add stories
This commit is contained in:
@@ -0,0 +1,26 @@
|
||||
# Complete Password Reset Flow
|
||||
|
||||
**ID:** EU-002
|
||||
**Priority:** Critical
|
||||
**Status:** Planned
|
||||
|
||||
## User Story
|
||||
As an end user, I want to reset my password when I forget it so that I can regain access to my account securely.
|
||||
|
||||
## Acceptance Criteria
|
||||
- [ ] User can request a password reset via email
|
||||
- [ ] Reset email contains a secure, time-limited token link
|
||||
- [ ] Clicking the link opens a form to set a new password
|
||||
- [ ] Password must meet security requirements (length, complexity)
|
||||
- [ ] Old password is invalidated after successful reset
|
||||
- [ ] User receives confirmation email after password change
|
||||
- [ ] All existing sessions are invalidated after password reset
|
||||
|
||||
## Technical Notes
|
||||
- `resetPassword` handler exists but `setNewPassword` is a stub (returns `{ status: 'ok' }` without implementation)
|
||||
- Need to implement actual password update logic
|
||||
- Should use `ReceptionMailer` for email sending
|
||||
- Consider rate limiting reset requests to prevent abuse
|
||||
|
||||
## Related TODOs
|
||||
- `ts/reception/classes.loginsessionmanager.ts:229-238` - `setNewPassword` handler is incomplete
|
||||
Reference in New Issue
Block a user