Skip to content

[RESET-101] Restore Password (Reset via Email Link) #83

Description

@mehalyna

🎯 Story Overview

As a
registered user who has requested a password reset,

I want to
set a new password through a secure form accessed via a link sent to my email,

So that I can
regain access to my account securely and continue using the platform.


✅ Acceptance Criteria

# Criteria
1 The reset password screen must include two fields: New Password and Confirm New Password.
2 The password must meet security criteria: contain uppercase, lowercase, special character, and numbers.
3 If the two passwords do not match, show an error: Паролі не співпадають. Будь ласка, введіть однакові паролі в обидва поля.
4 If the password does not meet the format rules, show an error: Пароль не відповідає вимогам.
5 The “Зберегти пароль” button must be disabled until both fields are valid.
6 On successful reset, the user must see a confirmation screen: Ваш новий пароль успішно збережено.
7 The confirmation screen should contain a CTA: “Повернутися до входу” that redirects to login.

📲 UI/UX Notes

  • Both password fields support show/hide functionality via eye icon.
  • Real-time validation feedback is provided (errors in red, fields highlighted).
  • Success screen is clean and focused with confirmation message.
  • Password complexity guidance appears below the field.

🔐 Security Notes

  • The reset link should contain a time-limited, single-use token.
  • If the token is expired or used, show a relevant error and redirect to "Forgot Password" flow.
  • Password should be hashed before being saved.

🧪 Example Screens from UI Mockups

State Description
🟡 Initial Form Password input, both fields empty or incomplete
❌ Password Mismatch Error message shown when entries don’t match
❌ Weak Password Error message for not meeting password requirements
✅ Success Message: Ваш новий пароль успішно збережено with "Return to Login" CTA

📄 Error & Info Messages (Ukrainian)

  • Password mismatch: Паролі не співпадають. Будь ласка, введіть однакові паролі в обидва поля
  • Weak password: Пароль не відповідає вимогам
  • Success: Ваш новий пароль успішно збережено

📌 Navigation

  • Зберегти пароль → Triggers password reset action (via token validation)
  • Повернутися до входу → Redirects user back to the login screen

Image

Image

Image

Image

🔧 Sub-tasks for RESET-101: Restore Password via Email Link

🛠 Frontend Implementation

  • RESET-101-1: Design and implement the restore password screen layout with:
    • New password field
    • Confirm new password field
  • RESET-101-2: Add client-side validation for password complexity rules
  • RESET-101-3: Validate that both password fields match before enabling the submit button
  • RESET-101-4: Show inline error messages:
    • Паролі не співпадають...
    • Пароль не відповідає вимогам
  • RESET-101-5: Implement show/hide password toggle for both fields (eye icon)
  • RESET-101-6: Disable “Зберегти пароль” button until both inputs are valid
  • RESET-101-7: Display success confirmation screen after successful password change
  • RESET-101-8: Add navigation link: Повернутися до входу → redirects to login page

🔐 Backend Implementation

  • RESET-101-9: Create endpoint to accept new password + token for reset validation
  • RESET-101-10: Validate that the token is:
    • Present
    • Not expired
    • Not previously used
  • RESET-101-11: Implement password complexity enforcement server-side
  • RESET-101-12: Hash and save the new password securely
  • RESET-101-13: Invalidate token after successful use

✅ Validation & Error Handling

  • RESET-101-14: Show specific messages for:
    • Invalid token
    • Expired token
    • Weak password
    • Mismatched passwords
  • RESET-101-15: Redirect to "Forgot Password" if token is expired or missing

🧪 QA & Testing

  • RESET-101-16: Test front-end form validation and behavior with:
    • Matching and mismatching passwords
    • Invalid/weak passwords
  • RESET-101-17: Test expired and reused tokens
  • RESET-101-18: Backend integration test: password is updated, and user can log in
  • RESET-101-19: Cross-browser testing and mobile responsiveness
  • RESET-101-20: Validate that success screen shows only after a successful reset

📄 Documentation

  • RESET-101-21: Document the password reset endpoint (POST with token + new password)
  • RESET-101-22: Add restore password instructions to user support documentation

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions