When a user is created, he/she is allocated a temporary password (by default valid 15 minutes). The aim is to send an email with that temporary password, that the user must change as soon as possible. (The mail sending is not coded yet.)
This simple spec brought quite a few changes:
- The users now have an associated email
- The password validity can now be limited
- For tests, the "current time" is mocked to make the tests reproducible
Now that the very basic infrastructure is in place server-side, I need to start implementing the client, so that the next features can be implemented "vertically", i.e. with actual visibility.