feature: Initial Password reset flow implementation

Author: irfan-ikhwa

server/api-service/lowcoder-domain/src/main/java/org/lowcoder/domain/user/service/EmailCommunicationService.java

@@ -30,7 +30,7 @@ public boolean sendMail(String to, String token, String message) {
             mimeMessageHelper.setSubject(subject);
 
             // Construct the message with the token link
-            String resetLink = "http://localhost:8080/lost-password?token=" + token;
+            String resetLink = "http://localhost:8080/api/users/lost-password/" + token;
             String messageWithLink = message + "\n\nReset your password here: " + resetLink;
             mimeMessageHelper.setText(messageWithLink, true); // Set HTML to true to allow links
 

server/api-service/lowcoder-domain/src/main/java/org/lowcoder/domain/user/service/UserService.java

@@ -52,6 +52,8 @@ public interface UserService {
 
     Mono<Void> lostPassword(String userEmail);
 
+    Mono<Void> resetLostPassword(String userEmail, String token, String newPassword);
+
     Mono<Boolean> setPassword(String userId, String password);
 
     Mono<UserDetail> buildUserDetail(User user, boolean withoutDynamicGroups);

server/api-service/lowcoder-domain/src/main/java/org/lowcoder/domain/user/service/UserServiceImpl.java

@@ -280,7 +280,30 @@ public Mono<Void> lostPassword(String userEmail) {
                     }
                     user.setPasswordResetToken(HashUtils.hash(token.getBytes()));
                     user.setPasswordResetTokenExpiry(tokenExpiry);
-                    return Mono.empty();
+                    return repository.save(user).then(Mono.empty());
+                });
+    }
+
+    @Override
+    public Mono<Void> resetLostPassword(String userEmail, String token, String newPassword) {
+        return findByName(userEmail)
+                .flatMap(user -> {
+                    if (Instant.now().until(user.getPasswordResetTokenExpiry(), ChronoUnit.MINUTES) <= 0) {
+                        return ofError(BizError.LOGIN_EXPIRED, "TOKEN_EXPIRED");
+                    }
+
+                    if (!StringUtils.equals(HashUtils.hash(token.getBytes()), user.getPasswordResetToken())) {
+                        return ofError(BizError.INVALID_PASSWORD, "INVALID_TOKEN");
+                    }
+
+                    if (StringUtils.isBlank(newPassword)) {
+                        return ofError(BizError.INVALID_PASSWORD, "PASSWORD_NOT_SET_YET");
+                    }
+
+                    user.setPassword(encryptionService.encryptPassword(newPassword));
+                    user.setPasswordResetToken(StringUtils.EMPTY);
+                    user.setPasswordResetTokenExpiry(Instant.now());
+                    return repository.save(user).then(Mono.empty());
                 });
     }
 

server/api-service/lowcoder-server/src/main/java/org/lowcoder/api/usermanagement/UserApiService.java

@@ -69,6 +69,10 @@ public Mono<Void> lostPassword(String userEmail) {
         return userService.lostPassword(userEmail);
     }
 
+    public Mono<Void> resetLostPassword(String userEmail, String token, String newPassword) {
+        return userService.resetLostPassword(userEmail, token, newPassword);
+    }
+
     // ========================== TOKEN OPERATIONS START ==========================
 
     public Mono<Void> saveToken(String userId, String source, String token) {

server/api-service/lowcoder-server/src/main/java/org/lowcoder/api/usermanagement/UserController.java

@@ -155,6 +155,17 @@ public Mono<ResponseView<Void>> lostPassword(@RequestBody LostPasswordRequest re
                 .map(ResponseView::success);
     }
 
+    @Override
+    public Mono<ResponseView<Void>> resetLostPassword(@PathVariable String token, @RequestBody ResetLostPasswordRequest request) {
+        if (StringUtils.isBlank(request.userEmail()) || StringUtils.isBlank(token)
+                || StringUtils.isBlank(request.newPassword())) {
+            return ofError(BizError.INVALID_PARAMETER, "INVALID_PARAMETER");
+        }
+
+        return userApiService.resetLostPassword(request.userEmail(), token, request.newPassword())
+                .map(ResponseView::success);
+    }
+
     @Override
     public Mono<ResponseView<Boolean>> setPassword(@RequestParam String password) {
         if (StringUtils.isBlank(password)) {

server/api-service/lowcoder-server/src/main/java/org/lowcoder/api/usermanagement/UserEndpoints.java

@@ -122,7 +122,10 @@ public interface UserEndpoints
     public Mono<ResponseView<String>> resetPassword(@RequestBody ResetPasswordRequest request);
 
 	@PostMapping("/lost-password")
-	public Mono<ResponseView<Void>> lostPassword(@RequestBody LostPasswordRequest userEmail);
+	public Mono<ResponseView<Void>> lostPassword(@RequestBody LostPasswordRequest request);
+
+	@PostMapping("/lost-password/{token}")
+	public Mono<ResponseView<Void>> resetLostPassword(@PathVariable String token, @RequestBody ResetLostPasswordRequest request);
 
 	@Operation(
 			tags = TAG_USER_PASSWORD_MANAGEMENT,
@@ -157,6 +160,9 @@ public record ResetPasswordRequest(String userId) {
 	public record LostPasswordRequest(String userEmail) {
 	}
 
+	public record ResetLostPasswordRequest(String userEmail, String newPassword) {
+	}
+
     public record UpdatePasswordRequest(String oldPassword, String newPassword) {
     }