US025 As a developer, I want to create a password reset function,so that users can regain access if they forget their password.

Description:

As a developer, I want to create a password reset function,so that users can regain access if they forget their password.

Customers need a simple way to reset their passwords to quickly regain access to their accounts without frustration or reliance on support, ensuring a seamless and secure user experience.

This feature is essential for user convenience, security, and reducing support workload. It helps retain users by providing a reliable method to recover account access, thereby enhancing trust and satisfaction with the platform.

Linked Requirements & Use Cases?

• Requirement ID- BUSINESS-REQ-72
• Use case (UC9) for password recovery
• OWASP Forgot Password Guidelines

Current Definition of Done

• Implemented (Password reset form, token generation, secure validation)

• Pair Reviewed (Code reviewed by at least one team member)

• Tested (Unit & integration tests for reset flow and edge cases)

• Documents updated (User and developer documentation)

• Email delivery verified (Reset link reaches user)

• Security verified (Token expiration, one-time use, logging)

Acceptance Criterias

• A "Forgot Password" link is visible on the login page (#241)
• User can submit their email to request password reset (#241)
• An email is sent to the user with a unique reset link (#241)
• Link leads to a form to define a new password (#241)
• Reset link becomes invalid after one use or expiry (#241)
• User is notified of successful password change (#241)
• A secure, time-limited token is generated and stored
• New password is securely stored after validation
• Audit log tracks password reset request and confirmation
• System prevents token reuse or brute-force attempts