Skip to content

[Week 4] Implement Password Security & Reset FlowΒ #14

New issue
New issue
Open
Open
[Week 4] Implement Password Security & Reset Flow#14
Labels
enhancementNew feature or requestsecurity
@asyncnavi

Description

@asyncnavi
asyncnavi
opened on Jan 10, 2026

Description

Implement password validation with security requirements and create password change/reset functionality.

Tasks

Password Requirements

  • Minimum 8 characters
  • At least one uppercase letter
  • At least one lowercase letter
  • At least one number
  • At least one special character (optional but recommended)
  • Common password blacklist check

Password Change (Authenticated)

  • Create POST /api/auth/change-password endpoint
  • Require current password verification
  • Validate new password requirements
  • Hash and update password
  • Invalidate all other sessions
  • Send confirmation email

Password Reset Flow

  • Create POST /api/auth/forgot-password endpoint
  • Generate secure reset token
  • Send reset email with token
  • Create POST /api/auth/reset-password endpoint
  • Validate reset token
  • Update password
  • Invalidate all sessions

Password Change Request

{
  "current_password": "OldPass123!",
  "new_password": "NewSecurePass456!"
}

Password Reset Request

{
  "email": "student@stanford.edu"
}

Reset Token

  • Store in database with expiration (1 hour)
  • Single use only
  • Cryptographically secure

Definition of Done

  • Password validation implemented
  • Change password endpoint working
  • Reset password flow complete
  • Email notifications sent
  • Tests passing
  • Security reviewed

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or requestsecurity

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions