Implement Forgot Password Endpoint

[ayshadogo]

Description:
Allow users to request a password reset via email.

Tasks:

• Create POST /api/auth/forgot-password
• Find user by email (always return 200 to avoid user enumeration)
• Generate a secure reset token and save its hash + expiry to the user document
• Send password reset email with the token link

Acceptance Criteria:
An email with a reset link is sent if the email exists in the system.

---

[Eniola3321]

Hi Maintainers,
I’m interested in working on this issue. I’m a backend developer with experience in Node.js, APIs, and Web3/blockchain concepts.
I’ve reviewed the issue and I’m confident I can contribute a clean solution.
Kindly assign it to me if it’s open. Thanks!

[Emmanuelluxury]

I’d like to work on this issue because it sits at the intersection of system design, financial logic, and secure contract architecture — areas I actively specialize in and enjoy building within. The problem requires careful handling of state transitions, precision math, and security constraints, which makes it both technically meaningful and impactful to the overall reliability of the protocol.

[Emmanuelluxury]

I’d like to work on this issue because it sits at the intersection of system design, financial logic, and secure contract architecture — areas I actively specialize in and enjoy building within. The problem requires careful handling of state transitions, precision math, and security constraints, which makes it both technically meaningful and impactful to the overall reliability of the protocol.

[Mystery-CLI]

I would like to work on this issue

[Mystery-CLI]

I would like to work on this issue

[Christopherdominic]

Hi 👋

I’d like to work on this issue.

I’ve reviewed the description and acceptance criteria, and I’m confident I can implement the required changes following the project’s guidelines and coding standards. I’ll ensure proper testing and documentation where applicable.

Please assign this issue to me — I’ll get started right away. 🚀

Thank you!

[anonfedora]

I'm Anonfedora, I'm a Fullstack Blockchain Engr. I'm proficient in Rust (soroban), Rust serverside with Axum and tokio, Nestjs, epxressjs have vast experience in contributing and building on the Stellar ecosystem with the Rust using soroban's SDK.
I'm also good at comprehensively testing features.
ETA: < 12 hours

[chiscookeke11]

Hi, I am Okeke Chinedu. I have implemented secure password reset flows in Node.js/Express systems, including hashed reset tokens, expiry handling, and user-enumeration-safe responses. I’ve built similar email-based recovery mechanisms with proper security controls.

ETA: 5–7 hours

Approach:

• Create POST /api/auth/forgot-password
• Find user by email but always return 200 OK
• Generate cryptographically secure reset token
• Store hashed token + expiry timestamp in user document
• Send email with reset link containing raw token
• Ensure token expiry and hashing follow security best practices

This ensures a secure, enumeration-safe password reset workflow.

[ryzen-xp]

Hi maintainers 👋
I’m a blockchain developer with strong expertise in Stellar, Rust,TS and Stellar SDK integrations. I’ve worked on multiple Stellar-based smart contract and backend systems.

I understand the scope of this issue and can deliver a reliable, production-quality solution with proper tests and documentation.
Plz assign me !!

ETA: 14 hours

[JamesVictor-O]

Hello! I’d love to take on this issue. I’ve reviewed the requirements and have a clear path forward for the implementation. I estimate I can have a PR ready within about 3 hours of being assigned. Could you please assign this to me?

[kingjosmel]

Hi maintainers o would love to take this task, and I will fix this by implementing a secure forgot-password flow that uses hashed tokens and expiration timestamps to prevent account takeovers while protecting user privacy via constant-time responses. ETA: 3 hours