Merge branch 'main' into feat/cmd-click

.vscode/settings.json

@@ -1,5 +1,7 @@
 {
-	"eslint.workingDirectories": ["./frontend"],
+	"eslint.workingDirectories": [
+		"./frontend"
+	],
 	"editor.formatOnSave": true,
 	"editor.defaultFormatter": "esbenp.prettier-vscode",
 	"editor.codeActionsOnSave": {

conf/example.yaml

@@ -291,3 +291,12 @@ flagger:
     float:
     integer:
     object:
+
+##################### User #####################
+user:
+  password:
+    reset:
+      # Whether to allow users to reset their password themselves.
+      allow_self: true
+      # The duration within which a user can reset their password.
+      max_token_lifetime: 6h

docs/api/openapi.yml

@@ -1985,6 +1985,35 @@ paths:
       summary: Update user preference
       tags:
       - preferences
+  /api/v2/factor_password/forgot:
+    post:
+      deprecated: false
+      description: This endpoint initiates the forgot password flow by sending a reset
+        password email
+      operationId: ForgotPassword
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/TypesPostableForgotPassword'
+      responses:
+        "204":
+          description: No Content
+        "400":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Bad Request
+        "500":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Internal Server Error
+      summary: Forgot password
+      tags:
+      - users
   /api/v2/features:
     get:
       deprecated: false
@@ -3979,6 +4008,15 @@ components:
         token:
           type: string
       type: object
+    TypesPostableForgotPassword:
+      properties:
+        email:
+          type: string
+        frontendBaseURL:
+          type: string
+        orgId:
+          type: string
+      type: object
     TypesPostableInvite:
       properties:
         email:
@@ -3999,6 +4037,9 @@ components:
       type: object
     TypesResetPasswordToken:
       properties:
+        expiresAt:
+          format: date-time
+          type: string
         id:
           type: string
         passwordId:

frontend/src/components/LogDetail/index.tsx

@@ -47,6 +47,7 @@ import { AppState } from 'store/reducers';
 import { Query, TagFilter } from 'types/api/queryBuilder/queryBuilderData';
 import { DataSource, StringOperators } from 'types/common/queryBuilder';
 import { GlobalReducer } from 'types/reducer/globalTime';
+import { isCtrlOrMMetaKey } from 'utils/isCtrlOrMMetaKey';
 
 import { RESOURCE_KEYS, VIEW_TYPES, VIEWS } from './constants';
 import { LogDetailInnerProps, LogDetailProps } from './LogDetail.interfaces';
@@ -135,7 +136,7 @@ function LogDetailInner({
 	};
 
 	// Go to logs explorer page with the log data
-	const handleOpenInExplorer = (): void => {
+	const handleOpenInExplorer = (event: React.MouseEvent): void => {
 		const queryParams = {
 			[QueryParams.activeLogId]: `"${log?.id}"`,
 			[QueryParams.startTime]: minTime?.toString() || '',
@@ -148,7 +149,16 @@ function LogDetailInner({
 				),
 			),
 		};
-		safeNavigate(`${ROUTES.LOGS_EXPLORER}?${createQueryParams(queryParams)}`);
+
+		if (isCtrlOrMMetaKey(event)) {
+			window.open(
+				`${ROUTES.LOGS_EXPLORER}?${createQueryParams(queryParams)}`,
+				'_blank',
+				'noopener,noreferrer',
+			);
+		} else {
+			safeNavigate(`${ROUTES.LOGS_EXPLORER}?${createQueryParams(queryParams)}`);
+		}
 	};
 
 	const handleQueryExpressionChange = useCallback(

frontend/src/components/NewSelect/CustomMultiSelect.tsx

@@ -28,6 +28,7 @@ import React, {
 	useState,
 } from 'react';
 import { Virtuoso } from 'react-virtuoso';
+import { isCtrlOrMMetaKey } from 'utils/isCtrlOrMMetaKey';
 import { popupContainer } from 'utils/selectPopupContainer';
 
 import { CustomMultiSelectProps, CustomTagProps, OptionData } from './types';
@@ -922,7 +923,7 @@ const CustomMultiSelect: React.FC<CustomMultiSelectProps> = ({
 			const lastVisibleChipIndex = getLastVisibleChipIndex();
 
 			// Handle special keyboard combinations
-			const isCtrlOrCmd = e.ctrlKey || e.metaKey;
+			const isCtrlOrCmd = isCtrlOrMMetaKey(e);
 
 			// Handle Ctrl+A (select all)
 			if (isCtrlOrCmd && e.key === 'a') {

frontend/src/container/AllAlertChannels/AlertChannels.tsx

@@ -5,12 +5,12 @@ import { ResizeTable } from 'components/ResizeTable';
 import ROUTES from 'constants/routes';
 import useComponentPermission from 'hooks/useComponentPermission';
 import { useNotifications } from 'hooks/useNotifications';
-import history from 'lib/history';
 import { useAppContext } from 'providers/App/App';
 import { useCallback } from 'react';
 import { useTranslation } from 'react-i18next';
 import { generatePath } from 'react-router-dom';
 import { Channels } from 'types/api/channels/getAll';
+import { genericNavigate } from 'utils/genericNavigate';
 
 import Delete from './Delete';
 
@@ -20,13 +20,15 @@ function AlertChannels({ allChannels }: AlertChannelsProps): JSX.Element {
 	const { user } = useAppContext();
 	const [action] = useComponentPermission(['new_alert_action'], user.role);
 
-	const onClickEditHandler = useCallback((id: string) => {
-		history.push(
-			generatePath(ROUTES.CHANNELS_EDIT, {
-				channelId: id,
-			}),
-		);
-	}, []);
+	const onClickEditHandler = useCallback(
+		(id: string, event: React.MouseEvent): void => {
+			genericNavigate(
+				generatePath(ROUTES.CHANNELS_EDIT, { channelId: id }),
+				event,
+			);
+		},
+		[],
+	);
 
 	const columns: ColumnsType<Channels> = [
 		{
@@ -52,7 +54,10 @@ function AlertChannels({ allChannels }: AlertChannelsProps): JSX.Element {
 			width: 80,
 			render: (id: string): JSX.Element => (
 				<>
-					<Button onClick={(): void => onClickEditHandler(id)} type="link">
+					<Button
+						onClick={(event: React.MouseEvent): void => onClickEditHandler(id, event)}
+						type="link"
+					>
 						{t('column_channel_edit')}
 					</Button>
 					<Delete id={id} notifications={notifications} />

frontend/src/container/AllAlertChannels/index.tsx

@@ -8,7 +8,6 @@ import Spinner from 'components/Spinner';
 import TextToolTip from 'components/TextToolTip';
 import ROUTES from 'constants/routes';
 import useComponentPermission from 'hooks/useComponentPermission';
-import history from 'lib/history';
 import { isUndefined } from 'lodash-es';
 import { useAppContext } from 'providers/App/App';
 import { useCallback, useEffect } from 'react';
@@ -17,6 +16,7 @@ import { useQuery } from 'react-query';
 import { SuccessResponseV2 } from 'types/api';
 import { Channels } from 'types/api/channels/getAll';
 import APIError from 'types/api/error';
+import { genericNavigate } from 'utils/genericNavigate';
 
 import AlertChannelsComponent from './AlertChannels';
 import { Button, ButtonContainer, RightActionContainer } from './styles';
@@ -30,8 +30,8 @@ function AlertChannels(): JSX.Element {
 		['add_new_channel'],
 		user.role,
 	);
-	const onToggleHandler = useCallback(() => {
-		history.push(ROUTES.CHANNELS_NEW);
+	const onToggleHandler = useCallback((event: React.MouseEvent) => {
+		genericNavigate(ROUTES.CHANNELS_NEW, event);
 	}, []);
 
 	const { isLoading, data, error } = useQuery<
@@ -78,7 +78,7 @@ function AlertChannels(): JSX.Element {
 						}
 					>
 						<Button
-							onClick={onToggleHandler}
+							onClick={(event: React.MouseEvent): void => onToggleHandler(event)}
 							icon={<PlusOutlined />}
 							disabled={!addNewChannelPermission}
 						>

frontend/src/container/ErrorDetails/index.tsx

@@ -18,6 +18,7 @@ import { useTranslation } from 'react-i18next';
 import { useQuery } from 'react-query';
 import { useLocation } from 'react-router-dom';
 import { PayloadProps as GetByErrorTypeAndServicePayload } from 'types/api/errors/getByErrorTypeAndService';
+import { genericNavigate } from 'utils/genericNavigate';
 
 import { keyToExclude } from './config';
 import { DashedContainer, EditorContainer, EventContainer } from './styles';
@@ -111,14 +112,18 @@ function ErrorDetails(props: ErrorDetailsProps): JSX.Element {
 			value: errorDetail[key as keyof GetByErrorTypeAndServicePayload],
 		}));
 
-	const onClickTraceHandler = (): void => {
+	const onClickTraceHandler = (event: React.MouseEvent): void => {
 		logEvent('Exception: Navigate to trace detail page', {
 			groupId: errorDetail?.groupID,
 			spanId: errorDetail.spanID,
 			traceId: errorDetail.traceID,
 			exceptionId: errorDetail?.errorId,
 		});
-		history.push(`/trace/${errorDetail.traceID}?spanId=${errorDetail.spanID}`);
+
+		genericNavigate(
+			`/trace/${errorDetail.traceID}?spanId=${errorDetail.spanID}`,
+			event,
+		);
 	};
 
 	const logEventCalledRef = useRef(false);
@@ -185,7 +190,10 @@ function ErrorDetails(props: ErrorDetailsProps): JSX.Element {
 
 			<DashedContainer>
 				<Typography>{t('see_trace_graph')}</Typography>
-				<Button onClick={onClickTraceHandler} type="primary">
+				<Button
+					onClick={(event: React.MouseEvent): void => onClickTraceHandler(event)}
+					type="primary"
+				>
 					{t('see_error_in_trace_graph')}
 				</Button>
 			</DashedContainer>

frontend/src/container/ExplorerOptions/ExplorerOptions.tsx

@@ -73,6 +73,7 @@ import { ViewProps } from 'types/api/saveViews/types';
 import { DataSource, StringOperators } from 'types/common/queryBuilder';
 import { USER_ROLES } from 'types/roles';
 import { panelTypeToExplorerView } from 'utils/explorerUtils';
+import { genericNavigate } from 'utils/genericNavigate';
 
 import { PreservedViewsTypes } from './constants';
 import ExplorerOptionsHideArea from './ExplorerOptionsHideArea';
@@ -192,7 +193,7 @@ function ExplorerOptions({
 	);
 
 	const onCreateAlertsHandler = useCallback(
-		(defaultQuery: Query | null) => {
+		(defaultQuery: Query | null, event?: React.MouseEvent) => {
 			if (sourcepage === DataSource.TRACES) {
 				logEvent('Traces Explorer: Create alert', {
 					panelType,
@@ -211,10 +212,11 @@ function ExplorerOptions({
 
 			const stringifiedQuery = handleConditionalQueryModification(defaultQuery);
 
-			history.push(
+			genericNavigate(
 				`${ROUTES.ALERTS_NEW}?${QueryParams.compositeQuery}=${encodeURIComponent(
 					stringifiedQuery,
 				)}`,
+				event,
 			);
 		},
 		// eslint-disable-next-line react-hooks/exhaustive-deps
@@ -749,7 +751,9 @@ function ExplorerOptions({
 			<Button
 				disabled={disabled}
 				shape="round"
-				onClick={(): void => onCreateAlertsHandler(query)}
+				onClick={(event: React.MouseEvent): void =>
+					onCreateAlertsHandler(query, event)
+				}
 				icon={<ConciergeBell size={16} />}
 			>
 				Create an Alert

frontend/src/container/Home/AlertRules/AlertRules.tsx

@@ -3,7 +3,6 @@ import getAll from 'api/alerts/getAll';
 import logEvent from 'api/common/logEvent';
 import { QueryParams } from 'constants/query';
 import ROUTES from 'constants/routes';
-import history from 'lib/history';
 import { mapQueryDataFromApi } from 'lib/newQueryBuilder/queryBuilderMappers/mapQueryDataFromApi';
 import { ArrowRight, ArrowUpRight, Plus } from 'lucide-react';
 import Card from 'periscope/components/Card/Card';
@@ -13,6 +12,7 @@ import { useQuery } from 'react-query';
 import { Link, useLocation } from 'react-router-dom';
 import { GettableAlert } from 'types/api/alerts/get';
 import { USER_ROLES } from 'types/roles';
+import { genericNavigate } from 'utils/genericNavigate';
 
 export default function AlertRules({
 	onUpdateChecklistDoneItem,
@@ -118,7 +118,10 @@ export default function AlertRules({
 		</div>
 	);
 
-	const onEditHandler = (record: GettableAlert) => (): void => {
+	const onEditHandler = (
+		record: GettableAlert,
+		event?: React.MouseEvent | React.KeyboardEvent,
+	): void => {
 		logEvent('Homepage: Alert clicked', {
 			ruleId: record.id,
 			ruleName: record.alert,
@@ -135,7 +138,7 @@ export default function AlertRules({
 
 		params.set(QueryParams.ruleId, record.id.toString());
 
