ARRY7686
commented
6 hours ago @Anshul439 Pls assign this issue and mark it as hacktober fest
Open ARRY7686 opened 6 hours ago
ARRY7686
commented
6 hours ago @Anshul439 Pls assign this issue and mark it as hacktober fest
Anshul439
commented
5 hours ago Go ahead.
Description:
We need to implement a "Forgot Password" feature that allows users to reset their password using an OTP (One-Time Password) sent to their registered email or phone number. This feature will improve the user experience and security of the platform by providing an easy way to recover access in case the user forgets their password.
Acceptance Criteria:
UI/UX Flow:
Add a "Forgot Password?" link on the login page. Upon clicking the link, the user should be prompted to enter their registered email. The user receives an OTP via email to verify their identity. After entering the correct OTP, the user is directed to a form to create a new password. The new password should be confirmed by re-entering it to avoid mistakes.
OTP Handling:
OTP should be 6 digits, randomly generated, and expire after 5 minutes. Limit the number of OTP requests (e.g., 3 attempts within 15 minutes). Add an option to resend OTP if the user doesn’t receive it within a reasonable time frame (1 minute). OTPs should be securely validated on the backend.
Security:
The OTP should be stored securely and only temporarily. Ensure that password reset links/requests expire within a limited time frame. Rate-limit OTP requests to avoid abuse. Use strong validation for the new password (e.g., at least 8 characters, includes uppercase, lowercase, and a number). Backend:
API to generate and send OTP to the user's registered email/phone number. API to verify OTP and allow the user to set a new password. Ensure that OTP and password reset actions are logged for security auditing. Additional Considerations:
Use appropriate success and error messages for user feedback during the process. The feature should be responsive and work across devices (desktop and mobile). Technical Dependencies:
Integration with email/SMS service providers for sending OTPs. Backend support for OTP generation, expiration, and validation.