parse-community
diff --git a/‎CHANGELOG.md
+1 b/‎CHANGELOG.md
+1
diff --git a/‎README.md
+44-58 b/‎README.md
+44-58
@@ -91,6 +91,7 @@ ___
 ### Breaking Changes
 - Improved schema caching through database real-time hooks. Reduces DB queries, decreases Parse Query execution time and fixes a potential schema memory leak. If multiple Parse Server instances connect to the same DB (for example behind a load balancer), set the [Parse Server Option](https://parseplatform.org/parse-server/api/master/ParseServerOptions.html) `databaseOptions.enableSchemaHooks: true` to enable this feature and keep the schema in sync across all instances. Failing to do so will cause a schema change to not propagate to other instances and re-syncing will only happen when these instances restart. The options `enableSingleSchemaCache` and `schemaCacheTTL` have been removed. To use this feature with MongoDB, a replica set cluster with [change stream](https://docs.mongodb.com/manual/changeStreams/#availability) support is required. (Diamond Lewis, SebC) [#7214](https://github.com/parse-community/parse-server/issues/7214)
 - Added file upload restriction. File upload is now only allowed for authenticated users by default for improved security. To allow file upload also for Anonymous Users or Public, set the `fileUpload` parameter in the [Parse Server Options](https://parseplatform.org/parse-server/api/master/ParseServerOptions.html) (dblythy, Manuel Trezza) [#7071](https://github.com/parse-community/parse-server/pull/7071)
+- Removed [parse-server-simple-mailgun-adapter](https://github.com/parse-community/parse-server-simple-mailgun-adapter) dependency; to continue using the adapter it has to be explicitly installed (Manuel Trezza) [#7321](https://github.com/parse-community/parse-server/pull/7321)
 ### Notable Changes
 - Added Parse Server Security Check to report weak security settings (Manuel Trezza, dblythy) [#7247](https://github.com/parse-community/parse-server/issues/7247)
 - EXPERIMENTAL: Added new page router with placeholder rendering and localization of custom and feature pages such as password reset and email verification (Manuel Trezza) [#6891](https://github.com/parse-community/parse-server/issues/6891)
 
@@ -58,6 +58,7 @@ The full documentation for Parse Server is available in the [wiki](https://githu
   - [Basic Options](#basic-options)
   - [Client Key Options](#client-key-options)
   - [Email Verification and Password Reset](#email-verification-and-password-reset)
+  - [Password and Account Policy](#password-and-account-policy)
   - [Custom Routes](#custom-routes)
     - [Example](#example)
     - [Reserved Paths](#reserved-paths)
@@ -313,76 +314,32 @@ The client keys used with Parse are no longer necessary with Parse Server. If yo
 
