@faststore/core 3.72.1 → 3.73.0

package/.turbo/turbo-build.log

@@ -1,23 +1,23 @@
 
-> @faststore/core@3.72.0 prebuild /home/runner/work/faststore/faststore/packages/core
+> @faststore/core@3.72.1 prebuild /home/runner/work/faststore/faststore/packages/core
 > na run partytown && na run generate
 
 
-> @faststore/core@3.72.0 partytown /home/runner/work/faststore/faststore/packages/core
+> @faststore/core@3.72.1 partytown /home/runner/work/faststore/faststore/packages/core
 > partytown copylib ./public/~partytown
 
 Partytown lib copied to: /home/runner/work/faststore/faststore/packages/core/public/~partytown
 
-> @faststore/core@3.72.0 generate /home/runner/work/faststore/faststore/packages/core
+> @faststore/core@3.72.1 generate /home/runner/work/faststore/faststore/packages/core
 > na run generate:schema && na run generate:codegen && na run format:generated
 
 
-> @faststore/core@3.72.0 generate:schema /home/runner/work/faststore/faststore/packages/core
+> @faststore/core@3.72.1 generate:schema /home/runner/work/faststore/faststore/packages/core
 > tsx src/server/generator/generateGraphQLSchemaFile.ts
 
 Schema GraphQL file generated successfully
 
-> @faststore/core@3.72.0 generate:codegen /home/runner/work/faststore/faststore/packages/core
+> @faststore/core@3.72.1 generate:codegen /home/runner/work/faststore/faststore/packages/core
 > graphql-codegen
 
 [STARTED] Parse Configuration
@@ -37,11 +37,11 @@ Running lifecycle hook "afterStart" scripts...
 [CLI] Loading Documents
 [CLI] Generating output
 
-> @faststore/core@3.72.0 format:generated /home/runner/work/faststore/faststore/packages/core
+> @faststore/core@3.72.1 format:generated /home/runner/work/faststore/faststore/packages/core
 > prettier --write "@generated/**/*.{ts,js,tsx,jsx,json}" --loglevel error
 
 
-> @faststore/core@3.72.0 build /home/runner/work/faststore/faststore/packages/core
+> @faststore/core@3.72.1 build /home/runner/work/faststore/faststore/packages/core
 > next build
 
 ⚠ No build cache found. Please configure build caching for faster rebuilds. Read more: https://nextjs.org/docs/messages/no-cache
@@ -95,8 +95,8 @@ Route (pages)                              Size     First Load JS
 ├   └ css/70353bf19c496790.css             12.6 kB
 ├ λ /account/profile                       1.79 kB         138 kB
 ├   └ css/831a1f72fe4b2d80.css             3.97 kB
-├ λ /account/security                      2.48 kB         139 kB
-├   └ css/32b1696118552960.css             5.19 kB
+├ λ /account/security                      3.62 kB         140 kB
+├   └ css/ec7fdad03808422d.css             5.22 kB
 ├ λ /account/user-details                  1.74 kB         138 kB
 ├   └ css/e46393a76c5d93a9.css             4.17 kB
 ├ λ /api/graphql                           0 B             106 kB
@@ -109,8 +109,8 @@ Route (pages)                              Size     First Load JS
 + First Load JS shared by all              109 kB
   ├ chunks/framework-807b0f81cbc129f0.js   45.4 kB
   ├ chunks/main-f658704b53a96ab1.js        33.1 kB
-  ├ chunks/pages/_app-4068e2b477988545.js  23.5 kB
-  ├ chunks/webpack-2ddf567180dd5aaa.js     3.81 kB
+  ├ chunks/pages/_app-36fb57bc394108e6.js  23.6 kB
+  ├ chunks/webpack-3154bd2292a6ff53.js     3.81 kB
   └ css/0a57ee6c7a57788c.css               3.49 kB
 
 λ  (Server)  server-side renders at runtime (uses getInitialProps or getServerSideProps)

package/.turbo/turbo-test.log

@@ -1,14 +1,14 @@
 
-> @faststore/core@3.72.0 test /home/runner/work/faststore/faststore/packages/core
+> @faststore/core@3.72.1 test /home/runner/work/faststore/faststore/packages/core
 > jest
 
