roos-fs tasks #130
Updated by Vadim Pariev 11 months ago
**Acceptance criterea** Password Reset Request - The system accepts an Accepts email or username - A Generates a secure, time-limited reset token (valid (e.g., valid for 30 minutes) is generated - An Sends an email is sent to the provided address user with a reset link containing the token - The link redirects the user (link can point to the appropriate password reset form on the website or mobile app web frontend) - If the provided user is not found, the response must still returns return 200 OK to prevent user enumeration (to avoid account enumeration) Password Reset Execution - The reset link opens a password change form in the web frontend or app, where the user enters a new password - The submitted request includes the reset Accepts token and new password - The backend verifies that the Verifies token is valid, not validity (not expired, and not previously used reused) - If valid, Resets the system updates the password and invalidates all existing active sessions - On success, returns OK; Returns 200 OK on failure (invalid success or expired token), returns appropriate error on failure (e.g., 400 for invalid token)