Self-service password reset

Provide the possibility to Mender users to autonomously reset their password from a specific password recovery view in the UI. The password reset should require the validation of the email address, e.g. sending a randomly generated, expiring code by email and require it to be entered in the password reset screen.

User value (why)

• Save time and effort when losing password

Acceptance criteria

• There is a "Reset password" link in the Mender login screen
• When a user clicks the reset password link he is asked for an email address to reset the password for
• If an email address associated with an account is entered, a secure (one-time, impossible to guess, https only) reset password link is sent
• If an email address is not associated with an account is entered, the confirmation is the same (to avoid security leaks) but no reset password email is sent
• When clicking the link the user is asked for a new password twice and they must match in order to update the password
• The reset password link is valid for 30 minutes and expiry is stated in the reset password email
• This feature is available to all plans (Starter, Professional, Enterprise) and editions (hosted, on-premise)