From 5b6bfaf5ad97e19eabec0067763947e9ffd9136d Mon Sep 17 00:00:00 2001
From: Frank <frank.van.den.berg@eleaf.com>
Date: Sat, 3 Jan 2026 22:12:51 +0100
Subject: [PATCH 1/3] Quite some work done here.

---
 .env                                          |   2 +-
 .idea/escapepage.iml                          |   1 +
 .idea/php.xml                                 |  13 +-
 assets/game1.js                               |   3 +-
 composer.json                                 |  13 +-
 composer.lock                                 |  49 ++++++-
 config/bundles.php                            |   1 +
 config/packages/security.yaml                 |  24 ++--
 config/routes.yaml                            |   6 +
 migrations/Version20260103210448.php          |  33 +++++
 src/Game/Controller/GameApiController.php     |  24 ++--
 src/Game/Controller/GameController.php        |   4 +-
 src/Game/Service/GameResponseService.php      |  20 +++
 src/Tech/.gitkeep                             |   0
 src/Tech/Controller/ActivationController.php  |  43 ++++++
 .../Controller/RegistrationController.php     |  55 ++++++++
 src/Tech/Controller/SecurityController.php    |  32 +++++
 src/Tech/Entity/User.php                      | 124 ++++++++++++++++++
 src/Tech/Form/RegistrationFormType.php        |  48 +++++++
 src/Tech/Repository/UserRepository.php        |  35 +++++
 src/Tech/Service/EmailVerifier.php            |  53 ++++++++
 src/Tech/Service/UserChecker.php              |  26 ++++
 symfony.lock                                  |   3 +
 templates/base.html.twig                      |  15 ++-
 templates/game/index.html.twig                |   1 +
 .../registration/confirmation_email.html.twig |  11 ++
 .../tech/registration/register.html.twig      |  16 +++
 templates/tech/security/login.html.twig       |  42 ++++++
 templates/website/home/index.html.twig        |   2 +-
 29 files changed, 658 insertions(+), 41 deletions(-)
 create mode 100644 migrations/Version20260103210448.php
 create mode 100644 src/Game/Service/GameResponseService.php
 create mode 100644 src/Tech/.gitkeep
 create mode 100644 src/Tech/Controller/ActivationController.php
 create mode 100644 src/Tech/Controller/RegistrationController.php
 create mode 100644 src/Tech/Controller/SecurityController.php
 create mode 100644 src/Tech/Entity/User.php
 create mode 100644 src/Tech/Form/RegistrationFormType.php
 create mode 100644 src/Tech/Repository/UserRepository.php
 create mode 100644 src/Tech/Service/EmailVerifier.php
 create mode 100644 src/Tech/Service/UserChecker.php
 create mode 100644 templates/tech/registration/confirmation_email.html.twig
 create mode 100644 templates/tech/registration/register.html.twig
 create mode 100644 templates/tech/security/login.html.twig

diff --git a/.env b/.env
index 3a6f8fb..e39ec66 100644
--- a/.env
+++ b/.env
@@ -25,7 +25,7 @@ APP_SECRET=
 #
 # DATABASE_URL="sqlite:///%kernel.project_dir%/var/data_%kernel.environment%.db"
 # DATABASE_URL="mysql://app:!ChangeMe!@127.0.0.1:3306/app?serverVersion=8.0.32&charset=utf8mb4"
-DATABASE_URL="mysql://app:!ChangeMe!@database:3306/app?serverVersion=8.0.32&charset=utf8mb4"
+DATABASE_URL="mysql://escapepage:b.0nqrxJ%%2FD%%2ALuf9N@localhost:3306/escapepage?serverVersion=8.0.32&charset=utf8mb4"
 ###< doctrine/doctrine-bundle ###
 
 ###> symfony/messenger ###
diff --git a/.idea/escapepage.iml b/.idea/escapepage.iml
index beb36aa..c67296b 100644
--- a/.idea/escapepage.iml
+++ b/.idea/escapepage.iml
@@ -138,6 +138,7 @@
       <excludeFolder url="file://$MODULE_DIR$/vendor/symfony/mercure-bundle" />
       <excludeFolder url="file://$MODULE_DIR$/vendor/symfony/sendgrid-mailer" />
       <excludeFolder url="file://$MODULE_DIR$/vendor/symfony/webpack-encore-bundle" />
+      <excludeFolder url="file://$MODULE_DIR$/vendor/symfonycasts/verify-email-bundle" />
     </content>
     <orderEntry type="inheritedJdk" />
     <orderEntry type="sourceFolder" forTests="false" />
diff --git a/.idea/php.xml b/.idea/php.xml
index 6852c14..89d06de 100644
--- a/.idea/php.xml
+++ b/.idea/php.xml
@@ -12,7 +12,7 @@
   </component>
   <component name="PhpCodeSniffer">
     <phpcs_settings>
-      <phpcs_by_interpreter asDefaultInterpreter="true" interpreter_id="5505d524-8d4c-4fe7-a2cb-82e334156ed6" timeout="30000" />
+      <phpcs_by_interpreter asDefaultInterpreter="true" interpreter_id="94dffba0-1483-4719-8129-fde9aa527533" timeout="30000" />
     </phpcs_settings>
   </component>
   <component name="PhpIncludePathManager">
@@ -151,14 +151,13 @@
       <path value="$PROJECT_DIR$/vendor/symfony/mercure" />
       <path value="$PROJECT_DIR$/vendor/symfony/mercure-bundle" />
       <path value="$PROJECT_DIR$/vendor/lcobucci/jwt" />
+      <path value="$PROJECT_DIR$/vendor/symfonycasts/verify-email-bundle" />
     </include_path>
   </component>
-  <component name="PhpProjectSharedConfiguration" php_language_level="8.5.1">
-    <option name="suggestChangeDefaultLanguageLevel" value="false" />
-  </component>
+  <component name="PhpProjectSharedConfiguration" php_language_level="8.2" />
   <component name="PhpStan">
     <PhpStan_settings>
-      <phpstan_by_interpreter asDefaultInterpreter="true" interpreter_id="5505d524-8d4c-4fe7-a2cb-82e334156ed6" timeout="60000" />
+      <phpstan_by_interpreter asDefaultInterpreter="true" interpreter_id="94dffba0-1483-4719-8129-fde9aa527533" timeout="60000" />
     </PhpStan_settings>
   </component>
   <component name="PhpStanOptionsConfiguration">
@@ -171,10 +170,10 @@
   </component>
   <component name="Psalm">
     <Psalm_settings>
-      <psalm_fixer_by_interpreter asDefaultInterpreter="true" interpreter_id="5505d524-8d4c-4fe7-a2cb-82e334156ed6" timeout="60000" />
+      <psalm_fixer_by_interpreter asDefaultInterpreter="true" interpreter_id="94dffba0-1483-4719-8129-fde9aa527533" timeout="60000" />
     </Psalm_settings>
   </component>
   <component name="PsalmOptionsConfiguration">
     <option name="transferred" value="true" />
   </component>
-</project>
+</project>
\ No newline at end of file
diff --git a/assets/game1.js b/assets/game1.js
index e6d5ffe..0e9a995 100644
--- a/assets/game1.js
+++ b/assets/game1.js
@@ -69,6 +69,7 @@ document.addEventListener('DOMContentLoaded', async () => {
   const topic = cfgEl.dataset.topic;
   const apiPingUrl = cfgEl.dataset.apiPingUrl;
   const apiEchoUrl = cfgEl.dataset.apiEchoUrl;
+  const userId = cfgEl.dataset.userId;
 