-PASS test/utils/multipleTemplates.test.ts (26.191 s)
-PASS test/server/cms/global.test.ts (26.533 s)
+PASS test/utils/multipleTemplates.test.ts (26.287 s)
+PASS test/server/cms/global.test.ts (26.441 s)
 PASS test/server/cms/index.test.ts
-PASS test/server/index.test.ts (30.044 s)
+PASS test/server/index.test.ts (29.359 s)
 
 Test Suites: 4 passed, 4 total
 Tests:       22 passed, 22 total
 Snapshots:   0 total
-Time:        31.403 s
+Time:        30.652 s
 Ran all test suites.

package/@generated/gql.ts

@@ -50,8 +50,8 @@ const documents = {
     types.ServerListOrdersQueryDocument,
   '\n  query ServerProfileQuery {\n    accountName\n    accountProfile {\n      name\n      email\n      id\n    }\n  }\n':
     types.ServerProfileQueryDocument,
-  '\n  query ServerSecurityQuery {\n    accountName\n  }\n':
-    types.ServerSecurityQueryDocument,
+  '\n  query ServerSecurity {\n    accountName\n    userDetails {\n      email\n    }\n  }\n':
+    types.ServerSecurityDocument,
   '\n  query ServerUserDetailsQuery {\n    accountName\n    userDetails {\n      name\n      email\n      role\n      orgUnit\n    }\n  }\n':
     types.ServerUserDetailsQueryDocument,
   '\n  mutation CancelOrderMutation($data: IUserOrderCancel!) {\n    cancelOrder(data: $data) {\n      data\n    }\n  }\n':
@@ -208,8 +208,8 @@ export function gql(
  * The gql function is used to parse GraphQL queries into a document that can be used by GraphQL clients.
  */
 export function gql(
-  source: '\n  query ServerSecurityQuery {\n    accountName\n  }\n'
-): typeof import('./graphql').ServerSecurityQueryDocument
+  source: '\n  query ServerSecurity {\n    accountName\n    userDetails {\n      email\n    }\n  }\n'
+): typeof import('./graphql').ServerSecurityDocument
 /**
  * The gql function is used to parse GraphQL queries into a document that can be used by GraphQL clients.
  */

package/@generated/graphql.ts

@@ -650,11 +650,6 @@ export type Mutation = {
   cancelOrder: Maybe<UserOrderCancel>
   /** Process Order Authorization */
   processOrderAuthorization: Maybe<ProcessOrderAuthorizationResponse>
-  /**
-   * Sets a new password for the user.
-   * This mutation is used to change the user's password, typically after a password reset or when the user wants to update their password.
-   */
-  setPassword: Maybe<SetPasswordResponse>
   /** Subscribes a new person to the newsletter list. */
   subscribeToNewsletter: Maybe<PersonNewsletter>
   /** Checks for changes between the cart presented in the UI and the cart stored in the ecommerce platform. If changes are detected, it returns the cart stored on the platform. Otherwise, it returns `null`. */
@@ -671,10 +666,6 @@ export type MutationProcessOrderAuthorizationArgs = {
   data: IProcessOrderAuthorization
 }
 
-export type MutationSetPasswordArgs = {
-  data: ISetPassword
-}
-
 export type MutationSubscribeToNewsletterArgs = {
   data: IPersonNewsletter
 }
@@ -2860,9 +2851,12 @@ export type ServerProfileQueryQuery = {
   }
 }
 
-export type ServerSecurityQueryQueryVariables = Exact<{ [key: string]: never }>
+export type ServerSecurityQueryVariables = Exact<{ [key: string]: never }>
 