-		history.push(`${ROUTES.ALERT_OVERVIEW}?${params.toString()}`);
+		genericNavigate(`${ROUTES.ALERT_OVERVIEW}?${params.toString()}`, event);
 	};
 
 	const renderAlertRules = (): JSX.Element => (
@@ -147,10 +150,10 @@ export default function AlertRules({
 						tabIndex={0}
 						className="alert-rule-item home-data-item"
 						key={rule.id}
-						onClick={onEditHandler(rule)}
+						onClick={(event: React.MouseEvent): void => onEditHandler(rule, event)}
 						onKeyDown={(e): void => {
 							if (e.key === 'Enter') {
-								onEditHandler(rule);
+								onEditHandler(rule, e);
 							}
 						}}
 					>

frontend/src/container/Home/DataSourceInfo/DataSourceInfo.tsx

@@ -1,4 +1,5 @@
 /* eslint-disable sonarjs/no-identical-functions */
+/* eslint-disable sonarjs/cognitive-complexity */
 import { Button, Skeleton, Tag, Typography } from 'antd';
 import logEvent from 'api/common/logEvent';
 import ROUTES from 'constants/routes';
@@ -9,6 +10,7 @@ import Card from 'periscope/components/Card/Card';
 import { useAppContext } from 'providers/App/App';
 import { useEffect, useState } from 'react';
 import { LicensePlatform } from 'types/api/licensesV3/getActive';
+import { genericNavigate } from 'utils/genericNavigate';
 
 import { DOCS_LINKS } from '../constants';
 
@@ -84,16 +86,16 @@ function DataSourceInfo({
 								icon={<img src="/Icons/container-plus.svg" alt="plus" />}
 								role="button"
 								tabIndex={0}
-								onClick={(): void => {
+								onClick={(event: React.MouseEvent): void => {
 									logEvent('Homepage: Connect dataSource clicked', {});
 
 									if (
 										activeLicense &&
 										activeLicense.platform === LicensePlatform.CLOUD
 									) {
-										history.push(ROUTES.GET_STARTED_WITH_CLOUD);
+										genericNavigate(ROUTES.GET_STARTED_WITH_CLOUD, event);
 									} else {
-										window?.open(
+										window.open(
 											DOCS_LINKS.ADD_DATA_SOURCE,
 											'_blank',
 											'noopener noreferrer',

frontend/src/container/Home/Home.tsx

@@ -30,6 +30,7 @@ import { UserPreference } from 'types/api/preferences/preference';
 import { DataSource } from 'types/common/queryBuilder';
 import { USER_ROLES } from 'types/roles';
 import { isIngestionActive } from 'utils/app';
+import { genericNavigate } from 'utils/genericNavigate';
 import { popupContainer } from 'utils/selectPopupContainer';
 
 import AlertRules from './AlertRules/AlertRules';
@@ -550,11 +551,11 @@ export default function Home(): JSX.Element {
 												type="default"
 												className="periscope-btn secondary"
 												icon={<Wrench size={14} />}
-												onClick={(): void => {
+												onClick={(event: React.MouseEvent): void => {
 													logEvent('Homepage: Explore clicked', {
 														source: 'Logs',
 													});
-													history.push(ROUTES.LOGS_EXPLORER);
+													genericNavigate(ROUTES.LOGS_EXPLORER, event);
 												}}
 											>
 												Open Logs Explorer
@@ -564,11 +565,11 @@ export default function Home(): JSX.Element {
 												type="default"
 												className="periscope-btn secondary"
 												icon={<Wrench size={14} />}
-												onClick={(): void => {
+												onClick={(event: React.MouseEvent): void => {
 													logEvent('Homepage: Explore clicked', {
 														source: 'Traces',
 													});
-													history.push(ROUTES.TRACES_EXPLORER);
+													genericNavigate(ROUTES.TRACES_EXPLORER, event);
 												}}
 											>
 												Open Traces Explorer
@@ -578,11 +579,11 @@ export default function Home(): JSX.Element {
 												type="default"
 												className="periscope-btn secondary"
 												icon={<Wrench size={14} />}
-												onClick={(): void => {
+												onClick={(event: React.MouseEvent): void => {
 													logEvent('Homepage: Explore clicked', {
 														source: 'Metrics',
 													});
-													history.push(ROUTES.METRICS_EXPLORER_EXPLORER);
+													genericNavigate(ROUTES.METRICS_EXPLORER_EXPLORER, event);
 												}}
 											>
 												Open Metrics Explorer
@@ -619,11 +620,11 @@ export default function Home(): JSX.Element {
 												type="default"
 												className="periscope-btn secondary"
 												icon={<Plus size={14} />}
-												onClick={(): void => {
+												onClick={(event: React.MouseEvent): void => {
 													logEvent('Homepage: Explore clicked', {
 														source: 'Dashboards',
 													});
-													history.push(ROUTES.ALL_DASHBOARD);
+													genericNavigate(ROUTES.ALL_DASHBOARD, event);
 												}}
 											>
 												Create dashboard
@@ -661,11 +662,11 @@ export default function Home(): JSX.Element {
 												type="default"
 												className="periscope-btn secondary"
 												icon={<Plus size={14} />}
-												onClick={(): void => {
+												onClick={(event: React.MouseEvent): void => {
 													logEvent('Homepage: Explore clicked', {
 														source: 'Alerts',
 													});
-													history.push(ROUTES.ALERTS_NEW);
+													genericNavigate(ROUTES.ALERTS_NEW, event);
 												}}
 											>
 												Create an alert

frontend/src/container/Home/HomeChecklist/HomeChecklist.tsx

@@ -4,12 +4,12 @@ import './HomeChecklist.styles.scss';
 import { Button } from 'antd';
 import logEvent from 'api/common/logEvent';
 import ROUTES from 'constants/routes';
-import history from 'lib/history';
 import { ArrowRight, ArrowRightToLine, BookOpenText } from 'lucide-react';
 import { useAppContext } from 'providers/App/App';
 import { useEffect, useState } from 'react';
 import { LicensePlatform } from 'types/api/licensesV3/getActive';
 import { USER_ROLES } from 'types/roles';
+import { genericNavigate } from 'utils/genericNavigate';
 
 export type ChecklistItem = {
 	id: string;
@@ -86,18 +86,22 @@ function HomeChecklist({
 												<Button
 													type="default"
 													className="periscope-btn secondary"
-													onClick={(): void => {
+													onClick={(event: React.MouseEvent): void => {
 														logEvent('Welcome Checklist: Get started clicked', {
 															step: item.id,
 														});
 
+														const checkForNewTabAndNavigate = (): void => {
+															genericNavigate(item.toRoute || '', event);
+														};
+
 														if (item.toRoute !== ROUTES.GET_STARTED_WITH_CLOUD) {
-															history.push(item.toRoute || '');
+															checkForNewTabAndNavigate();
 														} else if (
 															activeLicense &&
 															activeLicense.platform === LicensePlatform.CLOUD
 														) {
-															history.push(item.toRoute || '');
+															checkForNewTabAndNavigate();
 														} else {
 															window?.open(
 																item.docsLink || '',

frontend/src/container/Home/Services/ServiceMetrics.tsx

@@ -11,7 +11,6 @@ import useGetTopLevelOperations from 'hooks/useGetTopLevelOperations';
 import useResourceAttribute from 'hooks/useResourceAttribute';
 import { convertRawQueriesToTraceSelectedTags } from 'hooks/useResourceAttribute/utils';
 import { useSafeNavigate } from 'hooks/useSafeNavigate';
-import history from 'lib/history';
 import { ArrowRight, ArrowUpRight } from 'lucide-react';
 import Card from 'periscope/components/Card/Card';
 import { useAppContext } from 'providers/App/App';
@@ -29,6 +28,8 @@ import { ServicesList } from 'types/api/metrics/getService';
 import { GlobalReducer } from 'types/reducer/globalTime';
 import { Tags } from 'types/reducer/trace';
 import { USER_ROLES } from 'types/roles';
+import { genericNavigate } from 'utils/genericNavigate';
+import { isCtrlOrMMetaKey } from 'utils/isCtrlOrMMetaKey';
 
 import { FeatureKeys } from '../../../constants/features';
 import { DOCS_LINKS } from '../constants';
@@ -64,7 +65,7 @@ const EmptyState = memo(
 						<Button
 							type="default"
 							className="periscope-btn secondary"
-							onClick={(): void => {
+							onClick={(event: React.MouseEvent): void => {
 								logEvent('Homepage: Get Started clicked', {
 									source: 'Service Metrics',
 								});
@@ -73,7 +74,7 @@ const EmptyState = memo(
 									activeLicenseV3 &&
 									activeLicenseV3.platform === LicensePlatform.CLOUD
 								) {
-									history.push(ROUTES.GET_STARTED_WITH_CLOUD);
+									genericNavigate(ROUTES.GET_STARTED_WITH_CLOUD, event);
 								} else {
 									window?.open(
 										DOCS_LINKS.ADD_DATA_SOURCE,
@@ -116,7 +117,7 @@ const ServicesListTable = memo(
 		onRowClick,
 	}: {
 		services: ServicesList[];
-		onRowClick: (record: ServicesList) => void;
+		onRowClick: (record: ServicesList, event: React.MouseEvent) => void;
 	}): JSX.Element => (
 		<div className="services-list-container home-data-item-container metrics-services-list">
 			<div className="services-list">
@@ -125,8 +126,8 @@ const ServicesListTable = memo(
 					dataSource={services}
 					pagination={false}
 					className="services-table"
-					onRow={(record): { onClick: () => void } => ({
-						onClick: (): void => onRowClick(record),
+					onRow={(record): { onClick: (event: React.MouseEvent) => void } => ({
+						onClick: (event: React.MouseEvent): void => onRowClick(record, event),
 					})}
 				/>
 			</div>
@@ -284,11 +285,19 @@ function ServiceMetrics({
 	}, [onUpdateChecklistDoneItem, loadingUserPreferences, servicesExist]);
 
 	const handleRowClick = useCallback(
-		(record: ServicesList) => {
+		(record: ServicesList, event: React.MouseEvent) => {
 			logEvent('Homepage: Service clicked', {
 				serviceName: record.serviceName,
 			});
-			safeNavigate(`${ROUTES.APPLICATION}/${record.serviceName}`);
+			if (event && isCtrlOrMMetaKey(event)) {
+				window.open(
+					`${ROUTES.APPLICATION}/${record.serviceName}`,
+					'_blank',
+					'noopener,noreferrer',
+				);
+			} else {
+				safeNavigate(`${ROUTES.APPLICATION}/${record.serviceName}`);
+			}
 		},
 		[safeNavigate],
 	);

frontend/src/container/Home/Services/ServiceTraces.tsx

@@ -3,7 +3,6 @@ import logEvent from 'api/common/logEvent';
 import ROUTES from 'constants/routes';
 import { useQueryService } from 'hooks/useQueryService';
 import { useSafeNavigate } from 'hooks/useSafeNavigate';
-import history from 'lib/history';
 import { ArrowRight, ArrowUpRight } from 'lucide-react';
 import Card from 'periscope/components/Card/Card';
 import { useAppContext } from 'providers/App/App';
@@ -15,6 +14,8 @@ import { LicensePlatform } from 'types/api/licensesV3/getActive';
 import { ServicesList } from 'types/api/metrics/getService';
 import { GlobalReducer } from 'types/reducer/globalTime';
 import { USER_ROLES } from 'types/roles';
+import { genericNavigate } from 'utils/genericNavigate';
+import { isCtrlOrMMetaKey } from 'utils/isCtrlOrMMetaKey';
 
 import { DOCS_LINKS } from '../constants';
 import { columns, TIME_PICKER_OPTIONS } from './constants';
@@ -118,7 +119,7 @@ export default function ServiceTraces({
 							<Button
 								type="default"
 								className="periscope-btn secondary"
-								onClick={(): void => {
+								onClick={(event: React.MouseEvent): void => {
 									logEvent('Homepage: Get Started clicked', {
 										source: 'Service Traces',
 									});
@@ -127,7 +128,7 @@ export default function ServiceTraces({
 										activeLicense &&
 										activeLicense.platform === LicensePlatform.CLOUD
 									) {
-										history.push(ROUTES.GET_STARTED_WITH_CLOUD);
+										genericNavigate(ROUTES.GET_STARTED_WITH_CLOUD, event);
 									} else {
 										window?.open(
 											DOCS_LINKS.ADD_DATA_SOURCE,
@@ -172,13 +173,21 @@ export default function ServiceTraces({
 						dataSource={top5Services}
 						pagination={false}
 						className="services-table"
-						onRow={(record): { onClick: () => void } => ({
-							onClick: (): void => {
+						onRow={(record): { onClick: (event: React.MouseEvent) => void } => ({
+							onClick: (event: React.MouseEvent): void => {
 								logEvent('Homepage: Service clicked', {
 									serviceName: record.serviceName,
 								});
 
-								safeNavigate(`${ROUTES.APPLICATION}/${record.serviceName}`);
+								if (event && isCtrlOrMMetaKey(event)) {
+									window.open(
+										`${ROUTES.APPLICATION}/${record.serviceName}`,
+										'_blank',
+										'noopener,noreferrer',
+									);
+								} else {
+									safeNavigate(`${ROUTES.APPLICATION}/${record.serviceName}`);
+								}
 							},
 						})}
 					/>

frontend/src/container/ListAlertRules/AlertsEmptyState/AlertsEmptyState.tsx

@@ -5,10 +5,10 @@ import { Button, Divider, Typography } from 'antd';
 import logEvent from 'api/common/logEvent';
 import ROUTES from 'constants/routes';
 import useComponentPermission from 'hooks/useComponentPermission';
-import history from 'lib/history';
 import { useAppContext } from 'providers/App/App';
 import { useCallback, useState } from 'react';
 import { DataSource } from 'types/common/queryBuilder';
+import { genericNavigate } from 'utils/genericNavigate';
 
 import AlertInfoCard from './AlertInfoCard';
 import { ALERT_CARDS, ALERT_INFO_LINKS } from './alertLinks';
@@ -36,9 +36,9 @@ export function AlertsEmptyState(): JSX.Element {
 
 	const [loading, setLoading] = useState(false);
 