   if (mercurePublicUrl && topic) {
     subscribeToMercure(mercurePublicUrl, topic);
@@ -88,7 +89,7 @@ document.addEventListener('DOMContentLoaded', async () => {
     if (apiEchoUrl) {
       const echo = await fetchJson(apiEchoUrl, {
         method: 'POST',
-        body: { hello: 'from game1.js', ts: new Date().toISOString() },
+        body: { message: 'from game1.js', ts: new Date().toISOString(), user: userId },
       });
       console.log('[API][game1] echo →', echo);
     } else {
diff --git a/composer.json b/composer.json
index 15f4edf..79b894f 100644
--- a/composer.json
+++ b/composer.json
@@ -4,7 +4,7 @@
     "minimum-stability": "stable",
     "prefer-stable": true,
     "require": {
-        "php": ">=8.5.1",
+        "php": ">=8.2",
         "ext-ctype": "*",
         "ext-iconv": "*",
         "doctrine/dbal": "^3",
@@ -25,8 +25,8 @@
         "symfony/http-client": "7.3.*",
         "symfony/intl": "7.3.*",
         "symfony/mailer": "7.3.*",
+        "symfony/mercure-bundle": "^0.3",
         "symfony/mime": "7.3.*",
-        "symfony/sendgrid-mailer": "7.3.*",
         "symfony/monolog-bundle": "^3.0",
         "symfony/notifier": "7.3.*",
         "symfony/process": "7.3.*",
@@ -34,6 +34,7 @@
         "symfony/property-info": "7.3.*",
         "symfony/runtime": "7.3.*",
         "symfony/security-bundle": "7.3.*",
+        "symfony/sendgrid-mailer": "7.3.*",
         "symfony/serializer": "7.3.*",
         "symfony/stimulus-bundle": "^2.30",
         "symfony/string": "7.3.*",
@@ -42,11 +43,11 @@
         "symfony/ux-turbo": "^2.30",
         "symfony/validator": "7.3.*",
         "symfony/web-link": "7.3.*",
-        "symfony/yaml": "7.3.*",
-        "twig/extra-bundle": "^2.12|^3.0",
-        "twig/twig": "^2.12|^3.0",
         "symfony/webpack-encore-bundle": "^2.1",
-        "symfony/mercure-bundle": "^0.3"
+        "symfony/yaml": "7.3.*",
+        "symfonycasts/verify-email-bundle": "^1.18",
+        "twig/extra-bundle": "^2.12|^3.0",
+        "twig/twig": "^2.12|^3.0"
     },
     "config": {
         "allow-plugins": {
diff --git a/composer.lock b/composer.lock
index b918f0b..03309f0 100644
--- a/composer.lock
+++ b/composer.lock
@@ -4,7 +4,7 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
         "This file is @generated automatically"
     ],
-    "content-hash": "7b090cdc9768a74bdf1ef02cc14e5d8c",
+    "content-hash": "663544ea81c4031dcd096a2db68ba5f8",
     "packages": [
         {
             "name": "composer/semver",
@@ -7969,6 +7969,51 @@
             ],
             "time": "2025-12-04T18:07:52+00:00"
         },
+        {
+            "name": "symfonycasts/verify-email-bundle",
+            "version": "v1.18.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/SymfonyCasts/verify-email-bundle.git",
+                "reference": "ae0e6228c240a3fa20f2df5528f2fed97b806cab"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/SymfonyCasts/verify-email-bundle/zipball/ae0e6228c240a3fa20f2df5528f2fed97b806cab",
+                "reference": "ae0e6228c240a3fa20f2df5528f2fed97b806cab",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=8.1",
+                "symfony/config": "^5.4 | ^6.0 | ^7.0 | ^8.0",
+                "symfony/dependency-injection": "^5.4 | ^6.0 | ^7.0 | ^8.0",
+                "symfony/deprecation-contracts": "^2.2 | ^3.0",
+                "symfony/http-kernel": "^5.4 | ^6.0 | ^7.0 | ^8.0",
+                "symfony/routing": "^5.4 | ^6.0 | ^7.0 | ^8.0"
+            },
+            "require-dev": {
+                "doctrine/orm": "^2.7",
+                "doctrine/persistence": "^2.0",
+                "symfony/framework-bundle": "^5.4 | ^6.0 | ^7.0 | ^8.0",
+                "symfony/phpunit-bridge": "^5.4 | ^6.0 | ^7.0 | ^8.0"
+            },
+            "type": "symfony-bundle",
+            "autoload": {
+                "psr-4": {
+                    "SymfonyCasts\\Bundle\\VerifyEmail\\": "src/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "description": "Simple, stylish Email Verification for Symfony",
+            "support": {
+                "issues": "https://github.com/SymfonyCasts/verify-email-bundle/issues",
+                "source": "https://github.com/SymfonyCasts/verify-email-bundle/tree/v1.18.0"
+            },
+            "time": "2025-11-29T11:53:37+00:00"
+        },
         {
             "name": "twig/extra-bundle",
             "version": "v3.22.2",
@@ -10502,7 +10547,7 @@
     "prefer-stable": true,
     "prefer-lowest": false,
     "platform": {
-        "php": ">=8.5.1",
+        "php": ">=8.2",
         "ext-ctype": "*",
         "ext-iconv": "*"
     },
diff --git a/config/bundles.php b/config/bundles.php
index 003cd9c..be3ef62 100644
--- a/config/bundles.php
+++ b/config/bundles.php
@@ -15,4 +15,5 @@ return [
     Symfony\Bundle\MakerBundle\MakerBundle::class => ['dev' => true],
     Symfony\WebpackEncoreBundle\WebpackEncoreBundle::class => ['all' => true],
     Symfony\Bundle\MercureBundle\MercureBundle::class => ['all' => true],
+    SymfonyCasts\Bundle\VerifyEmail\SymfonyCastsVerifyEmailBundle::class => ['all' => true],
 ];
diff --git a/config/packages/security.yaml b/config/packages/security.yaml
index 367af25..b1d4cb0 100644
--- a/config/packages/security.yaml
+++ b/config/packages/security.yaml
@@ -4,20 +4,28 @@ security:
         Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto'
     # https://symfony.com/doc/current/security.html#loading-the-user-the-user-provider
     providers:
-        users_in_memory: { memory: null }
+        app_user_provider:
+            entity:
+                class: App\Tech\Entity\User
+                property: email
     firewalls:
         dev:
             pattern: ^/(_(profiler|wdt)|css|images|js)/
             security: false
         main:
             lazy: true
-            provider: users_in_memory
-
-            # activate different ways to authenticate
-            # https://symfony.com/doc/current/security.html#the-firewall
-
-            # https://symfony.com/doc/current/security/impersonating_user.html
-            # switch_user: true
+            provider: app_user_provider
+            user_checker: App\Tech\Service\UserChecker
+            form_login:
+                login_path: app_login
+                check_path: app_login
+                enable_csrf: true
+                username_parameter: email
+                password_parameter: password
+            logout:
+                path: app_logout
+                # where to redirect after logout
+                # target: app_any_route
 
     # Easy way to control access for large sections of your site
     # Note: Only the *first* access control that matches will be used
diff --git a/config/routes.yaml b/config/routes.yaml
index adbeb26..f0a300d 100644
--- a/config/routes.yaml
+++ b/config/routes.yaml
@@ -13,6 +13,12 @@ game_controllers:
     type: attribute
     prefix: /game
 
+tech_controllers:
+    resource:
+        path: ../src/Tech/Controller/
+        namespace: App\Tech\Controller
+    type: attribute
+
 # Uncomment when you add base controllers
 # base_controllers:
 #     resource:
diff --git a/migrations/Version20260103210448.php b/migrations/Version20260103210448.php
new file mode 100644
index 0000000..9640451
--- /dev/null
+++ b/migrations/Version20260103210448.php
@@ -0,0 +1,33 @@
+<?php
+
+declare(strict_types=1);
+
+namespace DoctrineMigrations;
+
+use Doctrine\DBAL\Schema\Schema;
+use Doctrine\Migrations\AbstractMigration;
+
+/**
+ * Auto-generated Migration: Please modify to your needs!
+ */
+final class Version20260103210448 extends AbstractMigration
+{
+    public function getDescription(): string
+    {
+        return '';
+    }
+
+    public function up(Schema $schema): void
+    {
+        // this up() migration is auto-generated, please modify it to your needs
+        $this->addSql('CREATE TABLE `user` (id INT AUTO_INCREMENT NOT NULL, email VARCHAR(180) NOT NULL, roles JSON NOT NULL, password VARCHAR(255) NOT NULL, is_verified TINYINT(1) NOT NULL, UNIQUE INDEX UNIQ_IDENTIFIER_EMAIL (email), PRIMARY KEY(id)) DEFAULT CHARACTER SET utf8mb4 COLLATE `utf8mb4_unicode_ci` ENGINE = InnoDB');
+        $this->addSql('CREATE TABLE messenger_messages (id BIGINT AUTO_INCREMENT NOT NULL, body LONGTEXT NOT NULL, headers LONGTEXT NOT NULL, queue_name VARCHAR(190) NOT NULL, created_at DATETIME NOT NULL COMMENT \'(DC2Type:datetime_immutable)\', available_at DATETIME NOT NULL COMMENT \'(DC2Type:datetime_immutable)\', delivered_at DATETIME DEFAULT NULL COMMENT \'(DC2Type:datetime_immutable)\', INDEX IDX_75EA56E0FB7336F0E3BD61CE16BA31DBBF396750 (queue_name, available_at, delivered_at, id), PRIMARY KEY(id)) DEFAULT CHARACTER SET utf8mb4 COLLATE `utf8mb4_unicode_ci` ENGINE = InnoDB');
+    }
+
+    public function down(Schema $schema): void
+    {
+        // this down() migration is auto-generated, please modify it to your needs
+        $this->addSql('DROP TABLE `user`');
+        $this->addSql('DROP TABLE messenger_messages');
+    }
+}
diff --git a/src/Game/Controller/GameApiController.php b/src/Game/Controller/GameApiController.php
index 04da718..57ba364 100644
--- a/src/Game/Controller/GameApiController.php
+++ b/src/Game/Controller/GameApiController.php
@@ -3,6 +3,7 @@ declare(strict_types=1);
 
 namespace App\Game\Controller;
 
+use App\Game\Service\GameResponseService;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
 use Symfony\Component\HttpFoundation\JsonResponse;
 use Symfony\Component\HttpFoundation\Request;
@@ -12,6 +13,12 @@ use Symfony\Component\Routing\Annotation\Route;
 #[Route('/game/api', name: 'game_api_')]
 final class GameApiController extends AbstractController
 {
+
+    public function __construct(
+            protected GameResponseService $gameResponseService) {
+
+    }
+
     #[Route('/ping', name: 'ping', methods: ['GET'])]
     public function ping(): JsonResponse
     {
@@ -22,27 +29,18 @@ final class GameApiController extends AbstractController
         ]);
     }
 
-    #[Route('/echo', name: 'echo', methods: ['POST'])]
-    public function echo(Request $request): JsonResponse
+    #[Route('/message', name: 'message', methods: ['POST'])]
+    public function message(Request $request): JsonResponse
     {
         $raw = (string) $request->getContent();
         $data = null;
         if ($raw !== '') {
-            try {
-                /** @var array<string,mixed>|null $decoded */
-                $decoded = json_decode($raw, true, 512, JSON_THROW_ON_ERROR);
-                $data = $decoded;
-            } catch (\Throwable $e) {
-                return $this->json([
-                    'ok' => false,
-                    'error' => 'Invalid JSON: ' . $e->getMessage(),
-                ], Response::HTTP_BAD_REQUEST);
-            }
+            $data = $this->gameResponseService->getGameResponse($raw);
         }
 
