Skip to content

[Core]: Login screen #11

Description

@naui95

SMART Plan — [Core] Password reset page

Specific

Implement the full password reset flow accessible from the login screen:

  1. A "Forgot your password?" link on the login page leads to a request form where the user enters their email.
  2. The application sends a password reset email with a signed, time-limited token link.
  3. Clicking the link opens a reset form where the user enters a new password (with confirmation).
  4. On success the user is redirected to the login page with a success notification.

Measurable

  • "Forgot your password?" link is visible on the login page.
  • Submitting a known email triggers a password reset email (testable via Mail::fake() / Notification::fake()).
  • Submitting an unknown email returns no error that reveals account existence (security best practice).
  • Clicking a valid token link opens the reset form; submitting a new password updates the user record.
  • An expired or invalid token shows a clear error message.
  • PHPUnit covers: link present, email sent, reset success, invalid token rejected.

Achievable

Filament v4 ships RequestPasswordReset and ResetPassword auth pages. Register them in the company panel provider. The email is dispatched via Laravel's built-in Password::broker(). Any branding overrides go in Modules/Core/Filament/Pages/Auth/.

Relevant

Without password reset, a user who forgets their password must contact an admin. This is a baseline auth requirement for any production application.

Time-bound

Sprint 5.


Acceptance Criteria

  • "Forgot your password?" link present on the login page
  • Submitting the request form with a registered email dispatches the reset notification
  • Reset email contains a link valid for 60 minutes (Laravel default)
  • Reset form validates: password required, min 8 chars, confirmed
  • Successful reset redirects to login with a success flash message
  • Expired or invalid token shows a clear error (not a 500)
  • PHPUnit tests cover the happy path and the invalid-token case

Metadata

Metadata

Assignees

No one assigned

    Labels

    Fields

    No fields configured for Feature.

    Projects

    No projects

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions