Skip to content

User Management UI — password reset flow #88

Description

@victorsoriadrp

Context

Self-hosted deployments using local auth (non-OIDC) have no password reset flow. A user who forgets their password requires admin DB intervention.

Acceptance criteria

  • "Forgot password" link on login screen (only visible when local auth is enabled)
  • Backend: time-limited reset token, single use
  • Email delivery via the same hook as invitations (User Management UI — workspace invitations #87)
  • Reset flow lands on a password update screen
  • Old session tokens invalidated after successful reset
  • Audit log entry auth.password_reset

Related

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions