---
phase: 01-authentication
plan: 05
type: execute
wave: 3
depends_on: ["01-03", "01-04"]
files_modified: ["lib/features/authentication/presentation/pages/reset_password_page.dart", "lib/features/authentication/presentation/pages/update_password_page.dart", "lib/features/authentication/presentation/widgets/password_reset_form.dart"]
autonomous: true
user_setup:
  - service: supabase
    why: "Configure password reset redirect URLs"
    env_vars: []
    dashboard_config:
      - task: "Add password reset redirect URLs"
        location: "Supabase Dashboard → Authentication → URL Configuration → Site URL"
      - task: "Add password reset redirect URLs" 
        location: "Supabase Dashboard → Authentication → URL Configuration → Redirect URLs"

must_haves:
  truths:
    - "User can request password reset via email"
    - "User receives reset email within 1 minute"
    - "Reset link redirects to password update page"
    - "User can set new password successfully"
  artifacts:
    - path: "lib/features/authentication/presentation/pages/reset_password_page.dart"
      provides: "Password reset request page"
      min_lines: 35
    - path: "lib/features/authentication/presentation/pages/update_password_page.dart"
      provides: "New password entry page"
      min_lines: 40
    - path: "lib/features/authentication/presentation/widgets/password_reset_form.dart"
      provides: "Password reset form components"
      min_lines: 25
  key_links:
    - from: "lib/features/authentication/presentation/pages/reset_password_page.dart"
      to: "lib/providers/auth_provider.dart"
      via: "password reset method"
      pattern: "resetPassword|_authProvider"
    - from: "lib/features/authentication/presentation/pages/update_password_page.dart"
      to: "supabase.auth"
      via: "password update flow"
      pattern: "supabase\\.auth\\.updateUser|supabase\\.auth\\.resetPasswordForEmail"
---

<objective>
Implement password reset functionality with email flow and new password entry.

Purpose: Enable users to recover forgotten passwords securely through email-based reset flow.
Output: Complete password reset system from email request to new password confirmation.
</objective>

<execution_context>
@~/.opencode/get-shit-done/workflows/execute-plan.md
@~/.opencode/get-shit-done/templates/summary.md
</execution_context>

<context>
@.planning/PROJECT.md
@.planning/ROADMAP.md
@.planning/STATE.md
@.planning/phases/01-authentication/01-RESEARCH.md
</context>

<tasks>

<task type="auto">
  <name>Create password reset request page</name>
  <files>lib/features/authentication/presentation/pages/reset_password_page.dart</files>
  <action>
    Create ResetPasswordPage that:
    1. Has email input field with validation
    2. Uses AuthButton for "Send Reset Email" action
    3. Shows success message after email sent
    4. Shows error message for invalid email
    5. Has loading state during email sending
    6. Includes "Back to Login" navigation
    7. Provides clear instructions to user
    8. Handles rate limiting feedback (if email already sent)
    9. Uses AuthRepository resetPassword() method
    10. Has proper page structure and responsive design
    11. Includes accessibility features
    12. Shows helpful copy like "Check your email for reset link"
  </action>
  <verify>Reset password page sends email request and shows appropriate success/error states</verify>
  <done>Complete password reset request interface integrated with auth system</done>
</task>

<task type="auto">
  <name>Create password reset components</name>
  <files>lib/features/authentication/presentation/widgets/password_reset_form.dart</files>
  <action>
    Create PasswordResetForm widget that:
    1. Accepts email field configuration
    2. Provides email validation
    3. Shows validation errors in real-time
    4. Has onSubmit callback for email submission
    5. Shows loading state during submission
    6. Has proper styling consistent with AuthForm
    7. Includes proper text input types
    8. Responsive layout for mobile/tablet
    9. Proper accessibility labels
    10. Can be reused in different contexts
  </action>
  <verify>Password reset form validates email properly and handles submission states correctly</verify>
  <done>Reusable password reset form component</done>
</task>

<task type="auto">
  <name>Create password update page</name>
  <files>lib/features/authentication/presentation/pages/update_password_page.dart</files>
  <action>
    Create UpdatePasswordPage that:
    1. Handles deep linking from password reset emails
    2. Has new password input field with strength validation
    3. Has confirm password field for validation
    4. Uses AuthButton for "Update Password" action
    5. Shows error messages for password mismatches
    6. Shows loading state during password update
    7. Navigates to login after successful password update
    8. Handles expired/invalid reset tokens gracefully
    9. Uses Supabase updateUser() method
    10. Has proper error handling for various failure modes
    11. Includes accessibility features
    12. Has clear success messaging
    13. Includes "Cancel" option to return to login
  </action>
  <verify>Password update page validates inputs, updates password successfully, and handles error cases</verify>
  <done>Complete password update interface with deep link handling</done>
</task>

<task type="auto">
  <name>Update auth repository for password reset</name>
  <files>lib/features/authentication/data/repositories/auth_repository_impl.dart</files>
  <action>
    Extend AuthRepositoryImpl to:
    1. Add updatePassword() method for new password setting
    2. Handle password reset token verification
    3. Improve resetPassword() method with proper redirect URL configuration
    4. Add proper error handling for:
       - Expired reset tokens
       - Invalid reset tokens
       - Weak passwords
       - Network failures
    5. Use supabase.auth.updateUser() for password updates
    6. Ensure proper session handling after password update
    7. Add comprehensive error mapping to custom exceptions
    8. Include proper logging for debugging
  </action>
  <verify>Repository methods handle password reset flow from email to completion</verify>
  <done>Enhanced auth repository with complete password reset functionality</done>
</task>

<task type="auto">
  <name>Integrate password reset with navigation</name>
  <files>lib/app/router.dart</files>
  <action>
    Update router to:
    1. Add /reset-password route for reset request page
    2. Add /update-password route for password update page
    3. Handle deep linking for password reset URLs
    4. Parse reset tokens from URL parameters
    5. Add proper route guards and validation
    6. Include password reset links in login/signup pages
    7. Configure proper URL scheme for mobile deep linking
    8. Handle web redirect URLs properly
    9. Add error handling for malformed reset URLs
    10. Ensure navigation flow works correctly
  </action>
  <verify>Navigation properly handles password reset flow and deep linking</verify>
  <done>Complete navigation integration for password reset functionality</done>
</task>

</tasks>

<verification>
1. Password reset email sends successfully and arrives within 1 minute
2. Reset email contains working deep link to password update page
3. Password update page validates inputs and updates password successfully
4. Error handling covers all failure scenarios (invalid email, expired tokens, etc.)
5. Navigation flows correctly through entire password reset journey
6. Deep linking works on both mobile and web platforms
</verification>

<success_criteria>
Complete password reset system working from email request to new password confirmation with proper error handling and user feedback.
</success_criteria>

<output>
After completion, create `.planning/phases/01-authentication/01-05-SUMMARY.md`
</output>