         return $this->json([
             'ok' => true,
-            'received' => $data,
+            'result' => $data,
             'ts' => date('c'),
         ]);
     }
diff --git a/src/Game/Controller/GameController.php b/src/Game/Controller/GameController.php
index dbca841..2087205 100644
--- a/src/Game/Controller/GameController.php
+++ b/src/Game/Controller/GameController.php
@@ -12,6 +12,8 @@ final class GameController extends AbstractController
     #[Route(path: '', name: 'game')]
     public function index(): Response
     {
-        return $this->render('game/index.html.twig');
+        return $this->render('game/index.html.twig', [
+            'user_id' => $this->getUser()?->getId(),
+        ]);
     }
 }
diff --git a/src/Game/Service/GameResponseService.php b/src/Game/Service/GameResponseService.php
new file mode 100644
index 0000000..d60bdf1
--- /dev/null
+++ b/src/Game/Service/GameResponseService.php
@@ -0,0 +1,20 @@
+<?php
+
+namespace App\Game\Service;
+
+class GameResponseService
+{
+    public function getGameResponse(string $raw)
+    {
+        $info = json_decode($raw, true);
+
+        $message = $info['message'] ?? '';
+        $ts = $info['ts'] ?? '';
+
+
+
+        $data = [];
+
+        return $data;
+    }
+}
diff --git a/src/Tech/.gitkeep b/src/Tech/.gitkeep
new file mode 100644
index 0000000..e69de29
diff --git a/src/Tech/Controller/ActivationController.php b/src/Tech/Controller/ActivationController.php
new file mode 100644
index 0000000..f467829
--- /dev/null
+++ b/src/Tech/Controller/ActivationController.php
@@ -0,0 +1,43 @@
+<?php
+
+namespace App\Tech\Controller;
+
+use App\Tech\Repository\UserRepository;
+use App\Tech\Service\EmailVerifier;
+use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\Routing\Annotation\Route;
+use SymfonyCasts\Bundle\VerifyEmail\Exception\VerifyEmailExceptionInterface;
+
+class ActivationController extends AbstractController
+{
+    #[Route('/verify/email', name: 'app_verify_email')]
+    public function verifyUserEmail(Request $request, UserRepository $userRepository, EmailVerifier $emailVerifier): Response
+    {
+        $id = $request->query->get('id');
+
+        if (null === $id) {
+            return $this->redirectToRoute('app_register');
+        }
+
+        $user = $userRepository->find($id);
+
+        if (null === $user) {
+            return $this->redirectToRoute('app_register');
+        }
+
+        // validate email confirmation link, sets User::isVerified=true and persists
+        try {
+            $emailVerifier->handleEmailConfirmation($request, $user);
+        } catch (VerifyEmailExceptionInterface $exception) {
+            $this->addFlash('error', $exception->getReason());
+
+            return $this->redirectToRoute('app_register');
+        }
+
+        $this->addFlash('success', 'Your email address has been verified. You can now log in.');
+
+        return $this->redirectToRoute('app_login');
+    }
+}
diff --git a/src/Tech/Controller/RegistrationController.php b/src/Tech/Controller/RegistrationController.php
new file mode 100644
index 0000000..04e84a7
--- /dev/null
+++ b/src/Tech/Controller/RegistrationController.php
@@ -0,0 +1,55 @@
+<?php
+
+namespace App\Tech\Controller;
+
+use App\Tech\Entity\User;
+use App\Tech\Form\RegistrationFormType;
+use App\Tech\Service\EmailVerifier;
+use Doctrine\ORM\EntityManagerInterface;
+use Symfony\Bridge\Twig\Mime\TemplatedEmail;
+use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
+use Symfony\Component\Routing\Annotation\Route;
+
+class RegistrationController extends AbstractController
+{
+    #[Route('/register', name: 'app_register')]
+    public function register(Request $request, UserPasswordHasherInterface $userPasswordHasher, EntityManagerInterface $entityManager, EmailVerifier $emailVerifier): Response
+    {
+        $user = new User();
+        $form = $this->createForm(RegistrationFormType::class, $user);
+        $form->handleRequest($request);
+
+        if ($form->isSubmitted() && $form->isValid()) {
+            // encode the plain password
+            $user->setPassword(
+                $userPasswordHasher->hashPassword(
+                    $user,
+                    $form->get('plainPassword')->getData()
+                )
+            );
+
+            $entityManager->persist($user);
+            $entityManager->flush();
+
+            // generate a signed url and email it to the user
+            $emailVerifier->sendEmailConfirmation('app_verify_email', $user,
+                (new TemplatedEmail())
+                    ->from('noreply@escapepage.dev')
+                    ->to($user->getEmail())
+                    ->subject('Please Confirm your Email')
+                    ->htmlTemplate('tech/registration/confirmation_email.html.twig')
+            );
+
+            $this->addFlash('success', 'A confirmation email has been sent to your email address.');
+
+            return $this->redirectToRoute('website_home');
+        }
+
+        return $this->render('tech/registration/register.html.twig', [
+            'registrationForm' => $form->createView(),
+        ]);
+    }
+}
diff --git a/src/Tech/Controller/SecurityController.php b/src/Tech/Controller/SecurityController.php
new file mode 100644
index 0000000..a7bea2a
--- /dev/null
+++ b/src/Tech/Controller/SecurityController.php
@@ -0,0 +1,32 @@
+<?php
+
+namespace App\Tech\Controller;
+
+use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\Routing\Annotation\Route;
+use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
+
+class SecurityController extends AbstractController
+{
+    #[Route(path: '/login', name: 'app_login')]
+    public function login(AuthenticationUtils $authenticationUtils): Response
+    {
+        // if ($this->getUser()) {
+        //     return $this->redirectToRoute('target_path');
+        // }
+
+        // get the login error if there is one
+        $error = $authenticationUtils->getLastAuthenticationError();
+        // last username entered by the user
+        $lastUsername = $authenticationUtils->getLastUsername();
+
+        return $this->render('tech/security/login.html.twig', ['last_username' => $lastUsername, 'error' => $error]);
+    }
+
+    #[Route(path: '/logout', name: 'app_logout')]
+    public function logout(): void
+    {
+        throw new \LogicException('This method can be blank - it will be intercepted by the logout key on your firewall.');
+    }
+}
diff --git a/src/Tech/Entity/User.php b/src/Tech/Entity/User.php
new file mode 100644
index 0000000..47150f0
--- /dev/null
+++ b/src/Tech/Entity/User.php
@@ -0,0 +1,124 @@
+<?php
+
+namespace App\Tech\Entity;
+
+use App\Tech\Repository\UserRepository;
+use Doctrine\ORM\Mapping as ORM;
+use Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface;
+use Symfony\Component\Security\Core\User\UserInterface;
+
+#[ORM\Entity(repositoryClass: UserRepository::class)]
+#[ORM\Table(name: '`user`')]
+#[ORM\UniqueConstraint(name: 'UNIQ_IDENTIFIER_EMAIL', fields: ['email'])]
+class User implements UserInterface, PasswordAuthenticatedUserInterface
+{
+    #[ORM\Id]
+    #[ORM\GeneratedValue]
+    #[ORM\Column]
+    private ?int $id = null;
+
+    #[ORM\Column(length: 180)]
+    private ?string $email = null;
+
+    /**
+     * @var list<string> The user roles
+     */
+    #[ORM\Column]
+    private array $roles = [];
+
+    /**
+     * @var string The hashed password
+     */
+    #[ORM\Column]
+    private ?string $password = null;
+
+    #[ORM\Column(type: 'boolean')]
+    private bool $isVerified = false;
+
+    public function getId(): ?int
+    {
+        return $this->id;
+    }
+
+    public function getEmail(): ?string
+    {
+        return $this->email;
+    }
+
+    public function setEmail(string $email): static
+    {
+        $this->email = $email;
+
+        return $this;
+    }
+
+    /**
+     * A visual identifier that represents this user.
+     *
+     * @see UserInterface
+     */
+    public function getUserIdentifier(): string
+    {
+        return (string) $this->email;
+    }
+
+    /**
+     * @see UserInterface
+     *
+     * @return list<string>
+     */
+    public function getRoles(): array
+    {
+        $roles = $this->roles;
+        // guarantee every user at least has ROLE_USER
+        $roles[] = 'ROLE_USER';
+
+        return array_unique($roles);
+    }
+
+    /**
+     * @param list<string> $roles
+     */
+    public function setRoles(array $roles): static
+    {
+        $this->roles = $roles;
+
+        return $this;
+    }
+
+    /**
+     * @see PasswordAuthenticatedUserInterface
+     */
+    public function getPassword(): ?string
+    {
+        return $this->password;
+    }
+
+    public function setPassword(string $password): static
+    {
+        $this->password = $password;
+
+        return $this;
+    }
+
+    /**
+     * @see UserInterface
+     */
+    public function eraseCredentials(): void
+    {
+        // If you store any temporary, sensitive data on the user, clear it here
+        // $this->plainPassword = null;
+    }
+
+    public function isVerified(): bool
+    {
+        return $this->isVerified;
+    }
+
+    public function setIsVerified(bool $isVerified): static
+    {
+        $this->isVerified = $isVerified;
+
+        return $this;
+    }
+}
diff --git a/src/Tech/Form/RegistrationFormType.php b/src/Tech/Form/RegistrationFormType.php
new file mode 100644
index 0000000..9f77432
--- /dev/null
+++ b/src/Tech/Form/RegistrationFormType.php
@@ -0,0 +1,48 @@
+<?php
+
+namespace App\Tech\Form;
+
+use App\Tech\Entity\User;
+use Symfony\Component\Form\AbstractType;
+use Symfony\Component\Form\Extension\Core\Type\EmailType;
+use Symfony\Component\Form\Extension\Core\Type\PasswordType;
+use Symfony\Component\Form\Extension\Core\Type\RepeatedType;
+use Symfony\Component\Form\FormBuilderInterface;
+use Symfony\Component\OptionsResolver\OptionsResolver;
+use Symfony\Component\Validator\Constraints\Length;
+use Symfony\Component\Validator\Constraints\NotBlank;
+
+class RegistrationFormType extends AbstractType
+{
+    public function buildForm(FormBuilderInterface $builder, array $options): void
+    {
+        $builder
+            ->add('email', EmailType::class)
+            ->add('plainPassword', RepeatedType::class, [
+                'type' => PasswordType::class,
+                'mapped' => false,
+                'attr' => ['autocomplete' => 'new-password'],
+                'first_options'  => ['label' => 'Password'],
+                'second_options' => ['label' => 'Repeat Password'],
+                'constraints' => [
+                    new NotBlank([
+                        'message' => 'Please enter a password',
+                    ]),
+                    new Length([
+                        'min' => 6,
+                        'minMessage' => 'Your password should be at least {{ limit }} characters',
+                        // max length allowed by Symfony for security reasons
+                        'max' => 4096,
+                    ]),
+                ],
+            ])
+        ;
+    }
+
+    public function configureOptions(OptionsResolver $resolver): void
+    {
+        $resolver->setDefaults([
+            'data_class' => User::class,
+        ]);
+    }
+}
diff --git a/src/Tech/Repository/UserRepository.php b/src/Tech/Repository/UserRepository.php
new file mode 100644
index 0000000..3417362
--- /dev/null
+++ b/src/Tech/Repository/UserRepository.php
@@ -0,0 +1,35 @@
+<?php
+
+namespace App\Tech\Repository;
+
+use App\Tech\Entity\User;
+use Doctrine\Bundle\DoctrineBundle\Repository\ServiceEntityRepository;
+use Doctrine\Persistence\ManagerRegistry;
+use Symfony\Component\Security\Core\Exception\UnsupportedUserException;
+use Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface;
+use Symfony\Component\Security\Core\User\PasswordUpgraderInterface;
+
+/**
+ * @extends ServiceEntityRepository<User>
+ */
+class UserRepository extends ServiceEntityRepository implements PasswordUpgraderInterface
+{
+    public function __construct(ManagerRegistry $registry)
+    {
+        parent::__construct($registry, User::class);
+    }
+
+    /**
+     * Used to upgrade (rehash) the user's password automatically over time.
+     */
+    public function upgradePassword(PasswordAuthenticatedUserInterface $user, string $newHashedPassword): void
+    {
+        if (!$user instanceof User) {
+            throw new UnsupportedUserException(sprintf('Instances of "%s" are not supported.', $user::class));
+        }
+
+        $user->setPassword($newHashedPassword);
+        $this->getEntityManager()->persist($user);
+        $this->getEntityManager()->flush();
+    }
+}
diff --git a/src/Tech/Service/EmailVerifier.php b/src/Tech/Service/EmailVerifier.php
new file mode 100644
index 0000000..a798efc
--- /dev/null
+++ b/src/Tech/Service/EmailVerifier.php
@@ -0,0 +1,53 @@
+<?php
+
+namespace App\Tech\Service;
+
+use App\Tech\Entity\User;
+use Doctrine\ORM\EntityManagerInterface;
+use Symfony\Bridge\Twig\Mime\TemplatedEmail;
+use Symfony\Component\Mailer\MailerInterface;
+use Symfony\Component\HttpFoundation\Request;
+use SymfonyCasts\Bundle\VerifyEmail\Exception\VerifyEmailExceptionInterface;
+use SymfonyCasts\Bundle\VerifyEmail\VerifyEmailHelperInterface;
+
+class EmailVerifier
+{
+    public function __construct(
+        private VerifyEmailHelperInterface $verifyEmailHelper,
+        private MailerInterface $mailer,
+        private EntityManagerInterface $entityManager
+    ) {
+    }
+
+    public function sendEmailConfirmation(string $verifyEmailRouteName, User $user, TemplatedEmail $email): void
+    {
+        $signatureComponents = $this->verifyEmailHelper->generateSignature(
+            $verifyEmailRouteName,
+            (string) $user->getId(),
+            $user->getEmail(),
+            ['id' => $user->getId()]
+        );
+
+        $context = $email->getContext();
+        $context['signedUrl'] = $signatureComponents->getSignedUrl();
+        $context['expiresAtMessageKey'] = $signatureComponents->getExpirationMessageKey();
+        $context['expiresAtMessageData'] = $signatureComponents->getExpirationMessageData();
+
+        $email->context($context);
+
+        $this->mailer->send($email);
+    }
+
+    /**
+     * @throws VerifyEmailExceptionInterface
+     */
+    public function handleEmailConfirmation(Request $request, User $user): void
+    {
+        $this->verifyEmailHelper->validateEmailConfirmation($request->getUri(), (string) $user->getId(), $user->getEmail());
+
+        $user->setIsVerified(true);
+
+        $this->entityManager->persist($user);
+        $this->entityManager->flush();
+    }
+}
diff --git a/src/Tech/Service/UserChecker.php b/src/Tech/Service/UserChecker.php
new file mode 100644
index 0000000..11a621e
--- /dev/null
+++ b/src/Tech/Service/UserChecker.php
@@ -0,0 +1,26 @@
+<?php
+
+namespace App\Tech\Service;
+
+use App\Tech\Entity\User;
+use Symfony\Component\Security\Core\Exception\CustomUserMessageAuthenticationException;
+use Symfony\Component\Security\Core\User\UserCheckerInterface;
+use Symfony\Component\Security\Core\User\UserInterface;
+
+class UserChecker implements UserCheckerInterface
+{
+    public function checkPreAuth(UserInterface $user): void
+    {
+        if (!$user instanceof User) {
+            return;
+        }
+
+        if (!$user->isVerified()) {
+            throw new CustomUserMessageAuthenticationException('Your email address is not verified.');
+        }
+    }
+
+    public function checkPostAuth(UserInterface $user): void
+    {
+    }
+}
diff --git a/symfony.lock b/symfony.lock
index cdf33ac..c8acec2 100644
--- a/symfony.lock
+++ b/symfony.lock
@@ -356,6 +356,9 @@
             "./webpack.config.js"
         ]
     },
+    "symfonycasts/verify-email-bundle": {
+        "version": "v1.18.0"
+    },
     "twig/extra-bundle": {
         "version": "v3.21.0"
     }
diff --git a/templates/base.html.twig b/templates/base.html.twig
index 242e28f..f80dc10 100644
--- a/templates/base.html.twig
+++ b/templates/base.html.twig
@@ -14,10 +14,23 @@
     <nav>
         {% set pathinfo = app.request.pathinfo %}
         <a href="/">{{ 'nav.home'|trans }}</a> |
-        <a href="/game">{{ 'nav.game'|trans }}</a>
+        <a href="/game">{{ 'nav.game'|trans }}</a> |
+        {% if app.user %}
+            <a href="{{ path('app_logout') }}">Logout</a>
+        {% else %}
+            <a href="{{ path('app_register') }}">Register</a> |
+            <a href="{{ path('app_login') }}">Login</a>
+        {% endif %}
     </nav>
 </header>
 <main>
+    {% for label, messages in app.flashes %}
+        {% for message in messages %}
+            <div class="alert alert-{{ label }}">
+                {{ message }}
+            </div>
+        {% endfor %}
+    {% endfor %}
     {% block body %}{% endblock %}
 </main>
 <footer>
diff --git a/templates/game/index.html.twig b/templates/game/index.html.twig
index 7433ccc..ccd3aad 100644
--- a/templates/game/index.html.twig
+++ b/templates/game/index.html.twig
@@ -19,6 +19,7 @@
      data-topic="{{ (mercure_topic_base ~ '/game/hub')|e('html_attr') }}"
      data-api-ping-url="{{ path('game_api_ping')|e('html_attr') }}"
      data-api-echo-url="{{ path('game_api_echo')|e('html_attr') }}"
+     data-user-id="{{ user_id|e('html_attr') }}"
      style="display:none">
 </div>
 