-	const onClickNewAlertHandler = useCallback(() => {
+	const onClickNewAlertHandler = useCallback((event: React.MouseEvent): void => {
 		setLoading(false);
-		history.push(ROUTES.ALERTS_NEW);
+		genericNavigate(ROUTES.ALERTS_NEW, event);
 	}, []);
 
 	return (
@@ -70,7 +70,9 @@ export function AlertsEmptyState(): JSX.Element {
 						<div className="action-container">
 							<Button
 								className="add-alert-btn"
-								onClick={onClickNewAlertHandler}
+								onClick={(event: React.MouseEvent): void =>
+									onClickNewAlertHandler(event)
+								}
 								icon={<PlusOutlined />}
 								disabled={!addNewAlert}
 								loading={loading}

frontend/src/container/ListAlertRules/ListAlert.tsx

@@ -31,6 +31,7 @@ import { UseQueryResult } from 'react-query';
 import { ErrorResponse, SuccessResponse } from 'types/api';
 import { AlertTypes } from 'types/api/alerts/alertTypes';
 import { GettableAlert } from 'types/api/alerts/get';
+import { isCtrlOrMMetaKey } from 'utils/isCtrlOrMMetaKey';
 
 import DeleteAlert from './DeleteAlert';
 import { ColumnButton, SearchContainer } from './styles';
@@ -266,7 +267,7 @@ function ListAlert({ allAlertRules, refetch }: ListAlertProps): JSX.Element {
 				const onClickHandler = (e: React.MouseEvent<HTMLElement>): void => {
 					e.stopPropagation();
 					e.preventDefault();
-					onEditHandler(record, e.metaKey || e.ctrlKey);
+					onEditHandler(record, isCtrlOrMMetaKey(e));
 				};
 
 				return <Typography.Link onClick={onClickHandler}>{value}</Typography.Link>;

frontend/src/container/ListOfDashboard/DashboardTemplates/DashboardTemplatesModal.tsx

@@ -118,7 +118,7 @@ const templatesList: DashboardTemplate[] = [
 
 interface DashboardTemplatesModalProps {
 	showNewDashboardTemplatesModal: boolean;
-	onCreateNewDashboard: () => void;
+	onCreateNewDashboard: (event: React.MouseEvent) => void;
 	onCancel: () => void;
 }
 
@@ -204,7 +204,9 @@ export default function DashboardTemplatesModal({
 									type="primary"
 									className="periscope-btn primary"
 									icon={<Plus size={14} />}
-									onClick={onCreateNewDashboard}
+									onClick={(event: React.MouseEvent): void =>
+										onCreateNewDashboard(event)
+									}
 								>
 									New dashboard
 								</Button>

frontend/src/container/ListOfDashboard/DashboardsList.tsx

@@ -86,6 +86,7 @@ import {
 	Widgets,
 } from 'types/api/dashboard/getAll';
 import APIError from 'types/api/error';
+import { isCtrlOrMMetaKey } from 'utils/isCtrlOrMMetaKey';
 
 import DashboardTemplatesModal from './DashboardTemplates/DashboardTemplatesModal';
 import ImportJSON from './ImportJSON';
@@ -284,35 +285,48 @@ function DashboardsList(): JSX.Element {
 			refetchDashboardList,
 		})) || [];
 
-	const onNewDashboardHandler = useCallback(async () => {
-		try {
-			logEvent('Dashboard List: Create dashboard clicked', {});
-			setNewDashboardState({
-				...newDashboardState,
-				loading: true,
-			});
-			const response = await createDashboard({
-				title: t('new_dashboard_title', {
-					ns: 'dashboard',
-				}),
-				uploadedGrafana: false,
-				version: ENTITY_VERSION_V5,
-			});
+	const onNewDashboardHandler = useCallback(
+		async (event: React.MouseEvent): Promise<void> => {
+			try {
+				logEvent('Dashboard List: Create dashboard clicked', {});
+				setNewDashboardState({
+					...newDashboardState,
+					loading: true,
+				});
+				const response = await createDashboard({
+					title: t('new_dashboard_title', {
+						ns: 'dashboard',
+					}),
+					uploadedGrafana: false,
+					version: ENTITY_VERSION_V5,
+				});
 
-			safeNavigate(
-				generatePath(ROUTES.DASHBOARD, {
-					dashboardId: response.data.id,
-				}),
-			);
-		} catch (error) {
-			showErrorModal(error as APIError);
-			setNewDashboardState({
-				...newDashboardState,
-				error: true,
-				errorMessage: (error as AxiosError).toString() || 'Something went Wrong',
-			});
-		}
-	}, [newDashboardState, safeNavigate, showErrorModal, t]);
+				if (event && isCtrlOrMMetaKey(event)) {
+					window.open(
+						generatePath(ROUTES.DASHBOARD, {
+							dashboardId: response.data.id,
+						}),
+						'_blank',
+						'noopener,noreferrer',
+					);
+				} else {
+					safeNavigate(
+						generatePath(ROUTES.DASHBOARD, {
+							dashboardId: response.data.id,
+						}),
+					);
+				}
+			} catch (error) {
+				showErrorModal(error as APIError);
+				setNewDashboardState({
+					...newDashboardState,
+					error: true,
+					errorMessage: (error as AxiosError).toString() || 'Something went Wrong',
+				});
+			}
+		},
+		[newDashboardState, safeNavigate, showErrorModal, t],
+	);
 
 	const onModalHandler = (uploadedGrafana: boolean): void => {
 		logEvent('Dashboard List: Import JSON clicked', {});
@@ -414,8 +428,8 @@ function DashboardsList(): JSX.Element {
 
 				const onClickHandler = (event: React.MouseEvent<HTMLElement>): void => {
 					event.stopPropagation();
-					if (event.metaKey || event.ctrlKey) {
-						window.open(getLink(), '_blank');
+					if (isCtrlOrMMetaKey(event)) {
+						window.open(getLink(), '_blank', 'noopener,noreferrer');
 					} else {
 						safeNavigate(getLink());
 					}
@@ -641,8 +655,8 @@ function DashboardsList(): JSX.Element {
 				label: (
 					<div
 						className="create-dashboard-menu-item"
-						onClick={(): void => {
-							onNewDashboardHandler();
+						onClick={(event: React.MouseEvent): void => {
+							onNewDashboardHandler(event);
 						}}
 					>
 						<LayoutGrid size={14} /> Create dashboard
@@ -929,7 +943,9 @@ function DashboardsList(): JSX.Element {
 
 				<DashboardTemplatesModal
 					showNewDashboardTemplatesModal={showNewDashboardTemplatesModal}
-					onCreateNewDashboard={onNewDashboardHandler}
+					onCreateNewDashboard={(event: React.MouseEvent): Promise<void> =>
+						onNewDashboardHandler(event)
+					}
 					onCancel={(): void => {
 						setShowNewDashboardTemplatesModal(false);
 					}}

frontend/src/container/ListOfDashboard/TableComponents/Name.tsx

@@ -1,6 +1,6 @@
 import { LockFilled } from '@ant-design/icons';
 import ROUTES from 'constants/routes';
-import history from 'lib/history';
+import { genericNavigate } from 'utils/genericNavigate';
 
 import { Data } from '../DashboardsList';
 import { TableLinkText } from './styles';
@@ -11,11 +11,7 @@ function Name(name: Data['name'], data: Data): JSX.Element {
 	const getLink = (): string => `${ROUTES.ALL_DASHBOARD}/${DashboardId}`;
 
 	const onClickHandler = (event: React.MouseEvent<HTMLElement>): void => {
-		if (event.metaKey || event.ctrlKey) {
-			window.open(getLink(), '_blank');
-		} else {
-			history.push(getLink());
-		}
+		genericNavigate(getLink(), event);
 	};
 
 	return (

frontend/src/container/MetricsApplication/Tabs/DBCall.tsx

@@ -1,3 +1,4 @@
+/* eslint-disable sonarjs/no-identical-functions */
 import { Col } from 'antd';
 import logEvent from 'api/common/logEvent';
 import { ENTITY_VERSION_V4 } from 'constants/app';
@@ -179,14 +180,17 @@ function DBCall(): JSX.Element {
 					type="default"
 					size="small"
 					id="database_call_rps_button"
-					onClick={onViewTracePopupClick({
-						servicename,
-						selectedTraceTags,
-						timestamp: selectedTimeStamp,
-						apmToTraceQuery,
-						stepInterval,
-						safeNavigate,
-					})}
+					onClick={(event): void =>
+						onViewTracePopupClick({
+							servicename,
+							selectedTraceTags,
+							timestamp: selectedTimeStamp,
+							apmToTraceQuery,
+							stepInterval,
+							safeNavigate,
+							event,
+						})
+					}
 				>
 					View Traces
 				</Button>
@@ -215,14 +219,17 @@ function DBCall(): JSX.Element {
 					type="default"
 					size="small"
 					id="database_call_avg_duration_button"
-					onClick={onViewTracePopupClick({
-						servicename,
-						selectedTraceTags,
-						timestamp: selectedTimeStamp,
-						apmToTraceQuery,
-						stepInterval,
-						safeNavigate,
-					})}
+					onClick={(event): void =>
+						onViewTracePopupClick({
+							servicename,
+							selectedTraceTags,
+							timestamp: selectedTimeStamp,
+							apmToTraceQuery,
+							stepInterval,
+							safeNavigate,
+							event,
+						})
+					}
 				>
 					View Traces
 				</Button>

frontend/src/container/MetricsApplication/Tabs/External.tsx

@@ -1,3 +1,4 @@
+/* eslint-disable sonarjs/no-identical-functions */
 import { Col } from 'antd';
 import logEvent from 'api/common/logEvent';
 import { ENTITY_VERSION_V4 } from 'constants/app';
@@ -244,22 +245,28 @@ function External(): JSX.Element {
 				<Col span={12}>
 					<GraphControlsPanel
 						id="external_call_error_percentage_button"
-						onViewTracesClick={onViewTracePopupClick({
-							servicename,
-							selectedTraceTags,
-							timestamp: selectedTimeStamp,
-							apmToTraceQuery: errorApmToTraceQuery,
-							stepInterval,
-							safeNavigate,
-						})}
-						onViewAPIMonitoringClick={onViewAPIMonitoringPopupClick({
-							servicename,
-							timestamp: selectedTimeStamp,
-							domainName: selectedData?.address || '',
-							isError: true,
-							stepInterval: 300,
-							safeNavigate,
-						})}
+						onViewTracesClick={(event: React.MouseEvent): void =>
+							onViewTracePopupClick({
+								servicename,
+								selectedTraceTags,
+								timestamp: selectedTimeStamp,
+								apmToTraceQuery: errorApmToTraceQuery,
+								stepInterval,
+								safeNavigate,
+								event,
+							})
+						}
+						onViewAPIMonitoringClick={(event: React.MouseEvent): void =>
+							onViewAPIMonitoringPopupClick({
+								servicename,
+								timestamp: selectedTimeStamp,
+								domainName: selectedData?.address || '',
+								isError: true,
+								stepInterval: 300,
+								safeNavigate,
+								event,
+							})
+						}
 					/>
 					<Card data-testid="external_call_error_percentage">
 						<GraphContainer>
@@ -286,22 +293,28 @@ function External(): JSX.Element {
 				<Col span={12}>
 					<GraphControlsPanel
 						id="external_call_duration_button"
-						onViewTracesClick={onViewTracePopupClick({
-							servicename,
-							selectedTraceTags,
-							timestamp: selectedTimeStamp,
-							apmToTraceQuery,
-							stepInterval,
-							safeNavigate,
-						})}
-						onViewAPIMonitoringClick={onViewAPIMonitoringPopupClick({
-							servicename,
-							timestamp: selectedTimeStamp,
-							domainName: selectedData?.address,
-							isError: false,
-							stepInterval: 300,
-							safeNavigate,
-						})}
+						onViewTracesClick={(event: React.MouseEvent): void =>
+							onViewTracePopupClick({
+								servicename,
+								selectedTraceTags,
+								timestamp: selectedTimeStamp,
+								apmToTraceQuery,
+								stepInterval,
+								safeNavigate,
+								event,
+							})
+						}
+						onViewAPIMonitoringClick={(event: React.MouseEvent): void =>
+							onViewAPIMonitoringPopupClick({
+								servicename,
+								timestamp: selectedTimeStamp,
+								domainName: selectedData?.address,
+								isError: false,
+								stepInterval: 300,
+								safeNavigate,
+								event,
+							})
+						}
 					/>
 
