Project

General

Profile

Actions
Copy link

User Story #183

open
ยซ Previous | 53 of 170 | Next ยป

Epic #3: Implement a secure user authentication system

Feature #162: Password Recovery

As a user, I want to request a password reset, so that I can recover my account

User Story #183: As a user, I want to request a password reset, so that I can recover my account

Added by Bricklou 11 days ago. Updated about 10 hours ago.

Status:
To Do
Priority:
Normal
Assigned To:
-
Start date:
03/28/2026
Due date:
% Done:

0%

Estimated time:
(Total: 0:00 h)

Description

When a user forgot its password, he can request a link allowing him to reinitialize it.

About the email sending:

  • Always give a feedback about a mail being sent, even if the account doesn't exists : this prevent enumeration listing. (i.e. "if the account exists, a link will be sent by email")
  • rate limit the forgot password request. (i.e. max 3/hours)

A new link with a randomly generated token will be send to the user so he can proceed further.

About the generated link:

  • It has one time use and contains a randomly generated opaque token linked to his account.
  • It expires if no one clicked on it in the following 2 hours.
  • If a link has already been generated, invalidate it and generate a new one.

Subtasks 2 (2 open0 closed)

Sub-Task #184: Generate reset token and send reset emailTo Do03/28/2026

Actions
Sub-Task #185: Validate token expiryTo Do03/28/2026

Actions
Actions
Copy link

Also available in: PDF Atom