diff --git a/templates/tech/registration/confirmation_email.html.twig b/templates/tech/registration/confirmation_email.html.twig
new file mode 100644
index 0000000..bc307f2
--- /dev/null
+++ b/templates/tech/registration/confirmation_email.html.twig
@@ -0,0 +1,11 @@
+<h1>Hi! Please confirm your email!</h1>
+
+<p>
+    Please confirm your email address by clicking the following link: <br><br>
+    <a href="{{ signedUrl }}">Confirm my Email</a>.
+    This link will expire in {{ expiresAtMessageKey|trans(expiresAtMessageData, 'VerifyEmailBundle') }}.
+</p>
+
+<p>
+    Cheers!
+</p>
diff --git a/templates/tech/registration/register.html.twig b/templates/tech/registration/register.html.twig
new file mode 100644
index 0000000..c0dc234
--- /dev/null
+++ b/templates/tech/registration/register.html.twig
@@ -0,0 +1,16 @@
+{% extends 'base.html.twig' %}
+
+{% block title %}Register{% endblock %}
+
+{% block body %}
+    <h1>Register</h1>
+
+    {{ form_errors(registrationForm) }}
+
+    {{ form_start(registrationForm) }}
+        {{ form_row(registrationForm.email) }}
+        {{ form_row(registrationForm.plainPassword) }}
+
+        <button type="submit" class="btn">Register</button>
+    {{ form_end(registrationForm) }}
+{% endblock %}
diff --git a/templates/tech/security/login.html.twig b/templates/tech/security/login.html.twig
new file mode 100644
index 0000000..efc5c40
--- /dev/null
+++ b/templates/tech/security/login.html.twig
@@ -0,0 +1,42 @@
+{% extends 'base.html.twig' %}
+
+{% block title %}Log in!{% endblock %}
+
+{% block body %}
+<form method="post">
+    {% if error %}
+        <div class="alert alert-danger">{{ error.messageKey|trans(error.messageData, 'security') }}</div>
+    {% endif %}
+
+    {% if app.user %}
+        <div class="mb-3">
+            You are logged in as {{ app.user.userIdentifier }}, <a href="{{ path('app_logout') }}">Logout</a>
+        </div>
+    {% endif %}
+
+    <h1 class="h3 mb-3 font-weight-normal">Please sign in</h1>
+    <label for="inputEmail">Email</label>
+    <input type="email" value="{{ last_username }}" name="email" id="inputEmail" class="form-control" autocomplete="email" required autofocus>
+    <label for="inputPassword">Password</label>
+    <input type="password" name="password" id="inputPassword" class="form-control" autocomplete="current-password" required>
+
+    <input type="hidden" name="_csrf_token"
+           value="{{ csrf_token('authenticate') }}"
+    >
+
+    {#
+        Uncomment this section and add a remember_me option below your firewall to activate remember me functionality.
+        See https://symfony.com/doc/current/security/remember_me.html
+
+        <div class="checkbox mb-3">
+            <label>
+                <input type="checkbox" name="_remember_me"> Remember me
+            </label>
+        </div>
+    #}
+
+    <button class="btn btn-lg btn-primary" type="submit">
+        Sign in
+    </button>
+</form>
+{% endblock %}
diff --git a/templates/website/home/index.html.twig b/templates/website/home/index.html.twig
index 2c1deed..61cd46d 100644
--- a/templates/website/home/index.html.twig
+++ b/templates/website/home/index.html.twig
@@ -5,5 +5,5 @@
 {% block body %}
 <h1>{{ 'home.h1'|trans({'%site%': ('site.name'|trans)}) }}</h1>
 <p>{{ 'home.description'|trans }}</p>
-<p><a href="{{ path('game_hub') }}">{{ 'link.enter_game'|trans }}</a></p>
+<p><a href="{{ path('game') }}">{{ 'link.enter_game'|trans }}</a></p>
 {% endblock %}
-- 
2.49.1


From c8b0a6e966d9a1006b40d7be18b82207c6abdf21 Mon Sep 17 00:00:00 2001
From: Frank <frank.van.den.berg@eleaf.com>
Date: Sat, 3 Jan 2026 22:35:56 +0100
Subject: [PATCH 2/3] Maillog

