@cosmicdrift/kumiko-bundled-features 0.3.0 → 0.4.1

package/CHANGELOG.md

@@ -1,5 +1,86 @@
 # @cosmicdrift/kumiko-bundled-features
 
+## 0.4.1
+
+### Patch Changes
+
+- 010b410: feat(auth-email-password): "Bestätigungs-Mail erneut senden" im LoginScreen
+
+  LoginScreen bietet bei reason=email_not_verified jetzt einen Resend-Link
+  im Fehler-Banner — der existierende `requestEmailVerification`-Endpoint
+  wird direkt aufgerufen, der Banner wechselt nach Erfolg zum Info-Variant
+  ("Wir haben dir eine neue Bestätigungs-Mail geschickt.").
+
+  UX-Details:
+
+  - Bei 429 → inline-Hint "Bitte warte kurz und versuche es erneut."
+  - Bei Netzwerk/sonstigen Fehlern → inline-Hint "Konnte nicht senden."
+  - Anti-Typo-Gate: ändert der User die Email-Eingabe nach dem Login-Fail,
+    verschwindet der Resend-Link — sonst würde Resend silent-success an die
+    geänderte (potentiell typoed) Adresse gehen ohne User-Feedback.
+  - Andere Failure-Codes (invalid_credentials etc.) zeigen weiterhin keinen
+    Resend-Link.
+
+  i18n: 4 neue Keys (DE+EN) im `auth.login.resend*`-Namespace, additive.
+  Apps die ihre Translations override-en müssen nichts ändern.
+
+  Additive UI-Feature — keine API-Breaks, keine Schema-Migration.
+
+- Updated dependencies [010b410]
+  - @cosmicdrift/kumiko-framework@0.4.1
+  - @cosmicdrift/kumiko-dispatcher-live@0.4.1
+  - @cosmicdrift/kumiko-renderer@0.4.1
+  - @cosmicdrift/kumiko-renderer-web@0.4.1
+
+## 0.4.0
+
+### Minor Changes
+
+- 825e7d2: Visual-Tree V.1.4 → V.1.6 — Feature-complete Editor + Folder-Hierarchy + Roving-tabindex.
+
+  **V.1.4** — explicit `folder?: string` Schema-Field auf text-block-entity. Slug bleibt
+  kebab-only validiert, Folder explizit gesetzt. Tree gruppiert via `groupBlocksByFolder`
+  (ersetzt `groupBlocksBySlugPrefix`). `Subscribe<T>` Signature um optional `emitError`
+  erweitert für explicit async-error-Pfade. ProviderBranch zeigt Error-Banner mit
+  Retry-Button. Drift-Test pinnt seedTextBlock-vs-set.write Slug-Validation.
+
+  **V.1.4b** — URL-State-Routing für Editor-Target via `nav.searchParams`. F5 + Back-Button
+  stellen den Editor-State wieder her. Format: `?t=text-content:edit&a_slug=...&a_lang=...`.
+  Plus `useDispatchTarget` hook ersetzt globalen `dispatchTarget` als empfohlenen Production-
+  Pfad (legacy bleibt für Test-Hooks).
+
+  **V.1.5** — Arrow-Key-Navigation (`<aside role="tree">`, ARIA-tree-Pattern) + SSE-driven
+  Tree-Refresh. `ClientFeatureDefinition.treeEntities?: string[]` listet Entity-Namen pro
+  Provider; live-events triggern provider-re-mount → Stale-Tree-state="stub"→"filled"
+  flippt nach save automatisch.
+
+  **V.1.5c+d** — Active-Node-Highlight (explicit blue + 2px border-l + scrollIntoView),
+  VS-Code-Polish (compact spacing, focus-visible, folder-icon-color text-amber, indent-
+  guides per ancestor-depth), Folder-Wrapper für legal-pages ("📁 Legal" + slug-first
+  Verschachtelung) und text-content ("📁 Content").
+
+  **V.1.6** — Multi-level Folder-Splitting (`folder="page/marketing"` → nested folders,
+  walk-or-create-pattern, folder/leaf-collision-tolerant). Roving-tabindex (nur focused-
+  treeitem hat tabIndex=0, Tab cyclt aus dem Tree raus).
+
+  35/35 kumiko check PASS, 13/13 group-blocks + 22/22 text-content integration tests grün.
+  Browser + Keyboard lokal validated.
+
+  **Breaking**: `TreeContext` Type entfernt (V.1.2 SR2-Rip — war nie genutzt). Provider sind
+  session-bound: `TreeChildrenSubscribe = () => Subscribe<T>` statt `(ctx) => Subscribe<T>`.
+
+  **V.1.7-Followups**: useEffect-deps in VisualTree-focus-init (Performance), Cancellation-
+  Token in TreeProvider's fetch (emit-after-unmount-warning), inline-rename, drag-drop,
+  file-icons per slug-extension, parent-jump bei ArrowLeft auf collapsed-item.
+
+### Patch Changes
+
+- Updated dependencies [825e7d2]
+  - @cosmicdrift/kumiko-framework@0.4.0
+  - @cosmicdrift/kumiko-dispatcher-live@0.4.0
+  - @cosmicdrift/kumiko-renderer@0.4.0
+  - @cosmicdrift/kumiko-renderer-web@0.4.0
+
 ## 0.3.0
 
