Implement Forgot Password (Use Existing Mail & OTP Logic)

[ahmadogo]

Description:

Implement a forgot‑password flow that uses the existing Mail Service (sendOtpEmail) to send a one‑time 6‑digit OTP to the user’s registered email, then verify OTP and reset the password securely.

Tasks:

• Add DTOs: ForgotPasswordDto { email }, VerifyOtpDto { email; otp }, ResetPasswordDto { email; otp; newPassword }.
  In auth.service.ts:

  • forgotPassword(dto: ForgotPasswordDto) → call mailService.sendOtpEmail(dto.email).
  • verifyOtp(dto: VerifyOtpDto) → validate OTP via repository/cache, no secrets leaked.
  • resetPassword(dto: ResetPasswordDto) → verify OTP, hash new password, save, invalidate OTP.

• Create/Use OTP repository/cache utilities already employed by sendOtpEmail (shared source of truth).

• Enforce OTP 10‑minute expiry and one‑time use.

• Add unit tests for: OTP request (delegates to mail), verify (ok/invalid/expired), reset (hash + invalidate).

• Update Swagger (if present): request/response schemas and error codes.

Acceptance Criteria:

• Calling forgotPassword triggers mailService.sendOtpEmail and sends an OTP to the user’s email.
• OTP must be valid and unexpired to reset password.
• Invalid or expired OTP returns 400/401 without revealing whether the email exists.
• New password is securely hashed and persists; OTP is invalidated after use.
• A screenshot of your server running

[drips-wave]

This issue has been added to the Stellar Wave Program and is worth 150 Points.

🧑‍💻 Interested in contributing? Apply to work on this issue on Drips Wave, earn points, and receive rewards.

Warning

Only applications submitted via the apply link above will be considered. Please do not apply by commenting on the issue or opening a PR directly.

🤠 Repo maintainers: You can manage this issue's Points and Complexity on your Maintainer Dashboard here. Please keep an eye on applications and respond quickly 💙

ℹ️ Learn more about Drips Wave

[Mrwicks00]

@Mrwicks00 has applied to work on this issue as part of the Stellar Wave Program's 2nd wave.

Can I work on this ? I am a very proficient backend developer, I will deliver this in few hours.

Expecting your response

ℹ️ Repo Maintainers: To accept this application, review their application or assign @Mrwicks00 to this issue.

[Nabeelahh]

@Nabeelahh has applied to work on this issue as part of the Stellar Wave Program's 2nd wave.

Hi I am a good developer I would like to work on this issue

ℹ️ Repo Maintainers: To accept this application, review their application or assign @Nabeelahh to this issue.

[drips-wave]

Congratulations, @Nabeelahh! 🎉 Your application was accepted by the repo's maintainers, and the issue is due on February 26, 2026.

🧑‍💻 @Nabeelahh: Please resolve the issue such that the repo's maintainers have enough time to review your contribution before the due date. You'll earn Points for completing the issue on-time, which will make you eligible for a share of the Stellar Wave Program's reward pool.

Warning

When opening a PR, please link it to this issue to ensure it gets tracked accurately. Points are issued when this issue is marked as completed by the maintainer.

🤠 Repo maintainers: Please keep an eye on the contributor's progress and review their work before the due date. You can manage this issue, including adjusting its complexity and points, here.

🌊 Happy Wave 🌊