feat(auth): forgot password flow and login by email or username#8
Merged
Conversation
backend handlers, email token, frontend form and URL param handling
backend looks up user by email if input contains @, else by login. @ is forbidden in login name at register and profile update to keep the distinction unambiguous.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Password reset via email link and sign-in by email or username.
Backend
POST /forgot-password- creates a reset token (1h TTL), sends link to user email. Always returns 200 to prevent email enumeration. Skips Google-only accounts.POST /reset-password- validates token, hashes and saves new password, upserts local identity.@, else by login.@forbidden in usernames (RegisterSchema,UpdateProfileSchema) to keep the distinction unambiguous.passwordResetHandlers.ts,sendPasswordResetEmailinemailService,ForgotPasswordSchemaandResetPasswordSchemaadded toAuthSchema.Frontend
ForgotPasswordStage.tsx- email input form with "Check your inbox" success state, added asforgotstage inAuthPopup.ResetPasswordPopup.tsx- two-field password form opened automatically when user follows?auth=reset_password&token=...link.forgotPasswordandresetPasswordmutations added toauth.api.