 ### Minor Changes

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@cosmicdrift/kumiko-bundled-features",
-  "version": "0.3.0",
+  "version": "0.4.1",
   "description": "Built-in features — tenant, user, auth, delivery. The stuff you'd rewrite anyway, already typed.",
   "license": "BUSL-1.1",
   "author": "Marc Frost <marc@cosmicdriftgamestudio.com>",
@@ -64,6 +64,8 @@
     "./text-content": "./src/text-content/index.ts",
     "./text-content/seeding": "./src/text-content/seeding.ts",
     "./text-content/web": "./src/text-content/web/index.ts",
+    "./template-resolver": "./src/template-resolver/index.ts",
+    "./renderer-foundation": "./src/renderer-foundation/index.ts",
     "./legal-pages": "./src/legal-pages/index.ts",
     "./legal-pages/web": "./src/legal-pages/web/index.ts",
     "./step-dispatcher": "./src/step-dispatcher/index.ts"
@@ -72,10 +74,10 @@
     "@aws-sdk/client-s3": "^3.1045.0",
     "@aws-sdk/lib-storage": "^3.1045.0",
     "@aws-sdk/s3-request-presigner": "^3.1045.0",
-    "@cosmicdrift/kumiko-dispatcher-live": "0.3.0",
-    "@cosmicdrift/kumiko-framework": "0.3.0",
-    "@cosmicdrift/kumiko-renderer": "0.3.0",
-    "@cosmicdrift/kumiko-renderer-web": "0.3.0",
+    "@cosmicdrift/kumiko-dispatcher-live": "0.4.1",
+    "@cosmicdrift/kumiko-framework": "0.4.1",
+    "@cosmicdrift/kumiko-renderer": "0.4.1",
+    "@cosmicdrift/kumiko-renderer-web": "0.4.1",
     "@mollie/api-client": "^4.5.0",
     "@node-rs/argon2": "^2.0.2",
     "@types/nodemailer": "^8.0.0",

package/src/auth-email-password/i18n.ts

@@ -18,6 +18,10 @@ export const defaultTranslations: TranslationsByLocale = {
     "auth.login.submit": "Einloggen",
     "auth.login.submitting": "…",
     "auth.login.forgotPassword": "Passwort vergessen?",
+    "auth.login.resendVerification": "Bestätigungs-Mail erneut senden",
+    "auth.login.resendSuccess": "Wir haben dir eine neue Bestätigungs-Mail geschickt.",
+    "auth.login.resendRateLimited": "Bitte warte kurz und versuche es erneut.",
+    "auth.login.resendError": "Konnte nicht senden. Bitte erneut versuchen.",
     "auth.errors.invalidCredentials": "E-Mail oder Passwort falsch.",
     "auth.errors.noMembership": "Dieses Konto hat keinen Tenant-Zugang.",
     "auth.errors.accountLocked": "Konto vorübergehend gesperrt.",
@@ -113,6 +117,10 @@ export const defaultTranslations: TranslationsByLocale = {
     "auth.login.submit": "Sign in",
     "auth.login.submitting": "…",
     "auth.login.forgotPassword": "Forgot password?",
+    "auth.login.resendVerification": "Send verification email again",
+    "auth.login.resendSuccess": "We've sent you a new verification email.",
+    "auth.login.resendRateLimited": "Please wait a moment and try again.",
+    "auth.login.resendError": "Could not send. Please try again.",
     "auth.errors.invalidCredentials": "Invalid email or password.",
     "auth.errors.noMembership": "This account has no tenant access.",
     "auth.errors.accountLocked": "Account temporarily locked.",