---
 migrations/Version20260103212025.php          |  33 +++++++++
 logo.png => public/images/logo.png            | Bin
 src/Tech/Entity/EmailLog.php                  |  68 ++++++++++++++++++
 .../EventListener/EmailLoggerListener.php     |  54 ++++++++++++++
 src/Tech/Repository/EmailLogRepository.php    |  18 +++++
 5 files changed, 173 insertions(+)
 create mode 100644 migrations/Version20260103212025.php
 rename logo.png => public/images/logo.png (100%)
 create mode 100644 src/Tech/Entity/EmailLog.php
 create mode 100644 src/Tech/EventListener/EmailLoggerListener.php
 create mode 100644 src/Tech/Repository/EmailLogRepository.php

diff --git a/migrations/Version20260103212025.php b/migrations/Version20260103212025.php
new file mode 100644
index 0000000..ead1703
--- /dev/null
+++ b/migrations/Version20260103212025.php
@@ -0,0 +1,33 @@
+<?php
+
+declare(strict_types=1);
+
+namespace DoctrineMigrations;
+
+use Doctrine\DBAL\Schema\Schema;
+use Doctrine\Migrations\AbstractMigration;
+
+/**
+ * Auto-generated Migration: Please modify to your needs!
+ */
+final class Version20260103212025 extends AbstractMigration
+{
+    public function getDescription(): string
+    {
+        return '';
+    }
+
+    public function up(Schema $schema): void
+    {
+        // this up() migration is auto-generated, please modify it to your needs
+        $this->addSql('CREATE TABLE email_log (id INT AUTO_INCREMENT NOT NULL, user_id INT NOT NULL, email_identifier VARCHAR(255) NOT NULL, sent_at DATETIME NOT NULL COMMENT \'(DC2Type:datetime_immutable)\', INDEX IDX_6FB4883A76ED395 (user_id), PRIMARY KEY(id)) DEFAULT CHARACTER SET utf8mb4 COLLATE `utf8mb4_unicode_ci` ENGINE = InnoDB');
+        $this->addSql('ALTER TABLE email_log ADD CONSTRAINT FK_6FB4883A76ED395 FOREIGN KEY (user_id) REFERENCES `user` (id)');
+    }
+
+    public function down(Schema $schema): void
+    {
+        // this down() migration is auto-generated, please modify it to your needs
+        $this->addSql('ALTER TABLE email_log DROP FOREIGN KEY FK_6FB4883A76ED395');
+        $this->addSql('DROP TABLE email_log');
+    }
+}
diff --git a/logo.png b/public/images/logo.png
similarity index 100%
rename from logo.png
rename to public/images/logo.png
diff --git a/src/Tech/Entity/EmailLog.php b/src/Tech/Entity/EmailLog.php
new file mode 100644
index 0000000..5a295e4
--- /dev/null
+++ b/src/Tech/Entity/EmailLog.php
@@ -0,0 +1,68 @@
+<?php
+
+namespace App\Tech\Entity;
+
+use App\Tech\Repository\EmailLogRepository;
+use Doctrine\DBAL\Types\Types;
+use Doctrine\ORM\Mapping as ORM;
+
+#[ORM\Entity(repositoryClass: EmailLogRepository::class)]
+#[ORM\Table(name: 'email_log')]
+class EmailLog
+{
+    #[ORM\Id]
+    #[ORM\GeneratedValue]
+    #[ORM\Column]
+    private ?int $id = null;
+
+    #[ORM\ManyToOne(targetEntity: User::class)]
+    #[ORM\JoinColumn(nullable: false)]
+    private ?User $user = null;
+
+    #[ORM\Column(length: 255)]
+    private ?string $emailIdentifier = null;
+
+    #[ORM\Column(type: Types::DATETIME_IMMUTABLE)]
+    private ?\DateTimeImmutable $sentAt = null;
+
+    public function getId(): ?int
+    {
+        return $this->id;
+    }
+
+    public function getUser(): ?User
+    {
+        return $this->user;
+    }
+
+    public function setUser(?User $user): static
+    {
+        $this->user = $user;
+
+        return $this;
+    }
+
+    public function getEmailIdentifier(): ?string
+    {
+        return $this->emailIdentifier;
+    }
+
+    public function setEmailIdentifier(string $emailIdentifier): static
+    {
+        $this->emailIdentifier = $emailIdentifier;
+
+        return $this;
+    }
+
+    public function getSentAt(): ?\DateTimeImmutable
+    {
+        return $this->sentAt;
+    }
+
+    public function setSentAt(\DateTimeImmutable $sentAt): static
+    {
+        $this->sentAt = $sentAt;
+
+        return $this;
+    }
+}
diff --git a/src/Tech/EventListener/EmailLoggerListener.php b/src/Tech/EventListener/EmailLoggerListener.php
new file mode 100644
index 0000000..848a825
--- /dev/null
+++ b/src/Tech/EventListener/EmailLoggerListener.php
@@ -0,0 +1,54 @@
+<?php
+
+namespace App\Tech\EventListener;
+
+use App\Tech\Entity\EmailLog;
+use App\Tech\Entity\User;
+use App\Tech\Repository\UserRepository;
+use Doctrine\ORM\EntityManagerInterface;
+use Symfony\Bridge\Twig\Mime\TemplatedEmail;
+use Symfony\Component\EventDispatcher\Attribute\AsEventListener;
+use Symfony\Component\Mailer\Event\MessageEvent;
+use Symfony\Component\Mime\Address;
+
+#[AsEventListener(event: MessageEvent::class, method: 'onMessage')]
+class EmailLoggerListener
+{
+    public function __construct(
+        private EntityManagerInterface $entityManager,
+        private UserRepository $userRepository
+    ) {
+    }
+
+    public function onMessage(MessageEvent $event): void
+    {
+        $message = $event->getMessage();
+        if (!$message instanceof TemplatedEmail) {
+            return;
+        }
+
+        $recipients = $message->getTo();
+        foreach ($recipients as $recipient) {
+            if (!$recipient instanceof Address) {
+                continue;
+            }
+
+            $user = $this->userRepository->findOneBy(['email' => $recipient->getAddress()]);
+            if (!$user) {
+                continue;
+            }
+
+            $emailLog = new EmailLog();
+            $emailLog->setUser($user);
+            $emailLog->setSentAt(new \DateTimeImmutable());
+
+            // Try to get the template name, or use the subject as identifier
+            $identifier = $message->getHtmlTemplate() ?: $message->getTextTemplate() ?: $message->getSubject();
+            $emailLog->setEmailIdentifier($identifier);
+
+            $this->entityManager->persist($emailLog);
+        }
+
+        $this->entityManager->flush();
+    }
+}
diff --git a/src/Tech/Repository/EmailLogRepository.php b/src/Tech/Repository/EmailLogRepository.php
new file mode 100644
index 0000000..a15a2e3
--- /dev/null
+++ b/src/Tech/Repository/EmailLogRepository.php
@@ -0,0 +1,18 @@
+<?php
+
+namespace App\Tech\Repository;
+
+use App\Tech\Entity\EmailLog;
+use Doctrine\Bundle\DoctrineBundle\Repository\ServiceEntityRepository;
+use Doctrine\Persistence\ManagerRegistry;
+
+/**
+ * @extends ServiceEntityRepository<EmailLog>
+ */
+class EmailLogRepository extends ServiceEntityRepository
+{
+    public function __construct(ManagerRegistry $registry)
+    {
+        parent::__construct($registry, EmailLog::class);
+    }
+}
-- 
2.49.1


From 499e699dbd61264f20f95d9bc9736c91123a4502 Mon Sep 17 00:00:00 2001
From: Frank <frank.van.den.berg@eleaf.com>
Date: Sat, 3 Jan 2026 22:57:45 +0100
Subject: [PATCH 3/3] Forgot password

---
 .idea/escapepage.iml                          |   1 +
 .idea/php.xml                                 |   1 +
 composer.json                                 |   1 +
 composer.lock                                 |  49 ++++-
 config/bundles.php                            |   1 +
 config/packages/reset_password.yaml           |   2 +
 config/packages/security.yaml                 |   4 +-
 migrations/Version20260103214856.php          |  33 ++++
 migrations/Version20260103215543.php          |  33 ++++
 .../Controller/ResetPasswordController.php    | 176 ++++++++++++++++++
 src/Tech/Entity/ResetPasswordRequest.php      |  40 ++++
 src/Tech/Entity/User.php                      |  18 +-
 src/Tech/Form/ChangePasswordFormType.php      |  58 ++++++
 src/Tech/Form/RegistrationFormType.php        |   8 +
 .../Form/ResetPasswordRequestFormType.php     |  31 +++
 .../ResetPasswordRequestRepository.php        |  32 ++++
 symfony.lock                                  |  12 ++
 .../tech/registration/register.html.twig      |   1 +
 .../tech/reset_password/check_email.html.twig |  11 ++
 templates/tech/reset_password/email.html.twig |   9 +
 .../tech/reset_password/request.html.twig     |  22 +++
 templates/tech/reset_password/reset.html.twig |  12 ++
 templates/tech/security/login.html.twig       |   7 +-
 23 files changed, 556 insertions(+), 6 deletions(-)
 create mode 100644 config/packages/reset_password.yaml
 create mode 100644 migrations/Version20260103214856.php
 create mode 100644 migrations/Version20260103215543.php
 create mode 100644 src/Tech/Controller/ResetPasswordController.php
 create mode 100644 src/Tech/Entity/ResetPasswordRequest.php
 create mode 100644 src/Tech/Form/ChangePasswordFormType.php
 create mode 100644 src/Tech/Form/ResetPasswordRequestFormType.php
 create mode 100644 src/Tech/Repository/ResetPasswordRequestRepository.php
 create mode 100644 templates/tech/reset_password/check_email.html.twig
 create mode 100644 templates/tech/reset_password/email.html.twig
 create mode 100644 templates/tech/reset_password/request.html.twig
 create mode 100644 templates/tech/reset_password/reset.html.twig

