Add email-based password reset flow
Users who forget their password can now request a reset link via email. Tokens are SHA-256 hashed before storage, expire after 1 hour, and previous unused tokens are invalidated on new requests. The forgot-password endpoint always returns success to prevent email enumeration. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -22,6 +22,18 @@ const router = createRouter({
|
||||
component: () => import("@/views/RegisterView.vue"),
|
||||
meta: { public: true },
|
||||
},
|
||||
{
|
||||
path: "/forgot-password",
|
||||
name: "forgot-password",
|
||||
component: () => import("@/views/ForgotPasswordView.vue"),
|
||||
meta: { public: true },
|
||||
},
|
||||
{
|
||||
path: "/reset-password",
|
||||
name: "reset-password",
|
||||
component: () => import("@/views/ResetPasswordView.vue"),
|
||||
meta: { public: true },
|
||||
},
|
||||
{
|
||||
path: "/notes",
|
||||
name: "notes",
|
||||
|
||||
Reference in New Issue
Block a user