Users can now reset their password from the login page when SMTP is configured on the instance. A "Forgot password?" link sends a time-limited reset email (1 hour expiry). The flow prevents email enumeration by always showing a success message.
New features
- "Forgot password?" link on the login page
- Secure token-based reset flow with 1-hour expiry
- Email enumeration protection