package/src/auth-email-password/web/__tests__/login-screen.test.tsx

@@ -1,10 +1,27 @@
 // @vitest-environment jsdom
 import { fireEvent, screen, waitFor } from "@testing-library/react";
-import { describe, expect, test, vi } from "vitest";
+import { beforeEach, describe, expect, test, vi } from "vitest";
+
+// Mock-Bridge für den resend-Flow: LoginScreen ruft requestEmailVerification
+// aus ../auth-client auf, wir stubben das hier um die Server-Antwort pro
+// Test-Case zu kontrollieren. vi.hoisted weil vi.mock() vor allen anderen
+// Statements gehoisted wird und sonst die Variable nicht sehen kann.
+const { requestEmailVerificationMock } = vi.hoisted(() => ({
+  requestEmailVerificationMock: vi.fn(),
+}));
+vi.mock("../auth-client", async () => {
+  const actual = await vi.importActual<typeof import("../auth-client")>("../auth-client");
+  return { ...actual, requestEmailVerification: requestEmailVerificationMock };
+});
+
 import { LoginScreen } from "../login-screen";
 import { makeSessionApi, renderWithProviders } from "./test-utils";
 
 describe("LoginScreen", () => {
+  beforeEach(() => {
+    requestEmailVerificationMock.mockReset();
+  });
+
   test("renders translated title + email + password labels (de)", () => {
     renderWithProviders(<LoginScreen />);
     expect(screen.getByText("Anmelden")).toBeTruthy();
@@ -91,4 +108,114 @@ describe("LoginScreen", () => {
     renderWithProviders(<LoginScreen />);
     expect(screen.queryByRole("link", { name: /Passwort vergessen/i })).toBeNull();
   });
+
+  // Resend-Flow: bei email_not_verified bietet der LoginScreen einen
+  // "Bestätigungs-Mail erneut senden"-Link im Fehler-Banner an.
+  describe("resend verification on email_not_verified", () => {
+    async function loginUntilEmailNotVerified(): Promise<void> {
+      fireEvent.change(screen.getByLabelText(/^E-Mail/), {
+        target: { value: "demo@example.com" },
+      });
+      fireEvent.change(screen.getByLabelText(/^Passwort/), {
+        target: { value: "secret" },
+      });
+      fireEvent.click(screen.getByRole("button", { name: "Einloggen" }));
+      await waitFor(() => {
+        expect(screen.getByRole("alert")).toBeTruthy();
+      });
+    }
+
+    function unverifiedSession() {
+      return makeSessionApi({
+        status: "unauthenticated",
+        user: null,
+        login: vi.fn(async () => ({ ok: false, error: { reason: "email_not_verified" } })),
+      });
+    }
+
+    test("renders resend button only after email_not_verified failure", async () => {
+      renderWithProviders(<LoginScreen />, { session: unverifiedSession() });
+      // Vor Submit gibt es keinen Resend-Trigger
+      expect(screen.queryByRole("button", { name: /erneut senden/i })).toBeNull();
+      await loginUntilEmailNotVerified();
+      expect(screen.getByRole("button", { name: "Bestätigungs-Mail erneut senden" })).toBeTruthy();
+    });
+
+    test("click → calls requestEmailVerification with form email and shows success banner", async () => {
+      requestEmailVerificationMock.mockResolvedValueOnce({ ok: true });
+      renderWithProviders(<LoginScreen />, { session: unverifiedSession() });
+      await loginUntilEmailNotVerified();
+
+      fireEvent.click(screen.getByRole("button", { name: "Bestätigungs-Mail erneut senden" }));
+
+      await waitFor(() => {
+        expect(requestEmailVerificationMock).toHaveBeenCalledWith("demo@example.com");
