Actions
roos-fs tasks #130
open
API For passwort reset for the mobile use
Status:
Closed
Priority:
Normal
Assignee:
Farzam Azhar
Start date:
06/17/2025
Due date:
% Done:
0%
Estimated time:
4:00 h
Description
Acceptance criterea
Password Reset Request
- The system accepts an email or username
- A secure, time-limited reset token (valid for 30 minutes) is generated
- An email is sent to the provided address with a reset link containing the token
- The link redirects the user to the appropriate password reset form on the website or mobile app
- If the provided user is not found, the response still returns 200 OK to prevent user enumeration
Password Reset Execution
- The reset link opens a password change form in the web frontend or app, where the user enters a new password
- The submitted request includes the reset token and new password
- The backend verifies that the token is valid, not expired, and not previously used
- If valid, the system updates the password and invalidates all existing sessions
- On success, returns OK; on failure (invalid or expired token), returns appropriate error
Updated by 
Updated by 
Updated by Farzam Azhar 
Updated by
Actions