diff --git a/.idea/escapepage.iml b/.idea/escapepage.iml
index c67296b..5dca623 100644
--- a/.idea/escapepage.iml
+++ b/.idea/escapepage.iml
@@ -138,6 +138,7 @@
       <excludeFolder url="file://$MODULE_DIR$/vendor/symfony/mercure-bundle" />
       <excludeFolder url="file://$MODULE_DIR$/vendor/symfony/sendgrid-mailer" />
       <excludeFolder url="file://$MODULE_DIR$/vendor/symfony/webpack-encore-bundle" />
+      <excludeFolder url="file://$MODULE_DIR$/vendor/symfonycasts/reset-password-bundle" />
       <excludeFolder url="file://$MODULE_DIR$/vendor/symfonycasts/verify-email-bundle" />
     </content>
     <orderEntry type="inheritedJdk" />
diff --git a/.idea/php.xml b/.idea/php.xml
index 89d06de..26b72af 100644
--- a/.idea/php.xml
+++ b/.idea/php.xml
@@ -152,6 +152,7 @@
       <path value="$PROJECT_DIR$/vendor/symfony/mercure-bundle" />
       <path value="$PROJECT_DIR$/vendor/lcobucci/jwt" />
       <path value="$PROJECT_DIR$/vendor/symfonycasts/verify-email-bundle" />
+      <path value="$PROJECT_DIR$/vendor/symfonycasts/reset-password-bundle" />
     </include_path>
   </component>
   <component name="PhpProjectSharedConfiguration" php_language_level="8.2" />
diff --git a/composer.json b/composer.json
index 79b894f..62d0f03 100644
--- a/composer.json
+++ b/composer.json
@@ -45,6 +45,7 @@
         "symfony/web-link": "7.3.*",
         "symfony/webpack-encore-bundle": "^2.1",
         "symfony/yaml": "7.3.*",
+        "symfonycasts/reset-password-bundle": "^1.24",
         "symfonycasts/verify-email-bundle": "^1.18",
         "twig/extra-bundle": "^2.12|^3.0",
         "twig/twig": "^2.12|^3.0"
diff --git a/composer.lock b/composer.lock
index 03309f0..05f4ca8 100644
--- a/composer.lock
+++ b/composer.lock
@@ -4,7 +4,7 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
         "This file is @generated automatically"
     ],
-    "content-hash": "663544ea81c4031dcd096a2db68ba5f8",
+    "content-hash": "8e2419832c0841e325a5b748bde61a48",
     "packages": [
         {
             "name": "composer/semver",
@@ -7969,6 +7969,53 @@
             ],
             "time": "2025-12-04T18:07:52+00:00"
         },
+        {
+            "name": "symfonycasts/reset-password-bundle",
+            "version": "v1.24.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/SymfonyCasts/reset-password-bundle.git",
+                "reference": "8e5f8f821260ccfe8085563a93b418d3ef9af29f"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/SymfonyCasts/reset-password-bundle/zipball/8e5f8f821260ccfe8085563a93b418d3ef9af29f",
+                "reference": "8e5f8f821260ccfe8085563a93b418d3ef9af29f",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=8.1.10",
+                "symfony/config": "^5.4 | ^6.0 | ^7.0 | ^8.0",
+                "symfony/dependency-injection": "^5.4 | ^6.0 | ^7.0 | ^8.0",
+                "symfony/deprecation-contracts": "^2.2 | ^3.0",
+                "symfony/http-kernel": "^5.4 | ^6.0 | ^7.0 | ^8.0"
+            },
+            "require-dev": {
+                "doctrine/annotations": "^1.0",
+                "doctrine/doctrine-bundle": "^2.8",
+                "doctrine/orm": "^2.13",
+                "symfony/framework-bundle": "^5.4 | ^6.0 | ^7.0 | ^8.0",
+                "symfony/phpunit-bridge": "^5.4 | ^6.0 | ^7.0 | ^8.0",
+                "symfony/process": "^6.4 | ^7.0 | ^8.0",
+                "symfonycasts/internal-test-helpers": "dev-main"
+            },
+            "type": "symfony-bundle",
+            "autoload": {
+                "psr-4": {
+                    "SymfonyCasts\\Bundle\\ResetPassword\\": "src/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "description": "Symfony bundle that adds password reset functionality.",
+            "support": {
+                "issues": "https://github.com/SymfonyCasts/reset-password-bundle/issues",
+                "source": "https://github.com/SymfonyCasts/reset-password-bundle/tree/v1.24.0"
+            },
+            "time": "2025-11-29T13:26:50+00:00"
+        },
         {
             "name": "symfonycasts/verify-email-bundle",
             "version": "v1.18.0",
diff --git a/config/bundles.php b/config/bundles.php
index be3ef62..a28579b 100644
--- a/config/bundles.php
+++ b/config/bundles.php
@@ -16,4 +16,5 @@ return [
     Symfony\WebpackEncoreBundle\WebpackEncoreBundle::class => ['all' => true],
     Symfony\Bundle\MercureBundle\MercureBundle::class => ['all' => true],
     SymfonyCasts\Bundle\VerifyEmail\SymfonyCastsVerifyEmailBundle::class => ['all' => true],
+    SymfonyCasts\Bundle\ResetPassword\SymfonyCastsResetPasswordBundle::class => ['all' => true],
 ];
diff --git a/config/packages/reset_password.yaml b/config/packages/reset_password.yaml
new file mode 100644
index 0000000..e53f102
--- /dev/null
+++ b/config/packages/reset_password.yaml
@@ -0,0 +1,2 @@
+symfonycasts_reset_password:
+    request_password_repository: App\Tech\Repository\ResetPasswordRequestRepository
diff --git a/config/packages/security.yaml b/config/packages/security.yaml
index b1d4cb0..6c029ed 100644
--- a/config/packages/security.yaml
+++ b/config/packages/security.yaml
@@ -7,7 +7,7 @@ security:
         app_user_provider:
             entity:
                 class: App\Tech\Entity\User
-                property: email
+                property: username
     firewalls:
         dev:
             pattern: ^/(_(profiler|wdt)|css|images|js)/
@@ -20,7 +20,7 @@ security:
                 login_path: app_login
                 check_path: app_login
                 enable_csrf: true
-                username_parameter: email
+                username_parameter: username
                 password_parameter: password
             logout:
                 path: app_logout
diff --git a/migrations/Version20260103214856.php b/migrations/Version20260103214856.php
new file mode 100644
index 0000000..9e6d1bd
--- /dev/null
+++ b/migrations/Version20260103214856.php
@@ -0,0 +1,33 @@
+<?php
+
+declare(strict_types=1);
+
+namespace DoctrineMigrations;
+
+use Doctrine\DBAL\Schema\Schema;
+use Doctrine\Migrations\AbstractMigration;
+
+/**
+ * Auto-generated Migration: Please modify to your needs!
+ */
+final class Version20260103214856 extends AbstractMigration
+{
+    public function getDescription(): string
+    {
+        return '';
+    }
+
+    public function up(Schema $schema): void
+    {
+        // this up() migration is auto-generated, please modify it to your needs
+        $this->addSql('ALTER TABLE user ADD username VARCHAR(180) NOT NULL');
+        $this->addSql('CREATE UNIQUE INDEX UNIQ_IDENTIFIER_USERNAME ON user (username)');
+    }
+
+    public function down(Schema $schema): void
+    {
+        // this down() migration is auto-generated, please modify it to your needs
+        $this->addSql('DROP INDEX UNIQ_IDENTIFIER_USERNAME ON `user`');
+        $this->addSql('ALTER TABLE `user` DROP username');
+    }
+}
diff --git a/migrations/Version20260103215543.php b/migrations/Version20260103215543.php
new file mode 100644
index 0000000..acd9f3c
--- /dev/null
+++ b/migrations/Version20260103215543.php
@@ -0,0 +1,33 @@
+<?php
+
+declare(strict_types=1);
+
+namespace DoctrineMigrations;
+
+use Doctrine\DBAL\Schema\Schema;
+use Doctrine\Migrations\AbstractMigration;
+
+/**
+ * Auto-generated Migration: Please modify to your needs!
+ */
+final class Version20260103215543 extends AbstractMigration
+{
+    public function getDescription(): string
+    {
+        return '';
+    }
+
+    public function up(Schema $schema): void
+    {
+        // this up() migration is auto-generated, please modify it to your needs
+        $this->addSql('CREATE TABLE reset_password_request (id INT AUTO_INCREMENT NOT NULL, user_id INT NOT NULL, selector VARCHAR(20) NOT NULL, hashed_token VARCHAR(100) NOT NULL, requested_at DATETIME NOT NULL COMMENT \'(DC2Type:datetime_immutable)\', expires_at DATETIME NOT NULL COMMENT \'(DC2Type:datetime_immutable)\', INDEX IDX_7CE748AA76ED395 (user_id), PRIMARY KEY(id)) DEFAULT CHARACTER SET utf8mb4 COLLATE `utf8mb4_unicode_ci` ENGINE = InnoDB');
+        $this->addSql('ALTER TABLE reset_password_request ADD CONSTRAINT FK_7CE748AA76ED395 FOREIGN KEY (user_id) REFERENCES `user` (id)');
+    }
+
+    public function down(Schema $schema): void
+    {
+        // this down() migration is auto-generated, please modify it to your needs
+        $this->addSql('ALTER TABLE reset_password_request DROP FOREIGN KEY FK_7CE748AA76ED395');
+        $this->addSql('DROP TABLE reset_password_request');
+    }
+}
diff --git a/src/Tech/Controller/ResetPasswordController.php b/src/Tech/Controller/ResetPasswordController.php
new file mode 100644
index 0000000..7652561
--- /dev/null
+++ b/src/Tech/Controller/ResetPasswordController.php
@@ -0,0 +1,176 @@
+<?php
+
+namespace App\Tech\Controller;
+
+use App\Tech\Form\ChangePasswordFormType;
+use App\Tech\Form\ResetPasswordRequestFormType;