 					<Card data-testid="external_call_duration">
@@ -331,22 +344,28 @@ function External(): JSX.Element {
 				<Col span={12}>
 					<GraphControlsPanel
 						id="external_call_rps_by_address_button"
-						onViewTracesClick={onViewTracePopupClick({
-							servicename,
-							selectedTraceTags,
-							timestamp: selectedTimeStamp,
-							apmToTraceQuery,
-							stepInterval,
-							safeNavigate,
-						})}
-						onViewAPIMonitoringClick={onViewAPIMonitoringPopupClick({
-							servicename,
-							timestamp: selectedTimeStamp,
-							domainName: selectedData?.address,
-							isError: false,
-							stepInterval: 300,
-							safeNavigate,
-						})}
+						onViewTracesClick={(event: React.MouseEvent): void =>
+							onViewTracePopupClick({
+								servicename,
+								selectedTraceTags,
+								timestamp: selectedTimeStamp,
+								apmToTraceQuery,
+								stepInterval,
+								safeNavigate,
+								event,
+							})
+						}
+						onViewAPIMonitoringClick={(event: React.MouseEvent): void =>
+							onViewAPIMonitoringPopupClick({
+								servicename,
+								timestamp: selectedTimeStamp,
+								domainName: selectedData?.address,
+								isError: false,
+								stepInterval: 300,
+								safeNavigate,
+								event,
+							})
+						}
 					/>
 					<Card data-testid="external_call_rps_by_address">
 						<GraphContainer>
@@ -373,22 +392,28 @@ function External(): JSX.Element {
 				<Col span={12}>
 					<GraphControlsPanel
 						id="external_call_duration_by_address_button"
-						onViewTracesClick={onViewTracePopupClick({
-							servicename,
-							selectedTraceTags,
-							timestamp: selectedTimeStamp,
-							apmToTraceQuery,
-							stepInterval,
-							safeNavigate,
-						})}
-						onViewAPIMonitoringClick={onViewAPIMonitoringPopupClick({
-							servicename,
-							timestamp: selectedTimeStamp,
-							domainName: selectedData?.address,
-							isError: false,
-							stepInterval: 300,
-							safeNavigate,
-						})}
+						onViewTracesClick={(event: React.MouseEvent): void =>
+							onViewTracePopupClick({
+								servicename,
+								selectedTraceTags,
+								timestamp: selectedTimeStamp,
+								apmToTraceQuery,
+								stepInterval,
+								safeNavigate,
+								event,
+							})
+						}
+						onViewAPIMonitoringClick={(event: React.MouseEvent): void =>
+							onViewAPIMonitoringPopupClick({
+								servicename,
+								timestamp: selectedTimeStamp,
+								domainName: selectedData?.address,
+								isError: false,
+								stepInterval: 300,
+								safeNavigate,
+								event,
+							})
+						}
 					/>
 
 					<Card data-testid="external_call_duration_by_address">

frontend/src/container/MetricsApplication/Tabs/Overview.tsx

@@ -1,3 +1,4 @@
+/* eslint-disable sonarjs/no-identical-functions */
 import logEvent from 'api/common/logEvent';
 import getTopLevelOperations, {
 	ServiceDataProps,
@@ -31,6 +32,7 @@ import { DataTypes } from 'types/api/queryBuilder/queryAutocompleteResponse';
 import { Query } from 'types/api/queryBuilder/queryBuilderData';
 import { EQueryType } from 'types/common/dashboard';
 import { GlobalReducer } from 'types/reducer/globalTime';
+import { genericNavigate } from 'utils/genericNavigate';
 import { secondsToMilliseconds } from 'utils/timeUtils';
 import { v4 as uuid } from 'uuid';
 
@@ -228,14 +230,16 @@ function Application(): JSX.Element {
 	 * @param timestamp - The timestamp in seconds
 	 * @param apmToTraceQuery - query object
 	 * @param isViewLogsClicked - Whether this is for viewing logs vs traces
+	 * @param event - Click event to handle opening in new tab
 	 * @returns A callback function that handles the navigation when executed
 	 */
 	const onErrorTrackHandler = useCallback(
 		(
 			timestamp: number,
 			apmToTraceQuery: Query,
+			event: React.MouseEvent,
 			isViewLogsClicked?: boolean,
-		): (() => void) => (): void => {
+		): void => {
 			const endTime = secondsToMilliseconds(timestamp);
 			const startTime = secondsToMilliseconds(timestamp - stepInterval);
 
@@ -259,7 +263,7 @@ function Application(): JSX.Element {
 				queryString,
 			);
 
-			history.push(newPath);
+			genericNavigate(newPath, event);
 		},
 		// eslint-disable-next-line react-hooks/exhaustive-deps
 		[stepInterval],
@@ -319,14 +323,17 @@ function Application(): JSX.Element {
 						type="default"
 						size="small"
 						id="Rate_button"
-						onClick={onViewTracePopupClick({
-							servicename,
-							selectedTraceTags,
-							timestamp: selectedTimeStamp,
-							apmToTraceQuery,
-							stepInterval,
-							safeNavigate,
-						})}
+						onClick={(event: React.MouseEvent): void =>
+							onViewTracePopupClick({
+								servicename,
+								selectedTraceTags,
+								timestamp: selectedTimeStamp,
+								apmToTraceQuery,
+								stepInterval,
+								safeNavigate,
+								event,
+							})
+						}
 					>
 						View Traces
 					</Button>
@@ -349,14 +356,17 @@ function Application(): JSX.Element {
 							type="default"
 							size="small"
 							id="ApDex_button"
-							onClick={onViewTracePopupClick({
-								servicename,
-								selectedTraceTags,
-								timestamp: selectedTimeStamp,
-								apmToTraceQuery,
-								stepInterval,
-								safeNavigate,
-							})}
+							onClick={(event: React.MouseEvent): void =>
+								onViewTracePopupClick({
+									servicename,
+									selectedTraceTags,
+									timestamp: selectedTimeStamp,
+									apmToTraceQuery,
+									stepInterval,
+									safeNavigate,
+									event,
+								})
+							}
 						>
 							View Traces
 						</Button>
@@ -370,15 +380,12 @@ function Application(): JSX.Element {
 					<ColErrorContainer>
 						<GraphControlsPanel
 							id="Error_button"
-							onViewLogsClick={onErrorTrackHandler(
-								selectedTimeStamp,
-								logErrorQuery,
-								true,
-							)}
-							onViewTracesClick={onErrorTrackHandler(
-								selectedTimeStamp,
-								errorTrackQuery,
-							)}
+							onViewLogsClick={(event: React.MouseEvent): void =>
+								onErrorTrackHandler(selectedTimeStamp, logErrorQuery, event, true)
+							}
+							onViewTracesClick={(event: React.MouseEvent): void =>
+								onErrorTrackHandler(selectedTimeStamp, errorTrackQuery, event)
+							}
 						/>
 
 						<TopLevelOperation

frontend/src/container/MetricsApplication/Tabs/Overview/GraphControlsPanel/GraphControlsPanel.tsx

@@ -6,9 +6,9 @@ import { Binoculars, DraftingCompass, ScrollText } from 'lucide-react';
 
 interface GraphControlsPanelProps {
 	id: string;
-	onViewLogsClick?: () => void;
-	onViewTracesClick: () => void;
-	onViewAPIMonitoringClick?: () => void;
+	onViewLogsClick?: (event: React.MouseEvent) => void;
+	onViewTracesClick: (event: React.MouseEvent) => void;
+	onViewAPIMonitoringClick?: (event: React.MouseEvent) => void;
 }
 
 function GraphControlsPanel({
@@ -23,7 +23,7 @@ function GraphControlsPanel({
 				type="link"
 				icon={<DraftingCompass size={14} />}
 				size="small"
-				onClick={onViewTracesClick}
+				onClick={(event: React.MouseEvent): void => onViewTracesClick(event)}
 				style={{ color: Color.BG_VANILLA_100 }}
 			>
 				View traces
@@ -33,7 +33,7 @@ function GraphControlsPanel({
 					type="link"
 					icon={<ScrollText size={14} />}
 					size="small"
-					onClick={onViewLogsClick}
+					onClick={(event: React.MouseEvent): void => onViewLogsClick(event)}
 					style={{ color: Color.BG_VANILLA_100 }}
 				>
 					View logs
@@ -44,7 +44,9 @@ function GraphControlsPanel({
 					type="link"
 					icon={<Binoculars size={14} />}
 					size="small"
-					onClick={onViewAPIMonitoringClick}
+					onClick={(event: React.MouseEvent): void =>
+						onViewAPIMonitoringClick(event)
+					}
 					style={{ color: Color.BG_VANILLA_100 }}
 				>
 					View External APIs

frontend/src/container/MetricsApplication/Tabs/Overview/ServiceOverview.tsx

@@ -103,23 +103,29 @@ function ServiceOverview({
 		<>
 			<GraphControlsPanel
 				id="Service_button"
-				onViewLogsClick={onViewTracePopupClick({
-					servicename,
-					selectedTraceTags,
-					timestamp: selectedTimeStamp,
-					apmToTraceQuery: apmToLogQuery,
-					isViewLogsClicked: true,
-					stepInterval,
-					safeNavigate,
-				})}
-				onViewTracesClick={onViewTracePopupClick({
-					servicename,
-					selectedTraceTags,
-					timestamp: selectedTimeStamp,
-					apmToTraceQuery,
-					stepInterval,
-					safeNavigate,
-				})}
+				onViewLogsClick={(event: React.MouseEvent): void =>
+					onViewTracePopupClick({
+						servicename,
+						selectedTraceTags,
+						timestamp: selectedTimeStamp,
+						apmToTraceQuery: apmToLogQuery,
+						isViewLogsClicked: true,
+						stepInterval,
+						safeNavigate,
+						event,
+					})
+				}
+				onViewTracesClick={(event: React.MouseEvent): void =>
+					onViewTracePopupClick({
+						servicename,
+						selectedTraceTags,
+						timestamp: selectedTimeStamp,
+						apmToTraceQuery,
+						stepInterval,
+						safeNavigate,
+						event,
+					})
+				}
 			/>
 			<Card data-testid="service_latency">
 				<GraphContainer>

frontend/src/container/MetricsApplication/Tabs/Overview/TableRenderer/ColumnWithLink.tsx

@@ -3,6 +3,7 @@ import { navigateToTrace } from 'container/MetricsApplication/utils';
 import { useSafeNavigate } from 'hooks/useSafeNavigate';
 import { RowData } from 'lib/query/createTableColumnsFromQuery';
 import { DataTypes } from 'types/api/queryBuilder/queryAutocompleteResponse';
+import { isCtrlOrMMetaKey } from 'utils/isCtrlOrMMetaKey';
 import { v4 as uuid } from 'uuid';
 
 import { useGetAPMToTracesQueries } from '../../util';
@@ -50,7 +51,7 @@ function ColumnWithLink({
 	return (
 		<Tooltip placement="topLeft" title={text}>
 			<Typography.Link
-				onClick={(e): void => handleOnClick(text, e.metaKey || e.ctrlKey)}
+				onClick={(e): void => handleOnClick(text, isCtrlOrMMetaKey(e))}
 			>
 				{text}
 			</Typography.Link>

frontend/src/container/MetricsApplication/Tabs/util.ts

@@ -22,6 +22,7 @@ import {
 } from 'types/api/queryBuilder/queryBuilderData';
 import { DataSource } from 'types/common/queryBuilder';
 import { Tags } from 'types/reducer/trace';
+import { isCtrlOrMMetaKey } from 'utils/isCtrlOrMMetaKey';
 import { secondsToMilliseconds } from 'utils/timeUtils';
 import { v4 as uuid } from 'uuid';
 
@@ -43,6 +44,7 @@ interface OnViewTracePopupClickProps {
 	isViewLogsClicked?: boolean;
 	stepInterval?: number;
 	safeNavigate: (url: string) => void;
+	event: React.MouseEvent;
 }
 
 interface OnViewAPIMonitoringPopupClickProps {
@@ -53,6 +55,7 @@ interface OnViewAPIMonitoringPopupClickProps {
 	isError: boolean;
 
 	safeNavigate: (url: string) => void;
+	event: React.MouseEvent;
 }
 
 export function generateExplorerPath(
@@ -83,7 +86,7 @@ export function generateExplorerPath(
  * @param isViewLogsClicked - Whether this is for viewing logs vs traces
  * @param stepInterval - Time interval in seconds
  * @param safeNavigate - Navigation function
- 
+ * @param event - Click event to handle opening in new tab
  */
 export function onViewTracePopupClick({
 	selectedTraceTags,
@@ -93,33 +96,34 @@ export function onViewTracePopupClick({
 	isViewLogsClicked,
 	stepInterval,
 	safeNavigate,
-}: OnViewTracePopupClickProps): VoidFunction {
-	return (): void => {
-		const endTime = secondsToMilliseconds(timestamp);
-		const startTime = secondsToMilliseconds(timestamp - (stepInterval || 60));
+	event,
+}: OnViewTracePopupClickProps): void {
+	const endTime = secondsToMilliseconds(timestamp);
+	const startTime = secondsToMilliseconds(timestamp - (stepInterval || 60));
 
-		const urlParams = new URLSearchParams(window.location.search);
-		urlParams.set(QueryParams.startTime, startTime.toString());
-		urlParams.set(QueryParams.endTime, endTime.toString());
-		urlParams.delete(QueryParams.relativeTime);
-		const avialableParams = routeConfig[ROUTES.TRACE];
-		const queryString = getQueryString(avialableParams, urlParams);
+	const urlParams = new URLSearchParams(window.location.search);
+	urlParams.set(QueryParams.startTime, startTime.toString());
+	urlParams.set(QueryParams.endTime, endTime.toString());
+	urlParams.delete(QueryParams.relativeTime);
+	const avialableParams = routeConfig[ROUTES.TRACE];
+	const queryString = getQueryString(avialableParams, urlParams);
 
-		const JSONCompositeQuery = encodeURIComponent(
-			JSON.stringify(apmToTraceQuery),
-		);
+	const JSONCompositeQuery = encodeURIComponent(JSON.stringify(apmToTraceQuery));
 
-		const newPath = generateExplorerPath(
-			isViewLogsClicked,
-			urlParams,
-			servicename,
-			selectedTraceTags,
-			JSONCompositeQuery,
-			queryString,
-		);
+	const newPath = generateExplorerPath(
+		isViewLogsClicked,
+		urlParams,
+		servicename,
+		selectedTraceTags,
+		JSONCompositeQuery,
+		queryString,
+	);
 
