idp.global/app
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
401d35186f76c483d3e6df0812afd79f10aa2301
app/stories/end-user/EU-002-password-reset.md
T
jkunz 014fb3080a add stories
2025-11-30 15:01:28 +00:00

1.0 KiB
Raw Blame History

Complete Password Reset Flow

ID: EU-002 Priority: Critical Status: Planned

User Story

As an end user, I want to reset my password when I forget it so that I can regain access to my account securely.

Acceptance Criteria

  • User can request a password reset via email
  • Reset email contains a secure, time-limited token link
  • Clicking the link opens a form to set a new password
  • Password must meet security requirements (length, complexity)
  • Old password is invalidated after successful reset
  • User receives confirmation email after password change
  • All existing sessions are invalidated after password reset

Technical Notes

  • resetPassword handler exists but setNewPassword is a stub (returns { status: 'ok' } without implementation)
  • Need to implement actual password update logic
  • Should use ReceptionMailer for email sending
  • Consider rate limiting reset requests to prevent abuse

Related TODOs

  • ts/reception/classes.loginsessionmanager.ts:229-238 - setNewPassword handler is incomplete
Reference in New Issue View Git Blame Copy Permalink