+use App\Tech\Entity\User;
+use Doctrine\ORM\EntityManagerInterface;
+use Symfony\Bridge\Twig\Mime\TemplatedEmail;
+use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
+use Symfony\Component\HttpFoundation\RedirectResponse;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\Mailer\MailerInterface;
+use Symfony\Component\Mime\Address;
+use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
+use Symfony\Component\Routing\Attribute\Route;
+use Symfony\Contracts\Translation\TranslatorInterface;
+use SymfonyCasts\Bundle\ResetPassword\Controller\ResetPasswordControllerTrait;
+use SymfonyCasts\Bundle\ResetPassword\Exception\ResetPasswordExceptionInterface;
+use SymfonyCasts\Bundle\ResetPassword\ResetPasswordHelperInterface;
+
+#[Route('/reset-password')]
+class ResetPasswordController extends AbstractController
+{
+    use ResetPasswordControllerTrait;
+
+    public function __construct(
+        private ResetPasswordHelperInterface $resetPasswordHelper,
+        private EntityManagerInterface $entityManager
+    ) {
+    }
+
+    /**
+     * Display & process form to request a password reset.
+     */
+    #[Route('', name: 'app_forgot_password_request')]
+    public function request(Request $request, MailerInterface $mailer, TranslatorInterface $translator): Response
+    {
+        $form = $this->createForm(ResetPasswordRequestFormType::class);
+        $form->handleRequest($request);
+
+        if ($form->isSubmitted() && $form->isValid()) {
+            /** @var string $email */
+            $email = $form->get('email')->getData();
+
+            return $this->processSendingPasswordResetEmail($email, $mailer, $translator
+            );
+        }
+
+        return $this->render('tech/reset_password/request.html.twig', [
+            'requestForm' => $form,
+        ]);
+    }
+
+    /**
+     * Confirmation page after a user has requested a password reset.
+     */
+    #[Route('/check-email', name: 'app_check_email')]
+    public function checkEmail(): Response
+    {
+        // Generate a fake token if the user does not exist or someone hit this page directly.
+        // This prevents exposing whether or not a user was found with the given email address or not
+        if (null === ($resetToken = $this->getTokenObjectFromSession())) {
+            $resetToken = $this->resetPasswordHelper->generateFakeResetToken();
+        }
+
+        return $this->render('tech/reset_password/check_email.html.twig', [
+            'resetToken' => $resetToken,
+        ]);
+    }
+
+    /**
+     * Validates and process the reset URL that the user clicked in their email.
+     */
+    #[Route('/reset/{token}', name: 'app_reset_password')]
+    public function reset(Request $request, UserPasswordHasherInterface $passwordHasher, TranslatorInterface $translator, ?string $token = null): Response
+    {
+        if ($token) {
+            // We store the token in session and remove it from the URL, to avoid the URL being
+            // loaded in a browser and potentially leaking the token to 3rd party JavaScript.
+            $this->storeTokenInSession($token);
+
+            return $this->redirectToRoute('app_reset_password');
+        }
+
+        $token = $this->getTokenFromSession();
+
+        if (null === $token) {
+            throw $this->createNotFoundException('No reset password token found in the URL or in the session.');
+        }
+
+        try {
+            /** @var User $user */
+            $user = $this->resetPasswordHelper->validateTokenAndFetchUser($token);
+        } catch (ResetPasswordExceptionInterface $e) {
+            $this->addFlash('reset_password_error', sprintf(
+                '%s - %s',
+                $translator->trans(ResetPasswordExceptionInterface::MESSAGE_PROBLEM_VALIDATE, [], 'ResetPasswordBundle'),
+                $translator->trans($e->getReason(), [], 'ResetPasswordBundle')
+            ));
+
+            return $this->redirectToRoute('app_forgot_password_request');
+        }
+
+        // The token is valid; allow the user to change their password.
+        $form = $this->createForm(ChangePasswordFormType::class);
+        $form->handleRequest($request);
+
+        if ($form->isSubmitted() && $form->isValid()) {
+            // A password reset token should be used only once, remove it.
+            $this->resetPasswordHelper->removeResetRequest($token);
+
+            /** @var string $plainPassword */
+            $plainPassword = $form->get('plainPassword')->getData();
+
+            // Encode(hash) the plain password, and set it.
+            $user->setPassword($passwordHasher->hashPassword($user, $plainPassword));
+            $this->entityManager->flush();
+
+            // The session is cleaned up after the password has been changed.
+            $this->cleanSessionAfterReset();
+
+            return $this->redirectToRoute('website_home');
+        }
+
+        return $this->render('tech/reset_password/reset.html.twig', [
+            'resetForm' => $form,
+        ]);
+    }
+
+    private function processSendingPasswordResetEmail(string $emailFormData, MailerInterface $mailer, TranslatorInterface $translator): RedirectResponse
+    {
+        $user = $this->entityManager->getRepository(User::class)->findOneBy([
+            'email' => $emailFormData,
+        ]);
+
+        // Do not reveal whether a user account was found or not.
+        if (!$user) {
+            return $this->redirectToRoute('app_check_email');
+        }
+
+        try {
+            $resetToken = $this->resetPasswordHelper->generateResetToken($user);
+        } catch (ResetPasswordExceptionInterface $e) {
+            // If you want to tell the user why a reset email was not sent, uncomment
+            // the lines below and change the redirect to 'app_forgot_password_request'.
+            // Caution: This may reveal if a user is registered or not.
+            //
+            // $this->addFlash('reset_password_error', sprintf(
+            //     '%s - %s',
+            //     $translator->trans(ResetPasswordExceptionInterface::MESSAGE_PROBLEM_HANDLE, [], 'ResetPasswordBundle'),
+            //     $translator->trans($e->getReason(), [], 'ResetPasswordBundle')
+            // ));
+
+            return $this->redirectToRoute('app_check_email');
+        }
+
+        $email = (new TemplatedEmail())
+            ->from(new Address('noreply@escapepage.com', 'Escapepage'))
+            ->to((string) $user->getEmail())
+            ->subject('Your password reset request')
+            ->htmlTemplate('tech/reset_password/email.html.twig')
+            ->context([
+                'resetToken' => $resetToken,
+            ])
+        ;
+
+        $mailer->send($email);
+
+        // Store the token object in session for retrieval in check-email route.
+        $this->setTokenObjectInSession($resetToken);
+
+        return $this->redirectToRoute('app_check_email');
+    }
+}
diff --git a/src/Tech/Entity/ResetPasswordRequest.php b/src/Tech/Entity/ResetPasswordRequest.php
new file mode 100644
index 0000000..111ab70
--- /dev/null
+++ b/src/Tech/Entity/ResetPasswordRequest.php
@@ -0,0 +1,40 @@
+<?php
+
+namespace App\Tech\Entity;
+
+use App\Tech\Repository\ResetPasswordRequestRepository;
+use App\Tech\Entity\User;
+use Doctrine\ORM\Mapping as ORM;
+use SymfonyCasts\Bundle\ResetPassword\Model\ResetPasswordRequestInterface;
+use SymfonyCasts\Bundle\ResetPassword\Model\ResetPasswordRequestTrait;
+
+#[ORM\Entity(repositoryClass: ResetPasswordRequestRepository::class)]
+class ResetPasswordRequest implements ResetPasswordRequestInterface
+{
+    use ResetPasswordRequestTrait;
+
+    #[ORM\Id]
+    #[ORM\GeneratedValue]
+    #[ORM\Column]
+    private ?int $id = null;
+
+    #[ORM\ManyToOne]
+    #[ORM\JoinColumn(nullable: false)]
+    private ?User $user = null;
+
+    public function __construct(User $user, \DateTimeInterface $expiresAt, string $selector, string $hashedToken)
+    {
+        $this->user = $user;
+        $this->initialize($expiresAt, $selector, $hashedToken);
+    }
+
+    public function getId(): ?int
+    {
+        return $this->id;
+    }
+
+    public function getUser(): User
+    {
+        return $this->user;
+    }
+}
diff --git a/src/Tech/Entity/User.php b/src/Tech/Entity/User.php
index 47150f0..c862ac2 100644
--- a/src/Tech/Entity/User.php
+++ b/src/Tech/Entity/User.php
@@ -10,6 +10,7 @@ use Symfony\Component\Security\Core\User\UserInterface;
 #[ORM\Entity(repositoryClass: UserRepository::class)]
 #[ORM\Table(name: '`user`')]
 #[ORM\UniqueConstraint(name: 'UNIQ_IDENTIFIER_EMAIL', fields: ['email'])]
+#[ORM\UniqueConstraint(name: 'UNIQ_IDENTIFIER_USERNAME', fields: ['username'])]
 class User implements UserInterface, PasswordAuthenticatedUserInterface
 {
     #[ORM\Id]
@@ -20,6 +21,9 @@ class User implements UserInterface, PasswordAuthenticatedUserInterface
     #[ORM\Column(length: 180)]
     private ?string $email = null;
 
