SeniorEng - Learn Real Software Engineering

Slack Thread

karan_auth

9:15 AM

Forgot-password flow is done. Sends a one-time reset link via SendGrid, token expires in 30 min. Support will finally get a break.

shreya_lead

9:28 AM

Flow works end-to-end on staging. Token expiry is handled, error messages don't leak whether the email exists. Looks good. Approving.

priya_qa

9:41 AM

QA done. Happy path and invalid email both work correctly. +1.

Pull Request #2291

Add forgot password flow

Adds POST /api/auth/forgot-password endpoint. Accepts an email address, generates a signed one-time token, and sends a reset link via SendGrid. Token expires after 30 minutes.

Ready to merge

controller/PasswordResetController.java+22 additions

Viewed

+ @RestController

+ @RequestMapping("/api/auth")

+ public class PasswordResetController {

+ @Autowired

+ private PasswordResetService resetService;

+ @PostMapping("/forgot-password")

+ public ResponseEntity<Void> forgotPassword(

+ @RequestBody @Valid ForgotPasswordRequest req) {

+ resetService.initiateReset(req.getEmail());

+ return ResponseEntity.ok().build();

+ }

shreya_lead

Approved review

Token expiry is handled correctly, and the endpoint returns the same response whether the email exists or not — good for security. LGTM.

Real incidents need a real screen.

Add forgot password flow