+	if (event && isCtrlOrMMetaKey(event)) {
+		window.open(newPath, '_blank', 'noopener,noreferrer');
+	} else {
 		safeNavigate(newPath);
-	};
+	}
 }
 
 const generateAPIMonitoringPath = (
@@ -149,49 +153,52 @@ export function onViewAPIMonitoringPopupClick({
 	isError,
 	stepInterval,
 	safeNavigate,
-}: OnViewAPIMonitoringPopupClickProps): VoidFunction {
-	return (): void => {
-		const endTime = timestamp + (stepInterval || 60);
-		const startTime = timestamp - (stepInterval || 60);
-		const filters = {
-			items: [
-				...(isError
-					? [
-							{
-								id: uuid().slice(0, 8),
-								key: {
-									key: 'hasError',
-									dataType: DataTypes.bool,
-									type: 'tag',
-									id: 'hasError--bool--tag--true',
-								},
-								op: 'in',
-								value: ['true'],
+	event,
+}: OnViewAPIMonitoringPopupClickProps): void {
+	const endTime = timestamp + (stepInterval || 60);
+	const startTime = timestamp - (stepInterval || 60);
+	const filters = {
+		items: [
+			...(isError
+				? [
+						{
+							id: uuid().slice(0, 8),
+							key: {
+								key: 'hasError',
+								dataType: DataTypes.bool,
+								type: 'tag',
+								id: 'hasError--bool--tag--true',
 							},
-					  ]
-					: []),
-				{
-					id: uuid().slice(0, 8),
-					key: {
-						key: 'service.name',
-						dataType: DataTypes.String,
-						type: 'resource',
-					},
-					op: '=',
-					value: servicename,
+							op: 'in',
+							value: ['true'],
+						},
+				  ]
+				: []),
+			{
+				id: uuid().slice(0, 8),
+				key: {
+					key: 'service.name',
+					dataType: DataTypes.String,
+					type: 'resource',
 				},
-			],
-			op: 'AND',
-		};
-		const newPath = generateAPIMonitoringPath(
-			domainName,
-			startTime,
-			endTime,
-			filters,
-		);
-
-		safeNavigate(newPath);
+				op: '=',
+				value: servicename,
+			},
+		],
+		op: 'AND',
 	};
+	const newPath = generateAPIMonitoringPath(
+		domainName,
+		startTime,
+		endTime,
+		filters,
+	);
+
+	if (event && isCtrlOrMMetaKey(event)) {
+		window.open(newPath, '_blank', 'noopener,noreferrer');
+	} else {
+		safeNavigate(newPath);
+	}
 }
 
 export function useGraphClickHandler(

frontend/src/container/MetricsApplication/TopOperationsTable.tsx

@@ -17,6 +17,7 @@ import { AppState } from 'store/reducers';
 import { DataTypes } from 'types/api/queryBuilder/queryAutocompleteResponse';
 import { Query, TagFilterItem } from 'types/api/queryBuilder/queryBuilderData';
 import { GlobalReducer } from 'types/reducer/globalTime';
+import { isCtrlOrMMetaKey } from 'utils/isCtrlOrMMetaKey';
 import { v4 as uuid } from 'uuid';
 
 import { IServiceName } from './Tabs/types';
@@ -115,7 +116,7 @@ function TopOperationsTable({
 						e.stopPropagation();
 						e.preventDefault();
 
-						if (e.metaKey || e.ctrlKey) {
+						if (isCtrlOrMMetaKey(e)) {
 							handleOnClick(text, true); // open in new tab
 						} else {
 							handleOnClick(text, false); // open in current tab

frontend/src/container/NoLogs/NoLogs.tsx

@@ -1,13 +1,14 @@
+/* eslint-disable sonarjs/cognitive-complexity */
 import './NoLogs.styles.scss';
 
 import { Typography } from 'antd';
 import logEvent from 'api/common/logEvent';
 import ROUTES from 'constants/routes';
 import { useGetTenantLicense } from 'hooks/useGetTenantLicense';
-import history from 'lib/history';
 import { ArrowUpRight } from 'lucide-react';
 import { DataSource } from 'types/common/queryBuilder';
 import DOCLINKS from 'utils/docLinks';
+import { genericNavigate } from 'utils/genericNavigate';
 
 export default function NoLogs({
 	dataSource,
@@ -16,6 +17,8 @@ export default function NoLogs({
 }): JSX.Element {
 	const { isCloudUser: isCloudUserVal } = useGetTenantLicense();
 
+	const REL_NOOPENER_NOREFERRER = 'noopener,noreferrer';
+
 	const handleLinkClick = (
 		e: React.MouseEvent<HTMLAnchorElement, MouseEvent>,
 	): void => {
@@ -38,13 +41,25 @@ export default function NoLogs({
 			} else {
 				link = ROUTES.GET_STARTED_LOGS_MANAGEMENT;
 			}
-			history.push(link);
+			genericNavigate(link, e);
 		} else if (dataSource === 'traces') {
-			window.open(DOCLINKS.TRACES_EXPLORER_EMPTY_STATE, '_blank');
+			window.open(
+				DOCLINKS.TRACES_EXPLORER_EMPTY_STATE,
+				'_blank',
+				REL_NOOPENER_NOREFERRER,
+			);
 		} else if (dataSource === DataSource.METRICS) {
-			window.open(DOCLINKS.METRICS_EXPLORER_EMPTY_STATE, '_blank');
+			window.open(
+				DOCLINKS.METRICS_EXPLORER_EMPTY_STATE,
+				'_blank',
+				REL_NOOPENER_NOREFERRER,
+			);
 		} else {
-			window.open(`${DOCLINKS.USER_GUIDE}${dataSource}/`, '_blank');
+			window.open(
+				`${DOCLINKS.USER_GUIDE}${dataSource}/`,
+				'_blank',
+				REL_NOOPENER_NOREFERRER,
+			);
 		}
 	};
 	return (
@@ -59,7 +74,12 @@ export default function NoLogs({
 					</span>
 				</Typography>
 
-				<Typography.Link className="send-logs-link" onClick={handleLinkClick}>
+				<Typography.Link
+					className="send-logs-link"
+					onClick={(e: React.MouseEvent<HTMLAnchorElement, MouseEvent>): void =>
+						handleLinkClick(e)
+					}
+				>
 					Sending {dataSource} to SigNoz <ArrowUpRight size={16} />
 				</Typography.Link>
 			</div>

frontend/src/container/QueryBuilder/filters/QueryBuilderSearch/index.tsx

@@ -48,6 +48,7 @@ import {
 } from 'types/api/queryBuilder/queryBuilderData';
 import { DataSource } from 'types/common/queryBuilder';
 import { getUserOperatingSystem, UserOperatingSystem } from 'utils/getUserOS';
+import { isCtrlOrMMetaKey } from 'utils/isCtrlOrMMetaKey';
 import { popupContainer } from 'utils/selectPopupContainer';
 import { v4 as uuid } from 'uuid';
 
@@ -225,7 +226,7 @@ function QueryBuilderSearch({
 
 		if (
 			!disableNavigationShortcuts &&
-			(event.ctrlKey || event.metaKey) &&
+			isCtrlOrMMetaKey(event) &&
 			event.key === 'Enter'
 		) {
 			event.preventDefault();
@@ -236,7 +237,7 @@ function QueryBuilderSearch({
 
 		if (
 			!disableNavigationShortcuts &&
-			(event.ctrlKey || event.metaKey) &&
+			isCtrlOrMMetaKey(event) &&
 			event.key === '/'
 		) {
 			event.preventDefault();

frontend/src/container/QueryBuilder/filters/QueryBuilderSearchV2/QueryBuilderSearchV2.tsx

@@ -52,6 +52,7 @@ import {
 	TagFilter,
 } from 'types/api/queryBuilder/queryBuilderData';
 import { DataSource } from 'types/common/queryBuilder';
+import { isCtrlOrMMetaKey } from 'utils/isCtrlOrMMetaKey';
 import { popupContainer } from 'utils/selectPopupContainer';
 import { v4 as uuid } from 'uuid';
 
@@ -456,12 +457,12 @@ function QueryBuilderSearchV2(
 				setTags((prev) => prev.slice(0, -1));
 			}
 
-			if ((event.ctrlKey || event.metaKey) && event.key === '/') {
+			if (isCtrlOrMMetaKey(event) && event.key === '/') {
 				event.preventDefault();
 				event.stopPropagation();
 				setShowAllFilters((prev) => !prev);
 			}
-			if ((event.ctrlKey || event.metaKey) && event.key === 'Enter') {
+			if (isCtrlOrMMetaKey(event) && event.key === 'Enter') {
 				event.preventDefault();
 				event.stopPropagation();
 				handleRunQuery();

frontend/src/container/SideNav/SideNav.tsx

@@ -67,6 +67,8 @@ import AppReducer from 'types/reducer/app';
 import { USER_ROLES } from 'types/roles';
 import { checkVersionState } from 'utils/app';
 import { showErrorNotification } from 'utils/error';
+import { genericNavigate } from 'utils/genericNavigate';
+import { isCtrlOrMMetaKey } from 'utils/isCtrlOrMMetaKey';
 
 import { useCmdK } from '../../providers/cmdKProvider';
 import { routeConfig } from './config';
@@ -292,8 +294,6 @@ function SideNav({ isPinned }: { isPinned: boolean }): JSX.Element {
 		icon: <Cog size={16} />,
 	};
 
-	const isCtrlMetaKey = (e: MouseEvent): boolean => e.ctrlKey || e.metaKey;
-
 	const isLatestVersion = checkVersionState(currentVersion, latestVersion);
 
 	const [
@@ -411,7 +411,7 @@ function SideNav({ isPinned }: { isPinned: boolean }): JSX.Element {
 	const isWorkspaceBlocked = trialInfo?.workSpaceBlock || false;
 
 	const openInNewTab = (path: string): void => {
-		window.open(path, '_blank');
+		window.open(path, '_blank', 'noopener,noreferrer');
 	};
 
 	const onClickGetStarted = (event: MouseEvent): void => {
@@ -424,7 +424,7 @@ function SideNav({ isPinned }: { isPinned: boolean }): JSX.Element {
 			? ROUTES.GET_STARTED_WITH_CLOUD
 			: ROUTES.GET_STARTED;
 
-		if (isCtrlMetaKey(event)) {
+		if (isCtrlOrMMetaKey(event)) {
 			openInNewTab(onboaringRoute);
 		} else {
 			history.push(onboaringRoute);
@@ -439,7 +439,7 @@ function SideNav({ isPinned }: { isPinned: boolean }): JSX.Element {
 			const queryString = getQueryString(availableParams || [], params);
 
 			if (pathname !== key) {
-				if (event && isCtrlMetaKey(event)) {
+				if (event && isCtrlOrMMetaKey(event)) {
 					openInNewTab(`${key}?${queryString.join('&')}`);
 				} else {
 					history.push(`${key}?${queryString.join('&')}`, {
@@ -634,11 +634,7 @@ function SideNav({ isPinned }: { isPinned: boolean }): JSX.Element {
 
 	const handleMenuItemClick = (event: MouseEvent, item: SidebarItem): void => {
 		if (item.key === ROUTES.SETTINGS) {
-			if (isCtrlMetaKey(event)) {
-				openInNewTab(settingsRoute);
-			} else {
-				history.push(settingsRoute);
-			}
+			genericNavigate(settingsRoute, event);
 		} else if (item.key === 'quick-search') {
 			openCmdK();
 		} else if (item) {
@@ -809,7 +805,7 @@ function SideNav({ isPinned }: { isPinned: boolean }): JSX.Element {
 		);
 
 		if (item && !('type' in item) && item.isExternal && item.url) {
-			window.open(item.url, '_blank');
+			window.open(item.url, '_blank', 'noopener,noreferrer');
 		}
 
 		if (item && !('type' in item)) {

frontend/src/container/Trace/TraceTable/index.tsx

@@ -10,9 +10,7 @@ import {
 import { formUrlParams } from 'container/TraceDetail/utils';
 import dayjs from 'dayjs';
 import duration from 'dayjs/plugin/duration';
-import history from 'lib/history';
 import omit from 'lodash-es/omit';
-import { HTMLAttributes } from 'react';
 import { useDispatch, useSelector } from 'react-redux';
 import { Dispatch } from 'redux';
 import { updateURL } from 'store/actions/trace/util';
@@ -25,6 +23,7 @@ import {
 	UPDATE_SPANS_AGGREGATE_PAGE_SIZE,
 } from 'types/actions/trace';
 import { TraceReducer } from 'types/reducer/trace';
+import { genericNavigate } from 'utils/genericNavigate';
 import { v4 } from 'uuid';
 
 dayjs.extend(duration);
@@ -203,15 +202,13 @@ function TraceTable(): JSX.Element {
 			style={{
 				cursor: 'pointer',
 			}}
-			onRow={(record: TableType): HTMLAttributes<TableType> => ({
-				onClick: (event): void => {
+			onRow={(
+				record: TableType,
+			): { onClick: (event: React.MouseEvent) => void } => ({
+				onClick: (event: React.MouseEvent): void => {
 					event.preventDefault();
 					event.stopPropagation();
-					if (event.metaKey || event.ctrlKey) {
-						window.open(getLink(record), '_blank');
-					} else {
-						history.push(getLink(record));
-					}
+					genericNavigate(getLink(record), event);
 				},
 			})}
 			pagination={{

frontend/src/container/TracesTableComponent/TracesTableComponent.tsx

@@ -84,8 +84,8 @@ function TracesTableComponent({
 			onClick: (event): void => {
 				event.preventDefault();
 				event.stopPropagation();
-				if (event.metaKey || event.ctrlKey) {
-					window.open(getTraceLink(record), '_blank');
+				if (event.ctrlKey || event.metaKey) {
+					window.open(getTraceLink(record), '_blank', 'noopener,noreferrer');
 				} else {
 					history.push(getTraceLink(record));
 				}