-export type ServerSecurityQueryQuery = { accountName: string | null }
+export type ServerSecurityQuery = {
+  accountName: string | null
+  userDetails: { email: string | null }
+}
 
 export type ServerUserDetailsQueryQueryVariables = Exact<{
   [key: string]: never
@@ -4024,14 +4018,14 @@ export const ServerProfileQueryDocument = {
   ServerProfileQueryQuery,
   ServerProfileQueryQueryVariables
 >
-export const ServerSecurityQueryDocument = {
+export const ServerSecurityDocument = {
   __meta__: {
-    operationName: 'ServerSecurityQuery',
-    operationHash: '9f24767f16e6e05c168336701a6c6c7b6b5dc1c6',
+    operationName: 'ServerSecurity',
+    operationHash: '63c6eadbe8b77c0c3c91406589755accba5cf155',
   },
 } as unknown as TypedDocumentString<
-  ServerSecurityQueryQuery,
-  ServerSecurityQueryQueryVariables
+  ServerSecurityQuery,
+  ServerSecurityQueryVariables
 >
 export const ServerUserDetailsQueryDocument = {
   __meta__: {

package/@generated/persisted-documents.json

@@ -5,7 +5,7 @@
   "ba4e1865d9840cb386fa6d646a51f275cd991bfa": "query ServerOrderDetailsQuery($orderId: String!) { accountName userOrder(orderId: $orderId) { allowCancellation canProcessOrderAuthorization clientProfileData { corporateName email firstName isCorporate lastName phone } creationDate customFields { fields { name refId value } id type } deliveryOptionsData { contact { email name phone } deliveryOptions { address { addressId addressType city complement country entityId geoCoordinates neighborhood number postalCode receiverName reference state street versionId } deliveryChannel deliveryCompany deliveryWindow { endDateUtc price startDateUtc } friendlyDeliveryOptionName friendlyShippingEstimate items { id imageUrl name price quantity tax total uniqueId } pickupStoreInfo { additionalInfo address { addressId addressType city complement country entityId geoCoordinates neighborhood number postalCode receiverName reference state street versionId } dockId friendlyName isPickupStore } quantityOfDifferentItems selectedSla seller shippingEstimate shippingEstimateDate total } } orderId paymentData { transactions { isActive payments { bankIssuedInvoiceIdentificationNumber connectorResponses { authId } group id installments lastDigits paymentOrigin paymentSystemName redemptionCode referenceValue tid url value } } } ruleForAuthorization { dimensionId orderAuthorizationId rule { authorizationData { authorizers { authorizationDate email id type } requireAllApprovals } authorizedEmails doId id isUserAuthorized isUserNextAuthorizer name notification priority scoreInterval { accept deny } status timeout trigger { condition { conditionType description expression greatherThan lessThan } effect { description effectType funcPath } } } } shopperName { firstName lastName } status statusDescription storePreferencesData { currencyCode } totals { id name value } } }",
   "ee84ac3f5b58c5e1950a927a42c5c1dd6012fcc4": "query ServerListOrdersQuery($clientEmail: String, $dateFinal: String, $dateInitial: String, $page: Int, $perPage: Int, $status: [String], $text: String) { accountName listUserOrders( page: $page perPage: $perPage status: $status dateInitial: $dateInitial dateFinal: $dateFinal text: $text clientEmail: $clientEmail ) { list { ShippingEstimatedDate clientName creationDate currencyCode customFields { type value } items { description ean id price productId quantity refId seller sellingPrice } orderId status statusDescription totalValue } paging { currentPage pages perPage total } } }",
   "0ed4b5db8fed122d8418195d01fb91b30261d587": "query ServerProfileQuery { accountName accountProfile { email id name } }",
-  "9f24767f16e6e05c168336701a6c6c7b6b5dc1c6": "query ServerSecurityQuery { accountName }",
+  "63c6eadbe8b77c0c3c91406589755accba5cf155": "query ServerSecurity { accountName userDetails { email } }",
   "522e5feeb80e67cee931bc98eac9d08ea75c75d2": "query ServerUserDetailsQuery { accountName userDetails { email name orgUnit role } }",
   "e2b06da6840614d3c72768e56579b9d3b8e80802": "mutation CancelOrderMutation($data: IUserOrderCancel!) { cancelOrder(data: $data) { data } }",
   "8c25d37c8d6e7c20ab21bb8a4f4e6a2fe320ea8d": "mutation ProcessOrderAuthorizationMutation($data: IProcessOrderAuthorization!) { processOrderAuthorization(data: $data) { isPendingForOtherAuthorizer ruleForAuthorization { dimensionId orderAuthorizationId rule { authorizationData { authorizers { authorizationDate email id type } requireAllApprovals } authorizedEmails doId id isUserAuthorized isUserNextAuthorizer name notification priority scoreInterval { accept deny } status timeout trigger { condition { conditionType description expression greatherThan lessThan } effect { description effectType funcPath } } } } } }",

