Implement forgot password and reset password workflow with email integration

RestroHub/.gitignore

@@ -0,0 +1 @@
+logs/ 

RestroHub/build.gradle

@@ -81,6 +81,8 @@ dependencies {
     // Logging (JSON format for production)
     implementation 'ch.qos.logback.contrib:logback-json-classic:0.1.5'
     implementation 'ch.qos.logback.contrib:logback-jackson:0.1.5'
+
+    implementation 'org.springframework.boot:spring-boot-starter-mail'
 }
 
 tasks.named('test') {

RestroHub/src/main/java/com/restroly/qrmenu/auth/controller/AuthController.java

@@ -115,6 +115,8 @@ public ResponseEntity<ApiResponse<AuthResponse>> login(
         return ResponseEntity.ok(ApiResponse.success(authResponse, "Login successful"));
     }
 
+
+
     @PostMapping("/refresh")
     @Operation(
             summary = "Refresh access token",
@@ -147,7 +149,36 @@ public ResponseEntity<ApiResponse<AuthResponse>> refreshToken(
 
         return ResponseEntity.ok(ApiResponse.success(authResponse, "Token refreshed successfully"));
     }
-
+    @PostMapping("/forgot-password")
+public ResponseEntity<String> forgotPassword(@RequestParam String email) {
+        if(email == null || email.trim().isEmpty()) {
+    return ResponseEntity.badRequest().body("Email cannot be empty");
+}
+
+if(!email.matches("^[A-Za-z0-9+_.-]+@(.+)$")) {
+    return ResponseEntity.badRequest().body("Invalid email format");
+}
+    authService.forgotPassword(email);
+
+    return ResponseEntity.ok("Reset token generated successfully");
+}
+
+@PostMapping("/reset-password")
+public ResponseEntity<String> resetPassword(
+        @RequestParam String token,
+        @RequestParam String newPassword) {
+                if(newPassword == null || newPassword.trim().isEmpty()) {
+    return ResponseEntity.badRequest().body("Password cannot be empty");
+}
+
+if(newPassword.length() < 6) {
+    return ResponseEntity.badRequest().body("Password must be at least 6 characters");
+}
+    authService.resetPassword(token, newPassword);
+
+    return ResponseEntity.ok("Password reset successful");
+}
+
     @PostMapping("/logout")
     @Operation(
             summary = "Logout user",

RestroHub/src/main/java/com/restroly/qrmenu/auth/service/AuthService.java

@@ -11,4 +11,8 @@ public interface AuthService {
     AuthResponse refreshToken(RefreshTokenRequest refreshTokenRequest);
 
     void logout(String token);
+
+    void forgotPassword(String email);
+
+    void resetPassword(String token, String newPassword);
 }

RestroHub/src/main/java/com/restroly/qrmenu/auth/service/AuthServiceImpl.java

@@ -21,14 +21,25 @@
 import java.util.List;
 import java.util.stream.Collectors;
 
+import com.restroly.qrmenu.user.entity.User;
+import com.restroly.qrmenu.user.repository.UserRepository;
+
+import java.time.LocalDateTime;
+import java.util.UUID;
+import org.springframework.security.crypto.password.PasswordEncoder;
+
 @Service
 @RequiredArgsConstructor
 @Slf4j
 public class AuthServiceImpl implements AuthService {
 
+
     private final AuthenticationManager authenticationManager;
     private final JwtTokenProvider jwtTokenProvider;
     private final UserDetailsService userDetailsService;
+    private final UserRepository userRepository;
+    private final PasswordEncoder passwordEncoder;
+    private final EmailService emailService;
 
