Hi OpenMRS community,
I have picked interest to work on O3-2264 (Login page lacks a “forgot password” feature) which was assigned to @tumumanyenelson and it is a child ticket under O3-5636 (Login Improvements) that I was assigned to. This is targeting the RefApp 3.8.0 release. The ticket is labeled under login and pih. The original ticket description notes that in O2 — particularly in the PIH deployment — there is an existing “Forgot Password” feature on the login screen. It allows users to reset their password by entering their username or email address and then following a reset link sent to that email. The goal is to bring this same capability into the O3 login experience.
From reviewing the parent ticket and the broader Login Improvements epic, here is my current understanding of the scope:
A “Forgot password?” link needs to be added to the O3 login page Clicking it should take the user to a form where they can enter their username or email The system should trigger a password reset email The user follows the link in the email to set a new password
The O3 login page lives in the openmrs/esm-login-app package inside the openmrs-esm-core repository, which is where this work would primarily happen on the frontend side.
Questions I Have
-
UI/UX Mockups The original ticket mentions a question to @grace about whether mockups exist or whether this has been discussed in design sessions. Has there been any design work done for this flow? Are there Figma files or wireframes available that I should be working from? If not, is there a design process I should follow to get mockups created before implementation?
-
Backend API Support Since O2 already supports password reset, I want to confirm whether the OpenMRS REST API already has an endpoint for triggering a password reset email. Specifically:
Is there an existing endpoint (e.g., under /ws/rest/v1/password or /ws/rest/v1/account) that handles this? Does it accept a username, an email, or both? Is there any server-side configuration required (e.g., SMTP/email setup) for the reset email to be sent?
-
O2 Implementation Reference Can anyone point me to where the forgot password feature is implemented in O2 — either in the codebase or in the PIH fork — so I can understand the existing flow and use it as a reference for the O3 implementation?
-
Scope Clarification The ticket priority is currently TBD. Given that this is targeting RefApp 3.8.0, I want to confirm:
Is the full end-to-end flow (link → form → email → reset page) in scope for this release, or is a phased approach preferred? Should this work across all O3 deployments, or is it initially scoped to PIH?
Are there any coordination or dependency concerns I should be aware of, particularly with O3-5027 (the login page redesign) and O3-5544 (i18n), since my work will touch the same login page UI?
Once I get clarity on the above, my plan is to proceed with the implementation.
Any guidance, links to prior discussions, or pointers to relevant code would be greatly appreciated. Thank you in advance!
[O3-2264] Login page lacks a “forgot password” feature - OpenMRS Issues