+    #[ORM\Column(length: 180)]
+    private ?string $username = null;
+
     /**
      * @var list<string> The user roles
      */
@@ -52,6 +56,18 @@ class User implements UserInterface, PasswordAuthenticatedUserInterface
         return $this;
     }
 
+    public function getUsername(): ?string
+    {
+        return $this->username;
+    }
+
+    public function setUsername(string $username): static
+    {
+        $this->username = $username;
+
+        return $this;
+    }
+
     /**
      * A visual identifier that represents this user.
      *
@@ -59,7 +75,7 @@ class User implements UserInterface, PasswordAuthenticatedUserInterface
      */
     public function getUserIdentifier(): string
     {
-        return (string) $this->email;
+        return (string) $this->username;
     }
 
     /**
diff --git a/src/Tech/Form/ChangePasswordFormType.php b/src/Tech/Form/ChangePasswordFormType.php
new file mode 100644
index 0000000..b2bd7f6
--- /dev/null
+++ b/src/Tech/Form/ChangePasswordFormType.php
@@ -0,0 +1,58 @@
+<?php
+
+namespace App\Tech\Form;
+
+use Symfony\Component\Form\AbstractType;
+use Symfony\Component\Form\Extension\Core\Type\PasswordType;
+use Symfony\Component\Form\Extension\Core\Type\RepeatedType;
+use Symfony\Component\Form\FormBuilderInterface;
+use Symfony\Component\OptionsResolver\OptionsResolver;
+use Symfony\Component\Validator\Constraints\Length;
+use Symfony\Component\Validator\Constraints\NotBlank;
+use Symfony\Component\Validator\Constraints\NotCompromisedPassword;
+use Symfony\Component\Validator\Constraints\PasswordStrength;
+
+class ChangePasswordFormType extends AbstractType
+{
+    public function buildForm(FormBuilderInterface $builder, array $options): void
+    {
+        $builder
+            ->add('plainPassword', RepeatedType::class, [
+                'type' => PasswordType::class,
+                'options' => [
+                    'attr' => [
+                        'autocomplete' => 'new-password',
+                    ],
+                ],
+                'first_options' => [
+                    'constraints' => [
+                        new NotBlank([
+                            'message' => 'Please enter a password',
+                        ]),
+                        new Length([
+                            'min' => 12,
+                            'minMessage' => 'Your password should be at least {{ limit }} characters',
+                            // max length allowed by Symfony for security reasons
+                            'max' => 4096,
+                        ]),
+                        new PasswordStrength(),
+                        new NotCompromisedPassword(),
+                    ],
+                    'label' => 'New password',
+                ],
+                'second_options' => [
+                    'label' => 'Repeat Password',
+                ],
+                'invalid_message' => 'The password fields must match.',
+                // Instead of being set onto the object directly,
+                // this is read and encoded in the controller
+                'mapped' => false,
+            ])
+        ;
+    }
+
+    public function configureOptions(OptionsResolver $resolver): void
+    {
+        $resolver->setDefaults([]);
+    }
+}
diff --git a/src/Tech/Form/RegistrationFormType.php b/src/Tech/Form/RegistrationFormType.php
index 9f77432..1120017 100644
--- a/src/Tech/Form/RegistrationFormType.php
+++ b/src/Tech/Form/RegistrationFormType.php
@@ -5,6 +5,7 @@ namespace App\Tech\Form;
 use App\Tech\Entity\User;
 use Symfony\Component\Form\AbstractType;
 use Symfony\Component\Form\Extension\Core\Type\EmailType;
+use Symfony\Component\Form\Extension\Core\Type\TextType;
 use Symfony\Component\Form\Extension\Core\Type\PasswordType;
 use Symfony\Component\Form\Extension\Core\Type\RepeatedType;
 use Symfony\Component\Form\FormBuilderInterface;
@@ -18,6 +19,13 @@ class RegistrationFormType extends AbstractType
     {
         $builder
             ->add('email', EmailType::class)
+            ->add('username', TextType::class, [
+                'constraints' => [
+                    new NotBlank([
+                        'message' => 'Please enter a username',
+                    ]),
+                ],
+            ])
             ->add('plainPassword', RepeatedType::class, [
                 'type' => PasswordType::class,
                 'mapped' => false,
diff --git a/src/Tech/Form/ResetPasswordRequestFormType.php b/src/Tech/Form/ResetPasswordRequestFormType.php
new file mode 100644
index 0000000..26f51a4
--- /dev/null
+++ b/src/Tech/Form/ResetPasswordRequestFormType.php
@@ -0,0 +1,31 @@
+<?php
+
+namespace App\Tech\Form;
+
+use Symfony\Component\Form\AbstractType;
+use Symfony\Component\Form\Extension\Core\Type\EmailType;
+use Symfony\Component\Form\FormBuilderInterface;
+use Symfony\Component\OptionsResolver\OptionsResolver;
+use Symfony\Component\Validator\Constraints\NotBlank;
+
+class ResetPasswordRequestFormType extends AbstractType
+{
+    public function buildForm(FormBuilderInterface $builder, array $options): void
+    {
+        $builder
+            ->add('email', EmailType::class, [
+                'attr' => ['autocomplete' => 'email'],
+                'constraints' => [
+                    new NotBlank([
+                        'message' => 'Please enter your email',
+                    ]),
+                ],
+            ])
+        ;
+    }
+
+    public function configureOptions(OptionsResolver $resolver): void
+    {
+        $resolver->setDefaults([]);
+    }
+}
diff --git a/src/Tech/Repository/ResetPasswordRequestRepository.php b/src/Tech/Repository/ResetPasswordRequestRepository.php
new file mode 100644
index 0000000..78f14e3
--- /dev/null
+++ b/src/Tech/Repository/ResetPasswordRequestRepository.php
@@ -0,0 +1,32 @@
+<?php
+
+namespace App\Tech\Repository;
+
+use App\Tech\Entity\ResetPasswordRequest;
+use App\Tech\Entity\User;
+use Doctrine\Bundle\DoctrineBundle\Repository\ServiceEntityRepository;
+use Doctrine\Persistence\ManagerRegistry;
+use SymfonyCasts\Bundle\ResetPassword\Model\ResetPasswordRequestInterface;
+use SymfonyCasts\Bundle\ResetPassword\Persistence\Repository\ResetPasswordRequestRepositoryTrait;
+use SymfonyCasts\Bundle\ResetPassword\Persistence\ResetPasswordRequestRepositoryInterface;
+
+/**
+ * @extends ServiceEntityRepository<ResetPasswordRequest>
+ */
+class ResetPasswordRequestRepository extends ServiceEntityRepository implements ResetPasswordRequestRepositoryInterface
+{
+    use ResetPasswordRequestRepositoryTrait;
+
+    public function __construct(ManagerRegistry $registry)
+    {
+        parent::__construct($registry, ResetPasswordRequest::class);
+    }
+
+    /**
+     * @param User $user
+     */
+    public function createResetPasswordRequest(object $user, \DateTimeInterface $expiresAt, string $selector, string $hashedToken): ResetPasswordRequestInterface
+    {
+        return new ResetPasswordRequest($user, $expiresAt, $selector, $hashedToken);
+    }
+}
diff --git a/symfony.lock b/symfony.lock
index c8acec2..ac5be9a 100644
--- a/symfony.lock
+++ b/symfony.lock
@@ -356,6 +356,18 @@
             "./webpack.config.js"
         ]
     },
+    "symfonycasts/reset-password-bundle": {
+        "version": "1.24",
+        "recipe": {
+            "repo": "github.com/symfony/recipes",
+            "branch": "main",
+            "version": "1.0",
+            "ref": "97c1627c0384534997ae1047b93be517ca16de43"
+        },
+        "files": [
+            "./config/packages/reset_password.yaml"
+        ]
+    },
     "symfonycasts/verify-email-bundle": {
         "version": "v1.18.0"
     },
diff --git a/templates/tech/registration/register.html.twig b/templates/tech/registration/register.html.twig
index c0dc234..05752e4 100644
--- a/templates/tech/registration/register.html.twig
+++ b/templates/tech/registration/register.html.twig
@@ -9,6 +9,7 @@
 
     {{ form_start(registrationForm) }}
         {{ form_row(registrationForm.email) }}
+        {{ form_row(registrationForm.username) }}
         {{ form_row(registrationForm.plainPassword) }}
 
         <button type="submit" class="btn">Register</button>
diff --git a/templates/tech/reset_password/check_email.html.twig b/templates/tech/reset_password/check_email.html.twig
new file mode 100644
index 0000000..786819b
--- /dev/null
+++ b/templates/tech/reset_password/check_email.html.twig
@@ -0,0 +1,11 @@
+{% extends 'base.html.twig' %}
+
+{% block title %}Password Reset Email Sent{% endblock %}
+
+{% block body %}
+    <p>
+        If an account matching your email exists, then an email was just sent that contains a link that you can use to reset your password.
+        This link will expire in {{ resetToken.expirationMessageKey|trans(resetToken.expirationMessageData, 'ResetPasswordBundle') }}.
+    </p>
+    <p>If you don't receive an email please check your spam folder or <a href="{{ path('app_forgot_password_request') }}">try again</a>.</p>
+{% endblock %}
diff --git a/templates/tech/reset_password/email.html.twig b/templates/tech/reset_password/email.html.twig
new file mode 100644
index 0000000..824a218
--- /dev/null
+++ b/templates/tech/reset_password/email.html.twig
@@ -0,0 +1,9 @@
+<h1>Hi!</h1>
+
+<p>To reset your password, please visit the following link</p>
+
+<a href="{{ url('app_reset_password', {token: resetToken.token}) }}">{{ url('app_reset_password', {token: resetToken.token}) }}</a>
+
+<p>This link will expire in {{ resetToken.expirationMessageKey|trans(resetToken.expirationMessageData, 'ResetPasswordBundle') }}.</p>
+
+<p>Cheers!</p>
diff --git a/templates/tech/reset_password/request.html.twig b/templates/tech/reset_password/request.html.twig
new file mode 100644
index 0000000..0a118aa
--- /dev/null
+++ b/templates/tech/reset_password/request.html.twig
@@ -0,0 +1,22 @@
+{% extends 'base.html.twig' %}
+
+{% block title %}Reset your password{% endblock %}
+
+{% block body %}
+    {% for flash_error in app.flashes('reset_password_error') %}
+        <div class="alert alert-danger" role="alert">{{ flash_error }}</div>
+    {% endfor %}
+    <h1>Reset your password</h1>
+
+    {{ form_start(requestForm) }}
+        {{ form_row(requestForm.email) }}
+        <div>
+            <small>
+                Enter your email address, and we will send you a
+                link to reset your password.
+            </small>
+        </div>
+
+        <button class="btn btn-primary">Send password reset email</button>
+    {{ form_end(requestForm) }}
+{% endblock %}
diff --git a/templates/tech/reset_password/reset.html.twig b/templates/tech/reset_password/reset.html.twig
new file mode 100644
index 0000000..799aa10
--- /dev/null
+++ b/templates/tech/reset_password/reset.html.twig
@@ -0,0 +1,12 @@
+{% extends 'base.html.twig' %}
+
+{% block title %}Reset your password{% endblock %}
+
+{% block body %}
+    <h1>Reset your password</h1>
+
+    {{ form_start(resetForm) }}
+        {{ form_row(resetForm.plainPassword) }}
+        <button class="btn btn-primary">Reset password</button>
+    {{ form_end(resetForm) }}
+{% endblock %}
diff --git a/templates/tech/security/login.html.twig b/templates/tech/security/login.html.twig
index efc5c40..8d4fb16 100644
--- a/templates/tech/security/login.html.twig
+++ b/templates/tech/security/login.html.twig
@@ -15,8 +15,8 @@
     {% endif %}
 
     <h1 class="h3 mb-3 font-weight-normal">Please sign in</h1>
-    <label for="inputEmail">Email</label>
-    <input type="email" value="{{ last_username }}" name="email" id="inputEmail" class="form-control" autocomplete="email" required autofocus>
+    <label for="inputUsername">Username</label>
+    <input type="text" value="{{ last_username }}" name="username" id="inputUsername" class="form-control" autocomplete="username" required autofocus>
     <label for="inputPassword">Password</label>
     <input type="password" name="password" id="inputPassword" class="form-control" autocomplete="current-password" required>
 
@@ -38,5 +38,8 @@
     <button class="btn btn-lg btn-primary" type="submit">
         Sign in
     </button>
+    <div class="mt-3">
+        <a href="{{ path('app_forgot_password_request') }}">Forgot your password?</a>
+    </div>
 </form>
 {% endblock %}
-- 
2.49.1