Phase 1: Authentication & Account Basics
- 7 plans in 4 waves
- Covers AUTH-01 through AUTH-05 requirements
- Foundation for household features in Phase 2
- Ready for execution
Implement password reset functionality with email flow and new password entry.
Purpose: Enable users to recover forgotten passwords securely through email-based reset flow.
Output: Complete password reset system from email request to new password confirmation.
@.planning/PROJECT.md
@.planning/ROADMAP.md
@.planning/STATE.md
@.planning/phases/01-authentication/01-RESEARCH.md
Create password reset request page
lib/features/authentication/presentation/pages/reset_password_page.dart
Create ResetPasswordPage that:
1. Has email input field with validation
2. Uses AuthButton for "Send Reset Email" action
3. Shows success message after email sent
4. Shows error message for invalid email
5. Has loading state during email sending
6. Includes "Back to Login" navigation
7. Provides clear instructions to user
8. Handles rate limiting feedback (if email already sent)
9. Uses AuthRepository resetPassword() method
10. Has proper page structure and responsive design
11. Includes accessibility features
12. Shows helpful copy like "Check your email for reset link"
Reset password page sends email request and shows appropriate success/error states
Complete password reset request interface integrated with auth system
Create password reset components
lib/features/authentication/presentation/widgets/password_reset_form.dart
Create PasswordResetForm widget that:
1. Accepts email field configuration
2. Provides email validation
3. Shows validation errors in real-time
4. Has onSubmit callback for email submission
5. Shows loading state during submission
6. Has proper styling consistent with AuthForm
7. Includes proper text input types
8. Responsive layout for mobile/tablet
9. Proper accessibility labels
10. Can be reused in different contexts
Password reset form validates email properly and handles submission states correctly
Reusable password reset form component
Create password update page
lib/features/authentication/presentation/pages/update_password_page.dart
Create UpdatePasswordPage that:
1. Handles deep linking from password reset emails
2. Has new password input field with strength validation
3. Has confirm password field for validation
4. Uses AuthButton for "Update Password" action
5. Shows error messages for password mismatches
6. Shows loading state during password update
7. Navigates to login after successful password update
8. Handles expired/invalid reset tokens gracefully
9. Uses Supabase updateUser() method
10. Has proper error handling for various failure modes
11. Includes accessibility features
12. Has clear success messaging
13. Includes "Cancel" option to return to login
Password update page validates inputs, updates password successfully, and handles error cases
Complete password update interface with deep link handling
Update auth repository for password reset
lib/features/authentication/data/repositories/auth_repository_impl.dart
Extend AuthRepositoryImpl to:
1. Add updatePassword() method for new password setting
2. Handle password reset token verification
3. Improve resetPassword() method with proper redirect URL configuration
4. Add proper error handling for:
- Expired reset tokens
- Invalid reset tokens
- Weak passwords
- Network failures
5. Use supabase.auth.updateUser() for password updates
6. Ensure proper session handling after password update
7. Add comprehensive error mapping to custom exceptions
8. Include proper logging for debugging
Repository methods handle password reset flow from email to completion
Enhanced auth repository with complete password reset functionality
Integrate password reset with navigation
lib/app/router.dart
Update router to:
1. Add /reset-password route for reset request page
2. Add /update-password route for password update page
3. Handle deep linking for password reset URLs
4. Parse reset tokens from URL parameters
5. Add proper route guards and validation
6. Include password reset links in login/signup pages
7. Configure proper URL scheme for mobile deep linking
8. Handle web redirect URLs properly
9. Add error handling for malformed reset URLs
10. Ensure navigation flow works correctly
Navigation properly handles password reset flow and deep linking
Complete navigation integration for password reset functionality
1. Password reset email sends successfully and arrives within 1 minute
2. Reset email contains working deep link to password update page
3. Password update page validates inputs and updates password successfully
4. Error handling covers all failure scenarios (invalid email, expired tokens, etc.)
5. Navigation flows correctly through entire password reset journey
6. Deep linking works on both mobile and web platforms
<success_criteria>
Complete password reset system working from email request to new password confirmation with proper error handling and user feedback.
</success_criteria>
After completion, create `.planning/phases/01-authentication/01-05-SUMMARY.md`
f9150e04d5