d354da5b51
Users who forget their password can now request a reset link via email. Tokens are SHA-256 hashed before storage, expire after 1 hour, and previous unused tokens are invalidated on new requests. The forgot-password endpoint always returns success to prevent email enumeration. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
226 lines
5.3 KiB
Vue
226 lines
5.3 KiB
Vue
<script setup lang="ts">
|
|
import { ref, computed } from "vue";
|
|
import { useRoute } from "vue-router";
|
|
import { apiPost } from "@/api/client";
|
|
import AppLogo from "@/components/AppLogo.vue";
|
|
|
|
const route = useRoute();
|
|
|
|
const token = computed(() => (route.query.token as string) || "");
|
|
const password = ref("");
|
|
const confirmPassword = ref("");
|
|
const error = ref("");
|
|
const submitting = ref(false);
|
|
const success = ref(false);
|
|
|
|
const passwordMismatch = computed(
|
|
() => confirmPassword.value.length > 0 && password.value !== confirmPassword.value
|
|
);
|
|
|
|
const canSubmit = computed(
|
|
() => !submitting.value && !passwordMismatch.value && password.value.length >= 8 && !!token.value
|
|
);
|
|
|
|
async function handleSubmit() {
|
|
if (passwordMismatch.value) {
|
|
error.value = "Passwords do not match";
|
|
return;
|
|
}
|
|
error.value = "";
|
|
submitting.value = true;
|
|
try {
|
|
await apiPost("/api/auth/reset-password", {
|
|
token: token.value,
|
|
new_password: password.value,
|
|
});
|
|
success.value = true;
|
|
} catch (e: unknown) {
|
|
if (e && typeof e === "object" && "body" in e) {
|
|
const body = (e as { body?: { error?: string } }).body;
|
|
error.value = body?.error || "Failed to reset password";
|
|
} else {
|
|
error.value = "Failed to reset password";
|
|
}
|
|
} finally {
|
|
submitting.value = false;
|
|
}
|
|
}
|
|
</script>
|
|
|
|
<template>
|
|
<main class="auth-page">
|
|
<div class="auth-card">
|
|
<div class="auth-brand"><AppLogo :size="32" /><h1>Set New Password</h1></div>
|
|
|
|
<div v-if="!token" class="error-block">
|
|
<p>Invalid reset link. Please request a new password reset.</p>
|
|
<p class="auth-footer">
|
|
<router-link to="/forgot-password">Request new link</router-link>
|
|
</p>
|
|
</div>
|
|
|
|
<template v-else-if="!success">
|
|
<form @submit.prevent="handleSubmit">
|
|
<div class="field">
|
|
<label for="password">New Password</label>
|
|
<input
|
|
id="password"
|
|
v-model="password"
|
|
type="password"
|
|
autocomplete="new-password"
|
|
required
|
|
minlength="8"
|
|
class="input"
|
|
/>
|
|
<p class="field-hint">Must be at least 8 characters</p>
|
|
</div>
|
|
<div class="field">
|
|
<label for="confirm-password">Confirm Password</label>
|
|
<input
|
|
id="confirm-password"
|
|
v-model="confirmPassword"
|
|
type="password"
|
|
autocomplete="new-password"
|
|
required
|
|
class="input"
|
|
:class="{ 'input-error': passwordMismatch }"
|
|
/>
|
|
<p v-if="passwordMismatch" class="error-hint">Passwords do not match</p>
|
|
</div>
|
|
<p v-if="error" class="error-msg">{{ error }}</p>
|
|
<button type="submit" class="btn-submit" :disabled="!canSubmit">
|
|
{{ submitting ? "Resetting..." : "Reset Password" }}
|
|
</button>
|
|
</form>
|
|
</template>
|
|
|
|
<div v-else class="success-msg">
|
|
<p>Your password has been reset successfully.</p>
|
|
<p>You can now sign in with your new password.</p>
|
|
</div>
|
|
|
|
<p class="auth-footer">
|
|
<router-link to="/login">Back to Sign In</router-link>
|
|
</p>
|
|
</div>
|
|
</main>
|
|
</template>
|
|
|
|
<style scoped>
|
|
.auth-page {
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
min-height: 100vh;
|
|
padding: 1rem;
|
|
}
|
|
.auth-card {
|
|
width: 100%;
|
|
max-width: 400px;
|
|
background: var(--color-bg-card);
|
|
border: 1px solid var(--color-border);
|
|
border-radius: var(--radius-md);
|
|
padding: 2rem;
|
|
}
|
|
.auth-brand {
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
gap: 0.5rem;
|
|
margin-bottom: 1.5rem;
|
|
}
|
|
.auth-card h1 {
|
|
margin: 0;
|
|
text-align: center;
|
|
}
|
|
.error-block {
|
|
text-align: center;
|
|
color: var(--color-text-secondary);
|
|
font-size: 0.95rem;
|
|
padding: 0.5rem 0;
|
|
}
|
|
.error-block p {
|
|
margin: 0.5rem 0;
|
|
}
|
|
.success-msg {
|
|
text-align: center;
|
|
color: var(--color-text-secondary);
|
|
font-size: 0.95rem;
|
|
padding: 0.5rem 0;
|
|
}
|
|
.success-msg p {
|
|
margin: 0.5rem 0;
|
|
}
|
|
.field {
|
|
margin-bottom: 1rem;
|
|
}
|
|
.field label {
|
|
display: block;
|
|
font-size: 0.9rem;
|
|
font-weight: 600;
|
|
margin-bottom: 0.35rem;
|
|
}
|
|
.input {
|
|
width: 100%;
|
|
padding: 0.5rem 0.75rem;
|
|
border: 1px solid var(--color-border);
|
|
border-radius: var(--radius-sm);
|
|
font-size: 0.95rem;
|
|
background: var(--color-bg);
|
|
color: var(--color-text);
|
|
box-sizing: border-box;
|
|
}
|
|
.input:focus {
|
|
outline: none;
|
|
border-color: var(--color-primary);
|
|
}
|
|
.input-error {
|
|
border-color: var(--color-danger);
|
|
}
|
|
.input-error:focus {
|
|
border-color: var(--color-danger);
|
|
}
|
|
.field-hint {
|
|
margin: 0.35rem 0 0;
|
|
font-size: 0.8rem;
|
|
color: var(--color-text-muted);
|
|
}
|
|
.error-hint {
|
|
margin: 0.35rem 0 0;
|
|
font-size: 0.8rem;
|
|
color: var(--color-danger);
|
|
}
|
|
.error-msg {
|
|
color: var(--color-danger);
|
|
font-size: 0.9rem;
|
|
margin: 0 0 0.75rem;
|
|
}
|
|
.btn-submit {
|
|
width: 100%;
|
|
padding: 0.6rem;
|
|
background: var(--color-primary);
|
|
color: #fff;
|
|
border: none;
|
|
border-radius: var(--radius-sm);
|
|
cursor: pointer;
|
|
font-size: 0.95rem;
|
|
font-weight: 600;
|
|
}
|
|
.btn-submit:disabled {
|
|
opacity: 0.6;
|
|
cursor: default;
|
|
}
|
|
.btn-submit:hover:not(:disabled) {
|
|
opacity: 0.9;
|
|
}
|
|
.auth-footer {
|
|
text-align: center;
|
|
font-size: 0.9rem;
|
|
color: var(--color-text-secondary);
|
|
margin: 1rem 0 0;
|
|
}
|
|
.auth-footer a {
|
|
color: var(--color-primary);
|
|
}
|
|
</style>
|