feat(reset_password): add invitation and reset password activation basic flow

docs/draft.md

@@ -7,3 +7,47 @@ https://stackoverflow.com/questions/79118231/how-to-access-the-axum-request-path
 ## Oauth2 test
 
 -> authorize
+
+# User flow
+
+## Invitation flow
+
+- Create invite
+    - generate A random
+    - user.reset_password_token = A
+    - user.status = "Invited"
+    - Send email with link to https://instance/reset-password?token=A&reason=invitation
+- GET /reset-password?token=A&reason=invitation
+    - verification of token
+    - show form
+- POST /reset-password
+    - BODY: with params token
+    - check token validity
+    - set new password hash
+    - if user.status == "invited"
+        - enable new account (user.status = "active")
+        - send welcome email
+    - redirect to login page with a message
+        - we need to redirect to the login page, so the user remember how to login later, and can
+        verify the setup of his/her password manager.
+
+We can instead send link to https://instance/invitation?token=A
+
+## Reset password flow
+
+- Reset password request
+    - generate A random
+    - user.reset_password_token = A
+    - Send email with link to https://instance/reset-password?token=A&reason=lost_password
+- GET /reset-password?token=A&reason=lost_password
+    - verification of token
+    - show form
+- POST /reset-password
+    - BODY: with params token
+    - check token validity
+    - set new password hash
+    - redirect to login page with a message
+        - we need to redirect to the login page, so the user remember how to login later, and can
+        verify the setup of his/her password manager.
+
+We can instead send link to https://instance/reset-password?token=A