frontend/src/pages/TracesExplorer/__test__/TracesExplorer.test.tsx

@@ -27,6 +27,7 @@ import {
 	within,
 } from 'tests/test-utils';
 import { QueryRangePayloadV5 } from 'types/api/v5/queryRange';
+import * as genericNavigate from 'utils/genericNavigate';
 
 import TracesExplorer from '..';
 import { Filter } from '../Filter/Filter';
@@ -772,6 +773,12 @@ describe('TracesExplorer - ', () => {
 	});
 
 	it('create an alert btn assert', async () => {
+		const historyPush = jest.fn();
+
+		jest.spyOn(genericNavigate, 'genericNavigate').mockImplementation((link) => {
+			historyPush(link);
+		});
+
 		const { getByText } = renderWithTracesExplorerRouter(<TracesExplorer />, [
 			'/traces-explorer/?panelType=list&selectedExplorerView=list',
 		]);

frontend/src/utils/genericNavigate.ts

@@ -0,0 +1,18 @@
+import history from 'lib/history';
+import { KeyboardEvent, MouseEvent } from 'react';
+import { isCtrlOrMMetaKey } from 'utils/isCtrlOrMMetaKey';
+
+export const genericNavigate = (
+	link: string,
+	event?:
+		| MouseEvent
+		| KeyboardEvent
+		| globalThis.MouseEvent
+		| globalThis.KeyboardEvent,
+): void => {
+	if (event && isCtrlOrMMetaKey(event)) {
+		window.open(link, '_blank', 'noopener,noreferrer');
+	} else {
+		history.push(link);
+	}
+};

frontend/src/utils/isCtrlOrMMetaKey.ts

@@ -0,0 +1,9 @@
+import { KeyboardEvent, MouseEvent } from 'react';
+
+export const isCtrlOrMMetaKey = (
+	event:
+		| MouseEvent
+		| KeyboardEvent
+		| globalThis.MouseEvent
+		| globalThis.KeyboardEvent,
+): boolean => event.metaKey || event.ctrlKey;

pkg/apiserver/signozapiserver/user.go

@@ -315,5 +315,22 @@ func (provider *provider) addUserRoutes(router *mux.Router) error {
 		return err
 	}
 
+	if err := router.Handle("/api/v2/factor_password/forgot", handler.New(provider.authZ.OpenAccess(provider.userHandler.ForgotPassword), handler.OpenAPIDef{
+		ID:                  "ForgotPassword",
+		Tags:                []string{"users"},
+		Summary:             "Forgot password",
+		Description:         "This endpoint initiates the forgot password flow by sending a reset password email",
+		Request:             new(types.PostableForgotPassword),
+		RequestContentType:  "application/json",
+		Response:            nil,
+		ResponseContentType: "",
+		SuccessStatusCode:   http.StatusNoContent,
+		ErrorStatusCodes:    []int{http.StatusBadRequest},
+		Deprecated:          false,
+		SecuritySchemes:     []handler.OpenAPISecurityScheme{},
+	})).Methods(http.MethodPost).GetError(); err != nil {
+		return err
+	}
+
 	return nil
 }

pkg/modules/user/config.go

@@ -0,0 +1,43 @@
+package user
+
+import (
+	"time"
+
+	"github.com/SigNoz/signoz/pkg/errors"
+	"github.com/SigNoz/signoz/pkg/factory"
+)
+
+type Config struct {
+	Password PasswordConfig `mapstructure:"password"`
+}
+type PasswordConfig struct {
+	Reset ResetConfig `mapstructure:"reset"`
+}
+
+type ResetConfig struct {
+	AllowSelf        bool          `mapstructure:"allow_self"`
+	MaxTokenLifetime time.Duration `mapstructure:"max_token_lifetime"`
+}
+
+func NewConfigFactory() factory.ConfigFactory {
+	return factory.NewConfigFactory(factory.MustNewName("user"), newConfig)
+}
+
+func newConfig() factory.Config {
+	return &Config{
+		Password: PasswordConfig{
+			Reset: ResetConfig{
+				AllowSelf:        false,
+				MaxTokenLifetime: 6 * time.Hour,
+			},
+		},
+	}
+}
+
+func (c Config) Validate() error {
+	if c.Password.Reset.MaxTokenLifetime <= 0 {
+		return errors.New(errors.TypeInvalidInput, errors.CodeInvalidInput, "user::password::reset::max_token_lifetime must be positive")
+	}
+
+	return nil
+}

pkg/modules/user/impluser/handler.go

@@ -332,6 +332,25 @@ func (handler *handler) ChangePassword(w http.ResponseWriter, r *http.Request) {
 	render.Success(w, http.StatusNoContent, nil)
 }
 
+func (h *handler) ForgotPassword(w http.ResponseWriter, r *http.Request) {
+	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
+	defer cancel()
+
+	req := new(types.PostableForgotPassword)
+	if err := binding.JSON.BindBody(r.Body, req); err != nil {
+		render.Error(w, err)
+		return
+	}
+
+	err := h.module.ForgotPassword(ctx, req.OrgID, req.Email, req.FrontendBaseURL)
+	if err != nil {
+		render.Error(w, err)
+		return
+	}
+
+	render.Success(w, http.StatusNoContent, nil)
+}
+
 func (h *handler) CreateAPIKey(w http.ResponseWriter, r *http.Request) {
 	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
 	defer cancel()

pkg/modules/user/impluser/module.go

@@ -12,11 +12,13 @@ import (
 	"github.com/SigNoz/signoz/pkg/errors"
 	"github.com/SigNoz/signoz/pkg/factory"
 	"github.com/SigNoz/signoz/pkg/modules/organization"
+	"github.com/SigNoz/signoz/pkg/modules/user"
 	root "github.com/SigNoz/signoz/pkg/modules/user"
 	"github.com/SigNoz/signoz/pkg/tokenizer"
 	"github.com/SigNoz/signoz/pkg/types"
 	"github.com/SigNoz/signoz/pkg/types/emailtypes"
 	"github.com/SigNoz/signoz/pkg/valuer"
+	"github.com/dustin/go-humanize"
 	"golang.org/x/text/cases"
 	"golang.org/x/text/language"
 )
@@ -28,10 +30,11 @@ type Module struct {
 	settings  factory.ScopedProviderSettings
 	orgSetter organization.Setter
 	analytics analytics.Analytics
+	config    user.Config
 }
 
 // This module is a WIP, don't take inspiration from this.
-func NewModule(store types.UserStore, tokenizer tokenizer.Tokenizer, emailing emailing.Emailing, providerSettings factory.ProviderSettings, orgSetter organization.Setter, analytics analytics.Analytics) root.Module {
+func NewModule(store types.UserStore, tokenizer tokenizer.Tokenizer, emailing emailing.Emailing, providerSettings factory.ProviderSettings, orgSetter organization.Setter, analytics analytics.Analytics, config user.Config) root.Module {
 	settings := factory.NewScopedProviderSettings(providerSettings, "github.com/SigNoz/signoz/pkg/modules/user/impluser")
 	return &Module{
 		store:     store,
@@ -40,6 +43,7 @@ func NewModule(store types.UserStore, tokenizer tokenizer.Tokenizer, emailing em
 		settings:  settings,
 		orgSetter: orgSetter,
 		analytics: analytics,
+		config:    config,
 	}
 }
 
@@ -302,33 +306,91 @@ func (module *Module) GetOrCreateResetPasswordToken(ctx context.Context, userID
 		}
 	}
 
-	resetPasswordToken, err := types.NewResetPasswordToken(password.ID)
+	// check if a token already exists for this password id
+	existingResetPasswordToken, err := module.store.GetResetPasswordTokenByPasswordID(ctx, password.ID)
+	if err != nil && !errors.Ast(err, errors.TypeNotFound) {
+		return nil, err // return the error if it is not a not found error
+	}
+
+	// return the existing token if it is not expired
+	if existingResetPasswordToken != nil && !existingResetPasswordToken.IsExpired() {
+		return existingResetPasswordToken, nil // return the existing token if it is not expired
+	}
+
+	// delete the existing token entry
+	if existingResetPasswordToken != nil {
+		if err := module.store.DeleteResetPasswordTokenByPasswordID(ctx, password.ID); err != nil {
+			return nil, err
+		}
+	}
+
+	// create a new token
+	resetPasswordToken, err := types.NewResetPasswordToken(password.ID, time.Now().Add(module.config.Password.Reset.MaxTokenLifetime))
 	if err != nil {
 		return nil, err
 	}
 
+	// create a new token
 	err = module.store.CreateResetPasswordToken(ctx, resetPasswordToken)
 	if err != nil {
-		if !errors.Ast(err, errors.TypeAlreadyExists) {
-			return nil, err
-		}
-
-		// if the token already exists, we return the existing token
-		resetPasswordToken, err = module.store.GetResetPasswordTokenByPasswordID(ctx, password.ID)
-		if err != nil {
-			return nil, err
-		}
+		return nil, err
 	}
 
 	return resetPasswordToken, nil
 }
 
+func (module *Module) ForgotPassword(ctx context.Context, orgID valuer.UUID, email valuer.Email, frontendBaseURL string) error {
+	if !module.config.Password.Reset.AllowSelf {
+		return errors.New(errors.TypeUnsupported, errors.CodeUnsupported, "users are not allowed to reset their password themselves, please contact an admin to reset your password")
+	}
+
+	user, err := module.store.GetUserByEmailAndOrgID(ctx, email, orgID)
+	if err != nil {
+		if errors.Ast(err, errors.TypeNotFound) {
+			return nil // for security reasons
+		}
+		return err
+	}
+
+	token, err := module.GetOrCreateResetPasswordToken(ctx, user.ID)
+	if err != nil {
+		module.settings.Logger().ErrorContext(ctx, "failed to create reset password token", "error", err)
+		return err
+	}
+
+	resetLink := fmt.Sprintf("%s/password-reset?token=%s", frontendBaseURL, token.Token)
+
+	tokenLifetime := module.config.Password.Reset.MaxTokenLifetime
+	humanizedTokenLifetime := strings.TrimSpace(humanize.RelTime(time.Now(), time.Now().Add(tokenLifetime), "", ""))
+
+	if err := module.emailing.SendHTML(
+		ctx,
+		user.Email.String(),
+		"Reset your SigNoz password",
+		emailtypes.TemplateNameResetPassword,
+		map[string]any{
+			"Name":   user.DisplayName,
+			"Link":   resetLink,
+			"Expiry": humanizedTokenLifetime,
+		},
+	); err != nil {
+		module.settings.Logger().ErrorContext(ctx, "failed to send reset password email", "error", err)
+		return nil
+	}
+
+	return nil
+}
+
 func (module *Module) UpdatePasswordByResetPasswordToken(ctx context.Context, token string, passwd string) error {
 	resetPasswordToken, err := module.store.GetResetPasswordToken(ctx, token)
 	if err != nil {
 		return err
 	}
 
+	if resetPasswordToken.IsExpired() {
+		return errors.New(errors.TypeUnauthenticated, errors.CodeUnauthenticated, "reset password token has expired")
+	}
+
 	password, err := module.store.GetPassword(ctx, resetPasswordToken.PasswordID)
 	if err != nil {
 		return err

pkg/modules/user/impluser/store.go

@@ -391,6 +391,18 @@ func (store *store) GetResetPasswordTokenByPasswordID(ctx context.Context, passw
 	return resetPasswordToken, nil
 }
 
+func (store *store) DeleteResetPasswordTokenByPasswordID(ctx context.Context, passwordID valuer.UUID) error {
+	_, err := store.sqlstore.BunDB().NewDelete().
+		Model(&types.ResetPasswordToken{}).
+		Where("password_id = ?", passwordID).
+		Exec(ctx)
+	if err != nil {
+		return errors.Wrapf(err, errors.TypeInternal, errors.CodeInternal, "failed to delete reset password token")
+	}
+
+	return nil
+}
+
 func (store *store) GetResetPasswordToken(ctx context.Context, token string) (*types.ResetPasswordToken, error) {
 	resetPasswordRequest := new(types.ResetPasswordToken)
 

pkg/modules/user/user.go

@@ -30,6 +30,9 @@ type Module interface {
 	// Updates password of user to the new password. It also deletes all reset password tokens for the user.
 	UpdatePassword(ctx context.Context, userID valuer.UUID, oldPassword string, password string) error
 
+	// Initiate forgot password flow for a user
+	ForgotPassword(ctx context.Context, orgID valuer.UUID, email valuer.Email, frontendBaseURL string) error
+
 	UpdateUser(ctx context.Context, orgID valuer.UUID, id string, user *types.User, updatedBy string) (*types.User, error)
 	DeleteUser(ctx context.Context, orgID valuer.UUID, id string, deletedBy string) error
 
@@ -92,6 +95,7 @@ type Handler interface {
 	GetResetPasswordToken(http.ResponseWriter, *http.Request)
 	ResetPassword(http.ResponseWriter, *http.Request)
 	ChangePassword(http.ResponseWriter, *http.Request)
+	ForgotPassword(http.ResponseWriter, *http.Request)
 
 	// API KEY
 	CreateAPIKey(http.ResponseWriter, *http.Request)

pkg/signoz/config.go

@@ -22,6 +22,7 @@ import (
 	"github.com/SigNoz/signoz/pkg/global"
 	"github.com/SigNoz/signoz/pkg/instrumentation"
 	"github.com/SigNoz/signoz/pkg/modules/metricsexplorer"
+	"github.com/SigNoz/signoz/pkg/modules/user"
 	"github.com/SigNoz/signoz/pkg/prometheus"
 	"github.com/SigNoz/signoz/pkg/querier"
 	"github.com/SigNoz/signoz/pkg/ruler"
@@ -109,6 +110,9 @@ type Config struct {
 
