Summary
Implement the password reset ("forgot password") flow for v1.0. A user who cannot log in proves account ownership via an emailed, single-use, expiring token, then sets a new password.
Design (see ADR-0001)
- Auth is session-based (no JWT). The reset token is an opaque random secret, stored hashed in
reset_tokens β not a JWT.
- Delivered by email as a link
/reset?token=<raw>.
- Local dev uses Mailpit (fake SMTP), chosen over the abandoned MailHog.
Schema
reset_tokens already exists (migration V20260608161836-create-core-schema.sql): token_id, token (hash), expires_at, used_at, ip_address, user_id.
Summary
Implement the password reset ("forgot password") flow for v1.0. A user who cannot log in proves account ownership via an emailed, single-use, expiring token, then sets a new password.
Design (see ADR-0001)
reset_tokensβ not a JWT./reset?token=<raw>.Schema
reset_tokensalready exists (migrationV20260608161836-create-core-schema.sql):token_id,token(hash),expires_at,used_at,ip_address,user_id.