@delopay/sdk 0.3.1 → 0.3.2

package/dist/index.d.cts

@@ -2988,10 +2988,12 @@ declare class Users {
      * Reset a user's password using the single-purpose JWT delivered by the
      * forgot-password email.
      *
-     * The backend's `SinglePurposeJWTAuth` reads the token from the
-     * `Authorization: Bearer …` header, not from the request body, so the
-     * SDK lifts the `token` field out of `params` and sends it as the header.
-     * Callers still pass `{ password, token }` — the shape is unchanged.
+     * The backend validates the token **twice**: first by the
+     * `SinglePurposeJWTAuth` middleware (reads `Authorization: Bearer …`),
+     * then by the handler itself (decodes `body.token` as an `EmailToken` and
+     * looks up the user by the embedded email — see
+     * `crates/router/src/core/user.rs:687`). The same JWT satisfies both, so
+     * the SDK sends it in both places. Callers still pass `{ password, token }`.
      */
     resetPassword(params: ResetPasswordRequest): Promise<Record<string, unknown>>;
     verifyEmail(params: Record<string, unknown>): Promise<AuthResponse>;

package/dist/index.d.ts

@@ -2988,10 +2988,12 @@ declare class Users {
      * Reset a user's password using the single-purpose JWT delivered by the
      * forgot-password email.
      *
-     * The backend's `SinglePurposeJWTAuth` reads the token from the
-     * `Authorization: Bearer …` header, not from the request body, so the
-     * SDK lifts the `token` field out of `params` and sends it as the header.
-     * Callers still pass `{ password, token }` — the shape is unchanged.
+     * The backend validates the token **twice**: first by the
+     * `SinglePurposeJWTAuth` middleware (reads `Authorization: Bearer …`),
+     * then by the handler itself (decodes `body.token` as an `EmailToken` and
+     * looks up the user by the embedded email — see
+     * `crates/router/src/core/user.rs:687`). The same JWT satisfies both, so
+     * the SDK sends it in both places. Callers still pass `{ password, token }`.
      */
     resetPassword(params: ResetPasswordRequest): Promise<Record<string, unknown>>;
     verifyEmail(params: Record<string, unknown>): Promise<AuthResponse>;

package/dist/index.js

@@ -2033,16 +2033,17 @@ var Users = class {
    * Reset a user's password using the single-purpose JWT delivered by the
    * forgot-password email.
    *
-   * The backend's `SinglePurposeJWTAuth` reads the token from the
-   * `Authorization: Bearer …` header, not from the request body, so the
-   * SDK lifts the `token` field out of `params` and sends it as the header.
-   * Callers still pass `{ password, token }` — the shape is unchanged.
+   * The backend validates the token **twice**: first by the
+   * `SinglePurposeJWTAuth` middleware (reads `Authorization: Bearer …`),
+   * then by the handler itself (decodes `body.token` as an `EmailToken` and
+   * looks up the user by the embedded email — see
+   * `crates/router/src/core/user.rs:687`). The same JWT satisfies both, so
+   * the SDK sends it in both places. Callers still pass `{ password, token }`.
    */
   async resetPassword(params) {
-    const { token, password } = params;
     return this.request("POST", "/user/reset_password", {
-      body: { password },
-      headers: { Authorization: `Bearer ${token}` }
+      body: params,
+      headers: { Authorization: `Bearer ${params.token}` }
     });
   }
   async verifyEmail(params) {