 	// Flagger config
 	Flagger flagger.Config `mapstructure:"flagger"`
+
+	// User config
+	User user.Config `mapstructure:"user"`
 }
 
 // DeprecatedFlags are the flags that are deprecated and scheduled for removal.
@@ -171,6 +175,7 @@ func NewConfig(ctx context.Context, logger *slog.Logger, resolverConfig config.R
 		tokenizer.NewConfigFactory(),
 		metricsexplorer.NewConfigFactory(),
 		flagger.NewConfigFactory(),
+		user.NewConfigFactory(),
 	}
 
 	conf, err := config.New(ctx, resolverConfig, configFactories)

pkg/signoz/module.go

@@ -88,7 +88,7 @@ func NewModules(
 ) Modules {
 	quickfilter := implquickfilter.NewModule(implquickfilter.NewStore(sqlstore))
 	orgSetter := implorganization.NewSetter(implorganization.NewStore(sqlstore), alertmanager, quickfilter)
-	user := impluser.NewModule(impluser.NewStore(sqlstore, providerSettings), tokenizer, emailing, providerSettings, orgSetter, analytics)
+	user := impluser.NewModule(impluser.NewStore(sqlstore, providerSettings), tokenizer, emailing, providerSettings, orgSetter, analytics, config.User)
 	userGetter := impluser.NewGetter(impluser.NewStore(sqlstore, providerSettings))
 	ruleStore := sqlrulestore.NewRuleStore(sqlstore, queryParser, providerSettings)
 

pkg/signoz/provider.go

@@ -161,6 +161,7 @@ func NewSQLMigrationProviderFactories(
 		sqlmigration.NewUpdateUserPreferenceFactory(sqlstore, sqlschema),
 		sqlmigration.NewUpdateOrgPreferenceFactory(sqlstore, sqlschema),
 		sqlmigration.NewRenameOrgDomainsFactory(sqlstore, sqlschema),
+		sqlmigration.NewAddResetPasswordTokenExpiryFactory(sqlstore, sqlschema),
 	)
 }
 

pkg/sqlmigration/058_add_reset_password_token_expiry.go

@@ -0,0 +1,83 @@
+package sqlmigration
+
+import (
+	"context"
+	"time"
+
+	"github.com/SigNoz/signoz/pkg/factory"
+	"github.com/SigNoz/signoz/pkg/sqlschema"
+	"github.com/SigNoz/signoz/pkg/sqlstore"
+	"github.com/uptrace/bun"
+	"github.com/uptrace/bun/migrate"
+)
+
+type addResetPasswordTokenExpiry struct {
+	sqlstore  sqlstore.SQLStore
+	sqlschema sqlschema.SQLSchema
+}
+
+func NewAddResetPasswordTokenExpiryFactory(sqlstore sqlstore.SQLStore, sqlschema sqlschema.SQLSchema) factory.ProviderFactory[SQLMigration, Config] {
+	return factory.NewProviderFactory(factory.MustNewName("add_reset_password_token_expiry"), func(ctx context.Context, providerSettings factory.ProviderSettings, config Config) (SQLMigration, error) {
+		return newAddResetPasswordTokenExpiry(ctx, providerSettings, config, sqlstore, sqlschema)
+	})
+}
+
+func newAddResetPasswordTokenExpiry(_ context.Context, _ factory.ProviderSettings, _ Config, sqlstore sqlstore.SQLStore, sqlschema sqlschema.SQLSchema) (SQLMigration, error) {
+	return &addResetPasswordTokenExpiry{
+		sqlstore:  sqlstore,
+		sqlschema: sqlschema,
+	}, nil
+}
+
+func (migration *addResetPasswordTokenExpiry) Register(migrations *migrate.Migrations) error {
+	if err := migrations.Register(migration.Up, migration.Down); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (migration *addResetPasswordTokenExpiry) Up(ctx context.Context, db *bun.DB) error {
+	tx, err := db.BeginTx(ctx, nil)
+	if err != nil {
+		return err
+	}
+
+	defer func() {
+		_ = tx.Rollback()
+	}()
+
+	// get the reset_password_token table
+	table, uniqueConstraints, err := migration.sqlschema.GetTable(ctx, sqlschema.TableName("reset_password_token"))
+	if err != nil {
+		return err
+	}
+
+	// add a new column `expires_at`
+	column := &sqlschema.Column{
+		Name:     sqlschema.ColumnName("expires_at"),
+		DataType: sqlschema.DataTypeTimestamp,
+		Nullable: true,
+	}
+
+	// for existing rows set
+	defaultValueForExistingRows := time.Now()
+
+	sqls := migration.sqlschema.Operator().AddColumn(table, uniqueConstraints, column, defaultValueForExistingRows)
+
+	for _, sql := range sqls {
+		if _, err := tx.ExecContext(ctx, string(sql)); err != nil {
+			return err
+		}
+	}
+
+	if err := tx.Commit(); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (migration *addResetPasswordTokenExpiry) Down(ctx context.Context, db *bun.DB) error {
+	return nil
+}

pkg/types/emailtypes/template.go

@@ -12,12 +12,13 @@ import (
 var (
 	// Templates is a list of all the templates that are supported by the emailing service.
 	// This list should be updated whenever a new template is added.
-	Templates = []TemplateName{TemplateNameInvitationEmail, TemplateNameUpdateRole}
+	Templates = []TemplateName{TemplateNameInvitationEmail, TemplateNameUpdateRole, TemplateNameResetPassword}
 )
 
 var (
 	TemplateNameInvitationEmail = TemplateName{valuer.NewString("invitation_email")}
 	TemplateNameUpdateRole      = TemplateName{valuer.NewString("update_role")}
+	TemplateNameResetPassword   = TemplateName{valuer.NewString("reset_password_email")}
 )
 
 type TemplateName struct{ valuer.String }
@@ -28,6 +29,8 @@ func NewTemplateName(name string) (TemplateName, error) {
 		return TemplateNameInvitationEmail, nil
 	case TemplateNameUpdateRole.StringValue():
 		return TemplateNameUpdateRole, nil
+	case TemplateNameResetPassword.StringValue():
+		return TemplateNameResetPassword, nil
 	default:
 		return TemplateName{}, errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "invalid template name: %s", name)
 	}

pkg/types/factor_password.go

@@ -35,12 +35,19 @@ type ChangePasswordRequest struct {
 	NewPassword string      `json:"newPassword"`
 }
 
+type PostableForgotPassword struct {
+	OrgID           valuer.UUID  `json:"orgId"`
+	Email           valuer.Email `json:"email"`
+	FrontendBaseURL string       `json:"frontendBaseURL"`
+}
+
 type ResetPasswordToken struct {
 	bun.BaseModel `bun:"table:reset_password_token"`
 
 	Identifiable
 	Token      string      `bun:"token,type:text,notnull" json:"token"`
 	PasswordID valuer.UUID `bun:"password_id,type:text,notnull,unique" json:"passwordId"`
+	ExpiresAt  time.Time   `bun:"expires_at,type:timestamptz,nullzero" json:"expiresAt"`
 }
 
 type FactorPassword struct {
@@ -136,13 +143,14 @@ func NewHashedPassword(password string) (string, error) {
 	return string(hashedPassword), nil
 }
 
-func NewResetPasswordToken(passwordID valuer.UUID) (*ResetPasswordToken, error) {
+func NewResetPasswordToken(passwordID valuer.UUID, expiresAt time.Time) (*ResetPasswordToken, error) {
 	return &ResetPasswordToken{
 		Identifiable: Identifiable{
 			ID: valuer.GenerateUUID(),
 		},
 		Token:      valuer.GenerateUUID().String(),
 		PasswordID: passwordID,
+		ExpiresAt:  expiresAt,
 	}, nil
 }
 
@@ -208,3 +216,7 @@ func (f *FactorPassword) Equals(password string) bool {
 func comparePassword(hashedPassword string, password string) bool {
 	return bcrypt.CompareHashAndPassword([]byte(hashedPassword), []byte(password)) == nil
 }
+
+func (r *ResetPasswordToken) IsExpired() bool {
+	return r.ExpiresAt.Before(time.Now())
+}

pkg/types/querybuildertypes/querybuildertypesv5/builder_elements.go

@@ -553,6 +553,18 @@ func (f Function) Copy() Function {
 	return c
 }
 
+// Validate validates the name and args for the function
+func (f Function) Validate() error {
+	if err := f.Name.Validate(); err != nil {
+		return err
+	}
+	// Validate args for function
+	if err := f.ValidateArgs(); err != nil {
+		return err
+	}
+	return nil
+}
+
 type LimitBy struct {
 	// keys to limit by
 	Keys []string `json:"keys"`

pkg/types/querybuildertypes/querybuildertypesv5/formula.go

@@ -73,6 +73,43 @@ func (f *QueryBuilderFormula) UnmarshalJSON(data []byte) error {
 	return nil
 }
 
+// Validate checks if the QueryBuilderFormula fields are valid
+func (f QueryBuilderFormula) Validate() error {
+	// Validate name is not blank
+	if strings.TrimSpace(f.Name) == "" {
+		return errors.NewInvalidInputf(
+			errors.CodeInvalidInput,
+			"formula name cannot be blank",
+		)
+	}
+
+	// Validate expression is not blank
+	if strings.TrimSpace(f.Expression) == "" {
+		return errors.NewInvalidInputf(
+			errors.CodeInvalidInput,
+			"formula expression cannot be blank",
+		)
+	}
+
+	// Validate functions if present
+	for i, fn := range f.Functions {
+		if err := fn.Validate(); err != nil {
+			fnId := fmt.Sprintf("function #%d", i+1)
+			if f.Name != "" {
+				fnId = fmt.Sprintf("function #%d in formula '%s'", i+1, f.Name)
+			}
+			return errors.NewInvalidInputf(
+				errors.CodeInvalidInput,
+				"invalid %s: %s",
+				fnId,
+				err.Error(),
+			)
+		}
+	}
+
+	return nil
+}
+
 // small container to store the query name and index or alias reference
 // for a variable in the formula expression
 // read below for more details on aggregation references

pkg/types/querybuildertypes/querybuildertypesv5/functions.go

@@ -1,10 +1,13 @@
 package querybuildertypesv5
 
 import (
+	"fmt"
 	"math"
 	"slices"
 	"strconv"
+	"strings"
 
+	"github.com/SigNoz/signoz/pkg/errors"
 	"github.com/SigNoz/signoz/pkg/valuer"
 )
 
@@ -33,6 +36,46 @@ var (
 	FunctionNameFillZero      = FunctionName{valuer.NewString("fillZero")}
 )
 
+// Validate checks if the FunctionName is valid and one of the known types
+func (fn FunctionName) Validate() error {
+	validFunctions := []FunctionName{
+		FunctionNameCutOffMin,
+		FunctionNameCutOffMax,
+		FunctionNameClampMin,
+		FunctionNameClampMax,
+		FunctionNameAbsolute,
+		FunctionNameRunningDiff,
+		FunctionNameLog2,
+		FunctionNameLog10,
+		FunctionNameCumulativeSum,
+		FunctionNameEWMA3,
+		FunctionNameEWMA5,
+		FunctionNameEWMA7,
+		FunctionNameMedian3,
+		FunctionNameMedian5,
+		FunctionNameMedian7,
+		FunctionNameTimeShift,
+		FunctionNameAnomaly,
+		FunctionNameFillZero,
+	}
+
+	if slices.Contains(validFunctions, fn) {
+		return nil
+	}
+
+	// Format valid functions as comma-separated string
+	var validFunctionNames []string
+	for _, fn := range validFunctions {
+		validFunctionNames = append(validFunctionNames, fn.StringValue())
+	}
+
+	return errors.NewInvalidInputf(
+		errors.CodeInvalidInput,
+		"invalid function name: %s",
+		fn.StringValue(),
+	).WithAdditional(fmt.Sprintf("valid functions are: %s", strings.Join(validFunctionNames, ", ")))
+}
+
 // ApplyFunction applies the given function to the result data
 func ApplyFunction(fn Function, result *TimeSeries) *TimeSeries {
 	// Extract the function name and arguments
@@ -112,6 +155,61 @@ func ApplyFunction(fn Function, result *TimeSeries) *TimeSeries {
 	return result
 }
 
+// ValidateArgs validates the arguments for the given function
+func (fn Function) ValidateArgs() error {
+	// Extract the function name and arguments
+	name := fn.Name
+	args := fn.Args
+
+	switch name {
+	case FunctionNameCutOffMin, FunctionNameCutOffMax, FunctionNameClampMin, FunctionNameClampMax:
+		if len(args) == 0 {
+			return errors.NewInvalidInputf(
+				errors.CodeInvalidInput,
+				"threshold value is required for function %s",
+				name.StringValue(),
+			)
+		}
+		_, err := parseFloat64Arg(args[0].Value)
+		if err != nil {
+			return errors.NewInvalidInputf(
+				errors.CodeInvalidInput,
+				"threshold value must be a floating value for function %s",
+				name.StringValue(),
+			)
+		}
+	case FunctionNameEWMA3, FunctionNameEWMA5, FunctionNameEWMA7:
+		if len(args) == 0 {
+			return nil // alpha is optional for EWMA functions
+		}
+		_, err := parseFloat64Arg(args[0].Value)
+		if err != nil {
+			return errors.NewInvalidInputf(
+				errors.CodeInvalidInput,
+				"alpha value must be a floating value for function %s",
+				name.StringValue(),
+			)
+		}
+	case FunctionNameTimeShift:
+		if len(args) == 0 {
+			return errors.NewInvalidInputf(
+				errors.CodeInvalidInput,
+				"time shift value is required for function %s",
+				name.StringValue(),
+			)
+		}
+		_, err := parseFloat64Arg(args[0].Value)
+		if err != nil {
+			return errors.NewInvalidInputf(
+				errors.CodeInvalidInput,
+				"time shift value must be a floating value for function %s",
+				name.StringValue(),
+			)
+		}
+	}
+	return nil
+}
+
 // parseFloat64Arg parses an argument to float64
 func parseFloat64Arg(value any) (float64, error) {
 	switch v := value.(type) {

pkg/types/querybuildertypes/querybuildertypesv5/validation.go

@@ -65,46 +65,6 @@ const (
 	MaxQueryLimit = 10000
 )
 
