Password reset is one of the most critical flows in any application. It's also one of the most commonly untested.

The reason is always the same — the flow requires a real email. You click "Forgot password", an email arrives, you click the link, you reset. There's no way to test this without catching that email.

This guide shows how to test the complete password reset flow in a Next.js app using Playwright and ZeroDrop — end-to-end, in CI, without mocking.

The flow we're testing

User requests a password reset