     @Override
     public AuthResponse login(LoginRequest loginRequest) {
@@ -116,4 +127,39 @@ public void logout(String token) {
         SecurityContextHolder.clearContext();
         log.info("User logged out successfully");
     }
+
+    @Override
+    public void forgotPassword(String email) {
+
+        User user = userRepository.findByEmail(email)
+            .orElseThrow(() -> new RuntimeException("User not found"));
+
+        String token = UUID.randomUUID().toString();
+
+        user.setResetToken(token);
+        user.setResetTokenExpiry(LocalDateTime.now().plusMinutes(30));
+
+        userRepository.save(user);
+
+        emailService.sendResetEmail(user.getEmail(), token);
+    }
+    @Override
+public void resetPassword(String token, String newPassword) {
+
+    User user = userRepository.findByResetToken(token)
+            .orElseThrow(() -> new RuntimeException("Invalid reset token"));
+
+    if (user.getResetTokenExpiry().isBefore(LocalDateTime.now())) {
+        throw new RuntimeException("Reset token expired");
+    }
+
+    user.setPassword(passwordEncoder.encode(newPassword));
+
+    user.setResetToken(null);
+    user.setResetTokenExpiry(null);
+
+    userRepository.save(user);
+
+    System.out.println("Password reset successful");
+}
 }

RestroHub/src/main/java/com/restroly/qrmenu/auth/service/EmailService.java

@@ -0,0 +1,31 @@
+package com.restroly.qrmenu.auth.service;
+
+import lombok.RequiredArgsConstructor;
+import org.springframework.mail.SimpleMailMessage;
+import org.springframework.mail.javamail.JavaMailSender;
+import org.springframework.stereotype.Service;
+
+@Service
+@RequiredArgsConstructor
+public class EmailService {
+
+    private final JavaMailSender mailSender;
+
+    public void sendResetEmail(String toEmail, String token) {
+
+        SimpleMailMessage message = new SimpleMailMessage();
+        message.setFrom(System.getenv("MAIL_USERNAME"));
+        message.setTo(toEmail);
+        message.setSubject("Password Reset Request");
+
+        message.setText(
+        "Click the link below to reset your password:\n\n"
+        + "https://example.com/reset-password?token="
+        + token
+    );
+
+        mailSender.send(message);
+
+        System.out.println("Reset email sent successfully");
+    }
+}

RestroHub/src/main/java/com/restroly/qrmenu/config/SecurityConfig.java

@@ -41,6 +41,8 @@ public class SecurityConfig {
 			"/api/v1/users/register",
 			// Public api endpoints
 			"/public/api/v1/**"
+
+
 	};
 
 	private static final String[] PUBLIC_GET_URLS = {

RestroHub/src/main/java/com/restroly/qrmenu/user/entity/User.java

@@ -29,6 +29,12 @@ public class User {
     @Column(name = "user_password", nullable = false)
     private String password;
 
+    @Column(name = "reset_token")
+    private String resetToken;
+
+    @Column(name = "reset_token_expiry")
+    private LocalDateTime resetTokenExpiry;
+
     @Column(name = "phone_number")
     private String phoneNumber;
 

RestroHub/src/main/java/com/restroly/qrmenu/user/repository/UserRepository.java

@@ -16,6 +16,8 @@ public interface UserRepository extends JpaRepository<User, Long> {
 
     Optional<User> findByEmail(String email);
 
+    Optional<User> findByResetToken(String resetToken);
+
     boolean existsByEmail(String email);
 
     boolean existsByEmailAndUserIdNot(String email, Long userId);

RestroHub/src/main/resources/application-dev.properties

@@ -3,7 +3,7 @@
 # ===============================
 spring.datasource.url=jdbc:postgresql://127.0.0.1:5432/RestroHub_DB
 spring.datasource.username=${DB_USERNAME:postgres}
-spring.datasource.password=${DB_PASSWORD:postgres}
+spring.datasource.password=${DB_PASSWORD:${DB_PASSWORD}}
 spring.datasource.driver-class-name=org.postgresql.Driver
 # ===============================
 # HikariCP
@@ -52,4 +52,4 @@ spring.servlet.multipart.max-request-size=10MB
 security.jwt.secret=${JWT_SECRET:your-256-bit-secret-key-here-change-in-production}
 security.jwt.expiration=${JWT_EXPIRATION:86400000}
 security.jwt.refresh-expiration=${JWT_REFRESH_EXPIRATION:604800000}
-security.cors.allowed-origins=http://localhost:5173,http://localhost:3000,http://localhost:3002
+security.cors.allowed-origins=http://localhost:5173,http://localhost:3000,http://localhost:3002