-// ValidateFunctionName checks if the function name is valid
-func ValidateFunctionName(name FunctionName) error {
-	validFunctions := []FunctionName{
-		FunctionNameCutOffMin,
-		FunctionNameCutOffMax,
-		FunctionNameClampMin,
-		FunctionNameClampMax,
-		FunctionNameAbsolute,
-		FunctionNameRunningDiff,
-		FunctionNameLog2,
-		FunctionNameLog10,
-		FunctionNameCumulativeSum,
-		FunctionNameEWMA3,
-		FunctionNameEWMA5,
-		FunctionNameEWMA7,
-		FunctionNameMedian3,
-		FunctionNameMedian5,
-		FunctionNameMedian7,
-		FunctionNameTimeShift,
-		FunctionNameAnomaly,
-		FunctionNameFillZero,
-	}
-
-	if slices.Contains(validFunctions, name) {
-		return nil
-	}
-
-	// Format valid functions as comma-separated string
-	var validFunctionNames []string
-	for _, fn := range validFunctions {
-		validFunctionNames = append(validFunctionNames, fn.StringValue())
-	}
-
-	return errors.NewInvalidInputf(
-		errors.CodeInvalidInput,
-		"invalid function name: %s",
-		name.StringValue(),
-	).WithAdditional(fmt.Sprintf("valid functions are: %s", strings.Join(validFunctionNames, ", ")))
-}
-
 // Validate performs preliminary validation on QueryBuilderQuery
 func (q *QueryBuilderQuery[T]) Validate(requestType RequestType) error {
 	// Validate signal
@@ -311,7 +271,7 @@ func (q *QueryBuilderQuery[T]) validateLimitAndPagination() error {
 
 func (q *QueryBuilderQuery[T]) validateFunctions() error {
 	for i, fn := range q.Functions {
-		if err := ValidateFunctionName(fn.Name); err != nil {
+		if err := fn.Validate(); err != nil {
 			fnId := fmt.Sprintf("function #%d", i+1)
 			if q.Name != "" {
 				fnId = fmt.Sprintf("function #%d in query '%s'", i+1, q.Name)

pkg/types/user.go

@@ -143,6 +143,7 @@ type UserStore interface {
 	GetPasswordByUserID(ctx context.Context, userID valuer.UUID) (*FactorPassword, error)
 	GetResetPasswordToken(ctx context.Context, token string) (*ResetPasswordToken, error)
 	GetResetPasswordTokenByPasswordID(ctx context.Context, passwordID valuer.UUID) (*ResetPasswordToken, error)
+	DeleteResetPasswordTokenByPasswordID(ctx context.Context, passwordID valuer.UUID) error
 	UpdatePassword(ctx context.Context, password *FactorPassword) error
 
 	// API KEY

templates/email/reset_password_email.gotmpl

@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<html>
+<body>
+    <p>Hello {{.Name}},</p>
+    <p>You requested a password reset for your SigNoz account.</p>
+    <p>Click the link below to reset your password:</p>
+    <a href="{{.Link}}">Reset Password</a>
+    <p>This link will expire in {{.Expiry}}.</p>
+    <p>If you didn't request this, please ignore this email. Your password will remain unchanged.</p>
+    <br>
+    <p>Best regards,<br>The SigNoz Team</p>
+</body>
+</html>

tests/integration/fixtures/signoz.py

@@ -67,6 +67,8 @@ def signoz(  # pylint: disable=too-many-arguments,too-many-positional-arguments
                 "SIGNOZ_GATEWAY_URL": gateway.container_configs["8080"].base(),
                 "SIGNOZ_TOKENIZER_JWT_SECRET": "secret",
                 "SIGNOZ_GLOBAL_INGESTION__URL": "https://ingest.test.signoz.cloud",
+                "SIGNOZ_USER_PASSWORD_RESET_ALLOW__SELF": True,
+                "SIGNOZ_USER_PASSWORD_RESET_MAX__TOKEN__LIFETIME": "6h",
             }
             | sqlstore.env
             | clickhouse.env

tests/integration/src/passwordauthn/04_password.py

@@ -7,6 +7,8 @@ from sqlalchemy import sql
 from fixtures import types
 from fixtures.logger import setup_logger
 
+from datetime import datetime, timedelta, timezone
+
 logger = setup_logger(__name__)
 
 
@@ -240,3 +242,261 @@ def test_reset_password_with_no_password(
 
     token = get_token("admin+password@integration.test", "FINALPASSword123!#[")
     assert token is not None
+
+def test_forgot_password_returns_204_for_nonexistent_email(
+    signoz: types.SigNoz,
+) -> None:
+    """
+    Test that forgotPassword returns 204 even for non-existent emails
+    (for security reasons - doesn't reveal if user exists).
+    """
+    # Get org ID first (needed for the forgot password request)
+    response = requests.get(
+        signoz.self.host_configs["8080"].get("/api/v2/sessions/context"),
+        params={
+            "email": "admin@integration.test",
+            "ref": f"{signoz.self.host_configs['8080'].base()}",
+        },
+        timeout=5,
+    )
+    assert response.status_code == HTTPStatus.OK
+    org_id = response.json()["data"]["orgs"][0]["id"]
+
+    # Call forgot password with a non-existent email
+    response = requests.post(
+        signoz.self.host_configs["8080"].get("/api/v2/factor_password/forgot"),
+        json={
+            "email": "nonexistent@integration.test",
+            "orgId": org_id,
+            "frontendBaseURL": signoz.self.host_configs["8080"].base(),
+        },
+        timeout=5,
+    )
+
+    # Should return 204 even for non-existent email (security)
+    assert response.status_code == HTTPStatus.NO_CONTENT
+
+
+def test_forgot_password_creates_reset_token(
+    signoz: types.SigNoz, get_token: Callable[[str, str], str]
+) -> None:
+    """
+    Test the full forgot password flow:
+    1. Call forgotPassword endpoint for existing user
+    2. Verify reset password token is created in database
+    3. Use the token to reset password
+    4. Verify user can login with new password
+    """
+    admin_token = get_token("admin@integration.test", "password123Z$")
+
+    # Create a user specifically for testing forgot password
+    response = requests.post(
+        signoz.self.host_configs["8080"].get("/api/v1/invite"),
+        json={"email": "forgot@integration.test", "role": "EDITOR", "name": "forgotpassword user"},
+        timeout=2,
+        headers={"Authorization": f"Bearer {admin_token}"},
+    )
+    assert response.status_code == HTTPStatus.CREATED
+
+    # Get the invite token
+    response = requests.get(
+        signoz.self.host_configs["8080"].get("/api/v1/invite"),
+        timeout=2,
+        headers={"Authorization": f"Bearer {admin_token}"},
+    )
+    invite_response = response.json()["data"]
+    found_invite = next(
+        (
+            invite
+            for invite in invite_response
+            if invite["email"] == "forgot@integration.test"
+        ),
+        None,
+    )
+
+    # Accept the invite to create the user
+    response = requests.post(
+        signoz.self.host_configs["8080"].get("/api/v1/invite/accept"),
+        json={
+            "password": "originalPassword123Z$",
+            "displayName": "forgotpassword user",
+            "token": f"{found_invite['token']}",
+        },
+        timeout=2,
+    )
+    assert response.status_code == HTTPStatus.CREATED
+
+    # Get org ID
+    response = requests.get(
+        signoz.self.host_configs["8080"].get("/api/v2/sessions/context"),
+        params={
+            "email": "forgot@integration.test",
+            "ref": f"{signoz.self.host_configs['8080'].base()}",
+        },
+        timeout=5,
+    )
+    assert response.status_code == HTTPStatus.OK
+    org_id = response.json()["data"]["orgs"][0]["id"]
+
+    # Call forgot password endpoint
+    response = requests.post(
+        signoz.self.host_configs["8080"].get("/api/v2/factor_password/forgot"),
+        json={
+            "email": "forgot@integration.test",
+            "orgId": org_id,
+            "frontendBaseURL": signoz.self.host_configs["8080"].base(),
+        },
+        timeout=5,
+    )
+    assert response.status_code == HTTPStatus.NO_CONTENT
+
+    # Verify reset password token was created by querying the database
+    # First, get the user ID
+    response = requests.get(
+        signoz.self.host_configs["8080"].get("/api/v1/user"),
+        timeout=2,
+        headers={"Authorization": f"Bearer {admin_token}"},
+    )
+    assert response.status_code == HTTPStatus.OK
+    user_response = response.json()["data"]
+    found_user = next(
+        (
+            user
+            for user in user_response
+            if user["email"] == "forgot@integration.test"
+        ),
+        None,
+    )
+    assert found_user is not None
+
+    reset_token = None
+    # Query the database directly to get the reset password token
+    # First get the password_id from factor_password, then get the token
+    with signoz.sqlstore.conn.connect() as conn:
+        result = conn.execute(
+            sql.text("""
+                SELECT rpt.token 
+                FROM reset_password_token rpt
+                JOIN factor_password fp ON rpt.password_id = fp.id
+                WHERE fp.user_id = :user_id
+            """),
+            {"user_id": found_user["id"]},
+        )
+        row = result.fetchone()
+        assert row is not None, "Reset password token should exist after calling forgotPassword"
+        reset_token = row[0]
+
+    assert reset_token is not None
+    assert reset_token != ""
+
+    # Reset password with a valid strong password
+    response = requests.post(
+        signoz.self.host_configs["8080"].get("/api/v1/resetPassword"),
+        json={"password": "newSecurePassword123Z$!", "token": reset_token},
+        timeout=2,
+    )
+    assert response.status_code == HTTPStatus.NO_CONTENT
+
+    # Verify user can login with the new password
+    user_token = get_token("forgot@integration.test", "newSecurePassword123Z$!")
+    assert user_token is not None
+
+    # Verify old password no longer works
+    try:
+        get_token("forgot@integration.test", "originalPassword123Z$")
+        assert False, "Old password should not work after reset"
+    except AssertionError:
+        pass  # Expected - old password should fail
+
+
+def test_reset_password_with_expired_token(
+    signoz: types.SigNoz, get_token: Callable[[str, str], str]
+) -> None:
+    """
+    Test that resetting password with an expired token fails.
+    """
+    admin_token = get_token("admin@integration.test", "password123Z$")
+
+    # Get user ID for the forgot@integration.test user
+    response = requests.get(
+        signoz.self.host_configs["8080"].get("/api/v1/user"),
+        timeout=2,
+        headers={"Authorization": f"Bearer {admin_token}"},
+    )
+    assert response.status_code == HTTPStatus.OK
+    user_response = response.json()["data"]
+    found_user = next(
+        (
+            user
+            for user in user_response
+            if user["email"] == "forgot@integration.test"
+        ),
+        None,
+    )
+    assert found_user is not None
+
+    # Get org ID
+    response = requests.get(
+        signoz.self.host_configs["8080"].get("/api/v2/sessions/context"),
+        params={
+            "email": "forgot@integration.test",
+            "ref": f"{signoz.self.host_configs['8080'].base()}",
+        },
+        timeout=5,
+    )
+    assert response.status_code == HTTPStatus.OK
+    org_id = response.json()["data"]["orgs"][0]["id"]
+
+    # Call forgot password to generate a new token
+    response = requests.post(
+        signoz.self.host_configs["8080"].get("/api/v2/factor_password/forgot"),
+        json={
+            "email": "forgot@integration.test",
+            "orgId": org_id,
+            "frontendBaseURL": signoz.self.host_configs["8080"].base(),
+        },
+        timeout=5,
+    )
+    assert response.status_code == HTTPStatus.NO_CONTENT
+
+    # Query the database to get the token and then expire it
+    reset_token = None
+    with signoz.sqlstore.conn.connect() as conn:
+        # First get the token
+        result = conn.execute(
+            sql.text("""
+                SELECT rpt.token, rpt.id
+                FROM reset_password_token rpt
+                JOIN factor_password fp ON rpt.password_id = fp.id
+                WHERE fp.user_id = :user_id
+            """),
+            {"user_id": found_user["id"]},
+        )
+        row = result.fetchone()
+        assert row is not None, "Reset password token should exist"
+        reset_token = row[0]
+        token_id = row[1]
+
+        # Now expire the token by setting expires_at to a past time
+        conn.execute(
+            sql.text("""
+                UPDATE reset_password_token 
+                SET expires_at = :expired_time 
+                WHERE id = :token_id
+            """),
+            {
+                "expired_time": "2020-01-01 00:00:00",
+                "token_id": token_id,
+            },
+        )
+        conn.commit()
+
+    assert reset_token is not None
+
+    # Try to use the expired token - should fail with 401 Unauthorized
+    response = requests.post(
+        signoz.self.host_configs["8080"].get("/api/v1/resetPassword"),
+        json={"password": "expiredTokenPassword123Z$!", "token": reset_token},
+        timeout=2,
+    )
+    assert response.status_code == HTTPStatus.UNAUTHORIZED