Add forgot password link and flow

[kagure-nyakio]

Fixes #535
Still pending:

• Test that an email was sent when a request to reset the password is sent.(Not sure how to get the tokens that were created, I don't see them in the DB)
• Test password reset after the user gets the reset link.
• Test password reset emails are sent and translated.

[almirsarajcic]

@kagure-nyakio, let's see how this works in a newly created Ash app.
The Ash website now has a setup wizard:
https://ash-hq.org

These preferences gave me the following command

sh <(curl 'https://ash-hq.org/new/self_driving_lawn_mower?install=phoenix') \
    && cd self_driving_lawn_mower && mix igniter.install ash_phoenix \
    ash_postgres ash_authentication ash_authentication_phoenix \
    --auth-strategy password --yes && mix ash.setup

which I ran, then started the Phoenix server.

After registering at http://localhost:4000/register, I was able to reset the password.
The email was in the inbox and tokens were saved in the DB.

Looking at the generated resources, User and Token, there's some code that's missing in our codebase.
Add it in our app and check whether tokens get stored.

For example, Token contains this:

actions do
  create :store_token do
    description "Stores a token used for the provided purpose."
    accept [:extra_data, :purpose]
    argument :token, :string, allow_nil?: false, sensitive?: true
    change AshAuthentication.TokenResource.StoreTokenChange
  end

User:

authentication do
  tokens do
    enabled? true
    token_resource SelfDrivingLawnMower.Accounts.Token
    signing_secret SelfDrivingLawnMower.Secrets
    store_all_tokens? true
  end

  strategies do
    password :password do
      identity_field :email

      resettable do
        sender SelfDrivingLawnMower.Accounts.User.Senders.SendPasswordResetEmail
        # these configurations will be the default in a future release
        password_reset_action_name :reset_password_with_token
        request_password_reset_action_name :request_password_reset_token
      end
    end
  end
end

actions do
  action :request_password_reset_token do
    description "Send password reset instructions to a user if they exist."

    argument :email, :ci_string do
      allow_nil? false
    end

    # creates a reset token and invokes the relevant senders
    run {AshAuthentication.Strategy.Password.RequestPasswordReset, action: :get_by_email}
  end
end

Check if there are other missing parts.

[kagure-nyakio]

https://elixirforum.com/t/testing-reset-password-flow/69030

[almirsarajcic]

Can we try Jim's solutions?

[kagure-nyakio]

@almirsarajcic, both suggestions don't work. I get a token but it is an invalid one. Can we just keep the test for the sad path for now and test out the happy path later?

[almirsarajcic]

Let's meet tomorrow. Maybe we need to encrypt/decrypt the value we get there.

[almirsarajcic]

Nice!
A few minor issues, though.

[kagure-nyakio]

@almirsarajcic, made some changes.