Add email-based password reset flow
Users who forget their password can now request a reset link via email. Tokens are SHA-256 hashed before storage, expire after 1 hour, and previous unused tokens are invalidated on new requests. The forgot-password endpoint always returns success to prevent email enumeration. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -69,6 +69,9 @@ async function handleSubmit() {
|
||||
class="input"
|
||||
/>
|
||||
</div>
|
||||
<p class="forgot-link">
|
||||
<router-link to="/forgot-password">Forgot your password?</router-link>
|
||||
</p>
|
||||
<p v-if="error" class="error-msg">{{ error }}</p>
|
||||
<button type="submit" class="btn-submit" :disabled="submitting">
|
||||
{{ submitting ? "Signing in..." : "Sign In" }}
|
||||
@@ -173,4 +176,15 @@ async function handleSubmit() {
|
||||
.auth-footer a {
|
||||
color: var(--color-primary);
|
||||
}
|
||||
.forgot-link {
|
||||
text-align: right;
|
||||
margin: -0.5rem 0 0.75rem;
|
||||
font-size: 0.85rem;
|
||||
}
|
||||
.forgot-link a {
|
||||
color: var(--color-text-secondary);
|
||||
}
|
||||
.forgot-link a:hover {
|
||||
color: var(--color-primary);
|
||||
}
|
||||
</style>
|
||||
|
||||
Reference in New Issue
Block a user