# Complete Password Reset Flow

**ID:** EU-002
**Priority:** Critical
**Status:** Planned

## User Story
As an end user, I want to reset my password when I forget it so that I can regain access to my account securely.

## Acceptance Criteria
- [ ] User can request a password reset via email
- [ ] Reset email contains a secure, time-limited token link
- [ ] Clicking the link opens a form to set a new password
- [ ] Password must meet security requirements (length, complexity)
- [ ] Old password is invalidated after successful reset
- [ ] User receives confirmation email after password change
- [ ] All existing sessions are invalidated after password reset

## Technical Notes
- `resetPassword` handler exists but `setNewPassword` is a stub (returns `{ status: 'ok' }` without implementation)
- Need to implement actual password update logic
- Should use `ReceptionMailer` for email sending
- Consider rate limiting reset requests to prevent abuse

## Related TODOs
- `ts/reception/classes.loginsessionmanager.ts:229-238` - `setNewPassword` handler is incomplete