 ## Email Verification and Password Reset
 
-Verifying user email addresses and enabling password reset via email requires an email adapter. As part of the `parse-server` package we provide an adapter for sending email through Mailgun. To use it, sign up for Mailgun, and add this to your initialization code:
+Verifying user email addresses and enabling password reset via email requires an email adapter. There are many email adapters provided and maintained by the community. The following is an example configuration with an example email adapter. See the [Parse Server Options](https://parseplatform.org/parse-server/api/master/ParseServerOptions.html) for more details and a full list of available options.
 
 ```js
-var server = ParseServer({
+const server = ParseServer({
   ...otherOptions,
+
   // Enable email verification
   verifyUserEmails: true,
 
-  // if `verifyUserEmails` is `true` and
-  //     if `emailVerifyTokenValidityDuration` is `undefined` then
-  //        email verify token never expires
-  //     else
-  //        email verify token expires after `emailVerifyTokenValidityDuration`
-  //
-  // `emailVerifyTokenValidityDuration` defaults to `undefined`
-  //
-  // email verify token below expires in 2 hours (= 2 * 60 * 60 == 7200 seconds)
-  emailVerifyTokenValidityDuration: 2 * 60 * 60, // in seconds (2 hours = 7200 seconds)
-
-  // set preventLoginWithUnverifiedEmail to false to allow user to login without verifying their email
-  // set preventLoginWithUnverifiedEmail to true to prevent user from login if their email is not verified
-  preventLoginWithUnverifiedEmail: false, // defaults to false
-
-  // The public URL of your app.
-  // This will appear in the link that is used to verify email addresses and reset passwords.
-  // Set the mount path as it is in serverURL
-  publicServerURL: 'https://example.com/parse',
-  // Your apps name. This will appear in the subject and body of the emails that are sent.
-  appName: 'Parse App',
-  // The email adapter
+  // Set email verification token validity to 2 hours
+  emailVerifyTokenValidityDuration: 2 * 60 * 60,
+
+  // Set email adapter
   emailAdapter: {
-    module: '@parse/simple-mailgun-adapter',
+    module: 'example-mail-adapter',
     options: {
-      // The address that your emails come from
-      fromAddress: '[email protected]',
-      // Your domain from mailgun.com
-      domain: 'example.com',
-      // Your API key from mailgun.com
-      apiKey: 'key-mykey',
+      // Additional adapter options
+      ...mailAdapterOptions
     }
   },
-
-  // account lockout policy setting (OPTIONAL) - defaults to undefined
-  // if the account lockout policy is set and there are more than `threshold` number of failed login attempts then the `login` api call returns error code `Parse.Error.OBJECT_NOT_FOUND` with error message `Your account is locked due to multiple failed login attempts. Please try again after <duration> minute(s)`. After `duration` minutes of no login attempts, the application will allow the user to try login again.
-  accountLockout: {
-    duration: 5, // duration policy setting determines the number of minutes that a locked-out account remains locked out before automatically becoming unlocked. Set it to a value greater than 0 and less than 100000.
-    threshold: 3, // threshold policy setting determines the number of failed sign-in attempts that will cause a user account to be locked. Set it to an integer value greater than 0 and less than 1000.
-    unlockOnPasswordReset: true, // Is true if the account lock should be removed after a successful password reset. Default: false.
-}
-  },
-  // optional settings to enforce password policies
-  passwordPolicy: {
-    // Two optional settings to enforce strong passwords. Either one or both can be specified.
-    // If both are specified, both checks must pass to accept the password
-    // 1. a RegExp object or a regex string representing the pattern to enforce
-    validatorPattern: /^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.{8,})/, // enforce password with at least 8 char with at least 1 lower case, 1 upper case and 1 digit
-    // 2. a callback function to be invoked to validate the password
-    validatorCallback: (password) => { return validatePassword(password) },
-    validationError: 'Password must contain at least 1 digit.' // optional error message to be sent instead of the default "Password does not meet the Password Policy requirements." message.
-    doNotAllowUsername: true, // optional setting to disallow username in passwords
-    maxPasswordAge: 90, // optional setting in days for password expiry. Login fails if user does not reset the password within this period after signup/last reset.
-    maxPasswordHistory: 5, // optional setting to prevent reuse of previous n passwords. Maximum value that can be specified is 20. Not specifying it or specifying 0 will not enforce history.
-    //optional setting to set a validity duration for password reset links (in seconds)
-    resetTokenValidityDuration: 24*60*60, // expire after 24 hours
-  }
 });
 ```
 
-You can also use other email adapters contributed by the community such as:
-- [parse-smtp-template (Multi Language and Multi Template)](https://www.npmjs.com/package/parse-smtp-template)
+Email adapters contributed by the community:
+- [parse-server-api-mail-adapter](https://www.npmjs.com/package/parse-server-api-mail-adapter) (localization, templates, universally supports any email provider)
+- [parse-smtp-template](https://www.npmjs.com/package/parse-smtp-template) (localization, templates)
 - [parse-server-postmark-adapter](https://www.npmjs.com/package/parse-server-postmark-adapter)
 - [parse-server-sendgrid-adapter](https://www.npmjs.com/package/parse-server-sendgrid-adapter)
 - [parse-server-mandrill-adapter](https://www.npmjs.com/package/parse-server-mandrill-adapter)
@@ -392,7 +349,36 @@ You can also use other email adapters contributed by the community such as:
 - [parse-server-mailjet-adapter](https://www.npmjs.com/package/parse-server-mailjet-adapter)
 - [simple-parse-smtp-adapter](https://www.npmjs.com/package/simple-parse-smtp-adapter)
 - [parse-server-generic-email-adapter](https://www.npmjs.com/package/parse-server-generic-email-adapter)
-- [parse-server-api-mail-adapter](https://www.npmjs.com/package/parse-server-api-mail-adapter)
+
+## Password and Account Policy
+
+Set a password and account policy that meets your security requirements. The following is an example configuration. See the [Parse Server Options](https://parseplatform.org/parse-server/api/master/ParseServerOptions.html) for more details and a full list of available options.
+
+```js
+const server = ParseServer({
+  ...otherOptions,
+
+  // The account lock policy
+  accountLockout: {
+    // Lock the account for 5 minutes.
+    duration: 5,
+    // Lock an account after 3 failed log-in attempts
+    threshold: 3,
+    // Unlock the account after a successful password reset
+    unlockOnPasswordReset: true,
+  },
+
+  // The password policy
+  passwordPolicy: {    
+    // Enforce a password of at least 8 characters which contain at least 1 lower case, 1 upper case and 1 digit
+    validatorPattern: /^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.{8,})/,
+    // Do not allow the username as part of the password
+    doNotAllowUsername: true,
+    // Do not allow to re-use the last 5 passwords when setting a new password
+    maxPasswordHistory: 5,
+  },
+});
+```
 
 ## Custom Routes
 **Caution, this is an experimental feature that may not be appropriate for production.**