Send Password Reset Link via SMS Instead of Email #258
Description
Context:
Currently, when a user requests a password reset (e.g., via "Forgot password"), the reset link is sent to their email address. While this is functional, it's not always secure or user-friendly—especially in contexts where users may not have immediate access to their email.
Proposal:
Enhance the password reset process by optionally sending the reset link via SMS instead of email.
What I’ve done:
Introduced a new ISMSSender interface to support SMS sending.
Implemented our internal SMS provider based on that interface.
Modified the password reset workflow so that when a user presses "Forgot password", the reset link is sent to their registered mobile number instead of email (if available).
Why it's better:
Improves security by avoiding reliance on potentially insecure or shared email accounts.
Makes reset faster and more convenient for users with mobile-first access.
Next Step:
I'm happy to open a PR with this enhancement if the proposal aligns with the project's goals.
Let me know your thoughts!