SMART Plan — [Core] Password reset page
Specific
Implement the full password reset flow accessible from the login screen:
- A "Forgot your password?" link on the login page leads to a request form where the user enters their email.
- The application sends a password reset email with a signed, time-limited token link.
- Clicking the link opens a reset form where the user enters a new password (with confirmation).
- On success the user is redirected to the login page with a success notification.
Measurable
- "Forgot your password?" link is visible on the login page.
- Submitting a known email triggers a password reset email (testable via
Mail::fake() / Notification::fake()).
- Submitting an unknown email returns no error that reveals account existence (security best practice).
- Clicking a valid token link opens the reset form; submitting a new password updates the user record.
- An expired or invalid token shows a clear error message.
- PHPUnit covers: link present, email sent, reset success, invalid token rejected.
Achievable
Filament v4 ships RequestPasswordReset and ResetPassword auth pages. Register them in the company panel provider. The email is dispatched via Laravel's built-in Password::broker(). Any branding overrides go in Modules/Core/Filament/Pages/Auth/.
Relevant
Without password reset, a user who forgets their password must contact an admin. This is a baseline auth requirement for any production application.
Time-bound
Sprint 5.
Acceptance Criteria
SMART Plan — [Core] Password reset page
Specific
Implement the full password reset flow accessible from the login screen:
Measurable
Mail::fake()/Notification::fake()).Achievable
Filament v4 ships
RequestPasswordResetandResetPasswordauth pages. Register them in the company panel provider. The email is dispatched via Laravel's built-inPassword::broker(). Any branding overrides go inModules/Core/Filament/Pages/Auth/.Relevant
Without password reset, a user who forgets their password must contact an admin. This is a baseline auth requirement for any production application.
Time-bound
Sprint 5.
Acceptance Criteria