+      });
+      // Banner variant="info" setzt kein role — wir suchen per Text
+      await waitFor(() => {
+        expect(
+          screen.getByText("Wir haben dir eine neue Bestätigungs-Mail geschickt."),
+        ).toBeTruthy();
+      });
+      // Fehler-Banner (role=alert) ist weg, Success-Banner ist da
+      expect(screen.queryByRole("alert")).toBeNull();
+    });
+
+    test("rate_limited → inline hint statt success", async () => {
+      requestEmailVerificationMock.mockResolvedValueOnce({
+        ok: false,
+        error: { reason: "rate_limited" },
+      });
+      renderWithProviders(<LoginScreen />, { session: unverifiedSession() });
+      await loginUntilEmailNotVerified();
+
+      fireEvent.click(screen.getByRole("button", { name: "Bestätigungs-Mail erneut senden" }));
+
+      await waitFor(() => {
+        expect(screen.getByRole("alert").textContent).toMatch(
+          /Bitte warte kurz und versuche es erneut/,
+        );
+      });
+      // Original-Fehler bleibt sichtbar
+      expect(screen.getByRole("alert").textContent).toMatch(/E-Mail-Adresse noch nicht bestätigt/);
+    });
+
+    test("network/unknown error → generischer inline hint", async () => {
+      requestEmailVerificationMock.mockRejectedValueOnce(new Error("offline"));
+      renderWithProviders(<LoginScreen />, { session: unverifiedSession() });
+      await loginUntilEmailNotVerified();
+
+      fireEvent.click(screen.getByRole("button", { name: "Bestätigungs-Mail erneut senden" }));
+
+      await waitFor(() => {
+        expect(screen.getByRole("alert").textContent).toMatch(
+          /Konnte nicht senden. Bitte erneut versuchen/,
+        );
+      });
+    });
+
+    test("Email-Änderung nach Failure → Resend-Button verschwindet (anti-typo-Falle)", async () => {
+      renderWithProviders(<LoginScreen />, { session: unverifiedSession() });
+      await loginUntilEmailNotVerified();
+      expect(screen.getByRole("button", { name: "Bestätigungs-Mail erneut senden" })).toBeTruthy();
+
+      // User korrigiert die Email-Eingabe — Resend-Button darf nicht mehr
+      // sichtbar sein, damit kein silent-send an typo-Adresse passiert
+      fireEvent.change(screen.getByLabelText(/^E-Mail/), {
+        target: { value: "typo@example.com" },
+      });
+      expect(screen.queryByRole("button", { name: /erneut senden/i })).toBeNull();
+    });
+
+    test("invalid_credentials → KEIN Resend-Button (nur bei email_not_verified)", async () => {
+      const session = makeSessionApi({
+        status: "unauthenticated",
+        user: null,
+        login: vi.fn(async () => ({ ok: false, error: { reason: "invalid_credentials" } })),
+      });
+      renderWithProviders(<LoginScreen />, { session });
+      await loginUntilEmailNotVerified();
+      expect(screen.queryByRole("button", { name: /erneut senden/i })).toBeNull();
+    });
+  });
 });

package/src/auth-email-password/web/login-screen.tsx

@@ -11,10 +11,19 @@
 
 import { usePrimitives, useTranslation } from "@cosmicdrift/kumiko-renderer";
 import { type FormEvent, type ReactNode, useState } from "react";
-import type { LoginFailure } from "./auth-client";
+import { type LoginFailure, requestEmailVerification } from "./auth-client";
 import { AuthCard, authMutedLinkClass } from "./auth-form-primitives";
 import { useSession } from "./session";
 
