Create forgot password flow

[shamoo53]

🚀 PR: Create Forgot Password & Reset Password Flow

🧭 Overview

This PR implements a complete Forgot Password and Reset Password flow, enabling users to securely recover access to their accounts. It includes user-friendly UI, token validation, and seamless integration with backend authentication endpoints.

---

🎯 Problem

Users currently have no way to recover their accounts if they forget their passwords, leading to:

• Account access issues
• Poor user experience
• Increased support overhead

---

💡 Solution

• Build dedicated pages for forgot password and reset password
• Integrate with backend endpoints for secure password recovery
• Ensure token validation, password requirements, and safe messaging
• Provide smooth UX with redirects and error handling

---

🛠 Scope of Work

📧 Forgot Password Page

• Created /app/auth/forgot-password/page.tsx
• Added email input form with validation
• Integrated with /users/forgot-password endpoint
• Displayed generic success message (regardless of email existence for security)

🔑 Reset Password Page

• Created /app/auth/reset-password/page.tsx
• Added new password and confirm password fields
• Validated reset token from URL
• Integrated with /users/reset-password endpoint
• Redirected user to login upon successful reset

⚠️ Error Handling

• Handled expired or invalid reset tokens
• Displayed appropriate error messages
• Prevented submission of weak or mismatched passwords

🔐 Security Considerations

• Ensured email validation before submission
• Prevented user enumeration via generic responses
• Enforced password strength requirements

---

📊 Acceptance Criteria

• ✔️ Email is validated before submission
• ✔️ User receives success message regardless of email existence
• ✔️ Reset token is validated before allowing password reset
• ✔️ New password meets defined security requirements
• ✔️ User is redirected to login after successful reset

---

🧪 Testing

• Tested forgot password flow with valid and invalid emails
• Verified reset token validation (valid, expired, invalid cases)
• Tested password validation and confirmation matching
• Ensured redirect to login works correctly

---

📚 Documentation

• Added usage notes for authentication endpoints
• Documented password requirements and validation rules
• Provided flow diagrams for password recovery process

---

🏁 Summary

This PR introduces a secure and user-friendly password recovery system, improving account accessibility while maintaining strong security practices.
Closes #39

[drips-wave]

@shamoo53 Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits