Request a password reset via email

• Given the login screen, when the user taps 'Forgot password?', then they are navigated to the Password Reset Screen with an email input and a Send Reset Link button
• Given the user enters a valid email format and taps Send, when the request is submitted, then a confirmation screen shows 'A reset link has been sent to [email]' regardless of whether the email exists in the system
• Given the confirmation screen, when 60 seconds have elapsed, then a Resend button becomes active and the user can request another email
• Given the confirmation screen, when the user taps 'Back to login', then they are returned to the Login Screen with no form state retained
• Given the email input field is empty or contains an invalid format, when the user taps Send, then an inline validation error is shown before any API call is made
• Given a screen reader is active on the password reset screen, when the confirmation state is displayed, then the status change is announced to the user

Self-service password reset eliminates a class of support requests that would otherwise require coordinator or admin intervention. Given that peer mentors may go weeks between app uses and are likely to forget credentials, a frictionless reset flow directly reduces coordinator workload and ensures uninterrupted access to activity registration. The anti-enumeration design (same response for registered and unregistered emails) also protects user privacy, which is critical given that the app handles sensitive personal data about vulnerable populations.

• Login Screen ui
• Password Reset Screen ui
• Auth Service service
• Auth Repository data
• Supabase Auth infrastructure