+// Resend-Status für den "Bestätigungs-Mail erneut senden"-Flow, der bei
+// reason=email_not_verified unter dem Fehler-Banner angeboten wird.
+type ResendStatus =
+  | { readonly kind: "idle" }
+  | { readonly kind: "sending" }
+  | { readonly kind: "success" }
+  | { readonly kind: "rateLimited" }
+  | { readonly kind: "error" };
+
 export type LoginScreenProps = {
   /** Overridet den `auth.login.title`-i18n-Key. Nur setzen wenn der
    *  Titel stark app-branded ist und keine Translation braucht. */
@@ -77,13 +86,22 @@ export function LoginScreen({
   const [password, setPassword] = useState("");
   const [submitting, setSubmitting] = useState(false);
   const [error, setError] = useState<LoginFailure | null>(null);
+  const [resendStatus, setResendStatus] = useState<ResendStatus>({ kind: "idle" });
+  // Tracked, damit der Resend-Button verschwindet sobald der User die
+  // Email-Eingabe ändert — sonst würde Resend silent an die geänderte
+  // (potentiell typoed) Adresse gehen ohne User-Feedback.
+  const [failedLoginEmail, setFailedLoginEmail] = useState<string | null>(null);
 
   const doSubmit = async (): Promise<void> => {
     setSubmitting(true);
     setError(null);
+    setResendStatus({ kind: "idle" });
     const res = await session.login({ email, password });
     setSubmitting(false);
-    if (!res.ok) setError(res.error);
+    if (!res.ok) {
+      setError(res.error);
+      setFailedLoginEmail(email);
+    }
   };
 
   const onSubmit = (e?: FormEvent): void => {
@@ -91,6 +109,26 @@ export function LoginScreen({
     void doSubmit();
   };
 
+  // Resend-Bestätigungsmail bei reason=email_not_verified. requestEmail-
+  // Verification ist silent-success (200 auch wenn kein User existiert),
+  // sodass kein anti-enumeration-Branching nötig ist; 429 → rate-limit-
+  // Hint inline, sonstige Fehler → generischer Inline-Hint.
+  const onResend = async (): Promise<void> => {
+    setResendStatus({ kind: "sending" });
+    try {
+      const res = await requestEmailVerification(email);
+      if (res.ok) {
+        setResendStatus({ kind: "success" });
+        return;
+      }
+      setResendStatus({
+        kind: res.error.reason === "rate_limited" ? "rateLimited" : "error",
+      });
+    } catch {
+      setResendStatus({ kind: "error" });
+    }
+  };
+
   const effectiveTitle = title ?? t("auth.login.title");
   const effectiveSubmit = submitLabel ?? t("auth.login.submit");
 
@@ -122,14 +160,41 @@ export function LoginScreen({
               autoComplete="current-password"
             />
           </Field>
-          {error !== null && (
+          {resendStatus.kind === "success" ? (
+            <Banner variant="info">{t("auth.login.resendSuccess")}</Banner>
+          ) : error !== null ? (
             <Banner variant="error">
-              {(() => {
-                const { key, params } = reasonToKey(error);
-                return t(key, params);
-              })()}
+              <div className="flex flex-col gap-1">
+                <span>
+                  {(() => {
+                    const { key, params } = reasonToKey(error);
+                    return t(key, params);
+                  })()}
+                </span>
+                {error.reason === "email_not_verified" &&
+                  email.trim().length > 0 &&
+                  email === failedLoginEmail && (
+                    // kumiko-lint-ignore primitives-discipline Inline-Link im Banner (UX-Choice); Button-Primitive hat keinen link-Variant
+                    <button
+                      type="button"
+                      onClick={() => void onResend()}
+                      disabled={resendStatus.kind === "sending"}
+                      className={`${authMutedLinkClass} self-start text-left disabled:opacity-50`}
+                    >
+                      {resendStatus.kind === "sending"
+                        ? t("auth.login.submitting")
+                        : t("auth.login.resendVerification")}
+                    </button>
+                  )}
+                {resendStatus.kind === "rateLimited" && (
+                  <span className="text-xs">{t("auth.login.resendRateLimited")}</span>
+                )}
+                {resendStatus.kind === "error" && (
+                  <span className="text-xs">{t("auth.login.resendError")}</span>
+                )}
+              </div>
             </Banner>
-          )}
+          ) : null}
           <Button type="submit" loading={submitting} disabled={submitting}>
             {submitting ? t("auth.login.submitting") : effectiveSubmit}
           </Button>