Depends on #36 * /forgot * user should be able to key in their registered email * the server will generate a random hash and send this link to that email (e.g. https://xbo.com/reset?token=12sfsdf765678sdf76sd8f) * /reset * the query param token should map to exactly one reset request, which maps to one user * with a valid token, the user will be able to set a new password here * we will need to be able to send email from our server (e.g. SendGrid, Mailgun, and Amazon SES)
Depends on #36