collator.supportedLocalesOf.

The remote_address determined from the request header is stored in the previousAddress module variable. Requests from the same address within 30 seconds will be bounced.

The passwordReset method checks whether a user record exists for the email provided in the request body.

An email with a verification token will be sent to verify the password reset.

Returns the user regestration or password reset form depending on the reset request parameter flag.

Returns the registerUserBody method with a request [user] body present.

Will attempt to register the user object provided as request body as a new user. The request body JSON object must contain a user email, and password as string entries.

An email with a verification token will be sent to verify a newly registered account.

The host=string request parameter is required for the link passed to the user verification mail template.