package/@generated/schema.graphql

@@ -236,11 +236,6 @@ type Mutation {
   cancelOrder(data: IUserOrderCancel!): UserOrderCancel
   """Process Order Authorization"""
   processOrderAuthorization(data: IProcessOrderAuthorization!): ProcessOrderAuthorizationResponse
-  """
-  Sets a new password for the user.
-  This mutation is used to change the user's password, typically after a password reset or when the user wants to update their password.
-  """
-  setPassword(data: ISetPassword!): SetPasswordResponse
 }
 
 """Newsletter information."""

package/CHANGELOG.md

@@ -3,6 +3,12 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+# [3.73.0](https://github.com/vtex/faststore/compare/v3.72.1...v3.73.0) (2025-08-07)
+
+### Features
+
+- implement password setting functionality and user email retrieval ([#2957](https://github.com/vtex/faststore/issues/2957)) ([a49aa1b](https://github.com/vtex/faststore/commit/a49aa1b6d55310a64639459b9082530f4a955731))
+
 ## [3.72.1](https://github.com/vtex/faststore/compare/v3.72.0...v3.72.1) (2025-08-07)
 
 ### Bug Fixes

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@faststore/core",
-  "version": "3.72.1",
+  "version": "3.73.0",
   "license": "MIT",
   "repository": "vtex/faststore",
   "browserslist": "supports es6-module and not dead",
@@ -44,7 +44,7 @@
     "@envelop/graphql-jit": "^8.0.3",
     "@envelop/parser-cache": "^6.0.2",
     "@envelop/validation-cache": "^6.0.2",
-    "@faststore/api": "^3.72.0",
+    "@faststore/api": "^3.73.0",
     "@faststore/graphql-utils": "^3.56.1",
     "@faststore/lighthouse": "^3.56.1",
     "@faststore/sdk": "^3.72.0",
@@ -108,5 +108,5 @@
     "ts-jest": "29.1.1",
     "typescript": "5.3.2"
   },
-  "gitHead": "0fea186218657d0b90320ac376072e7f65192782"
+  "gitHead": "f24d4ea67a2b356ec12a4fe51e30119c5d84d4f0"
 }

package/src/components/account/security/SecurityDrawer.tsx

@@ -1,4 +1,4 @@
-import { useEffect, useState } from 'react'
+import { useState } from 'react'
 import {
   Button,
   Icon,
@@ -7,13 +7,17 @@ import {
   SlideOver,
   SlideOverHeader,
   useFadeEffect,
+  useUI,
 } from '@faststore/ui'
 
+import { useSetPassword } from 'src/sdk/account/useSetPassword'
 import styles from './styles.module.scss'
 
 type SecurityDrawerProps = {
+  userEmail: string
   isOpen: boolean
   onClose: () => void
+  accountName?: string
 }
 
 const validations = [
@@ -23,8 +27,14 @@ const validations = [
   { label: '1 number', test: (v: string) => /\d/.test(v) },
 ]
 
-export const SecurityDrawer = ({ isOpen, onClose }: SecurityDrawerProps) => {
+export const SecurityDrawer = ({
+  userEmail,
+  accountName,
+  isOpen,
+  onClose,
+}: SecurityDrawerProps) => {
   const { fade, fadeOut } = useFadeEffect()
+  const { pushToast } = useUI()
 
   const [currentPassword, setCurrentPassword] = useState('')
   const [showCurrentPassword, setShowCurrentPassword] = useState(false)
@@ -32,6 +42,10 @@ export const SecurityDrawer = ({ isOpen, onClose }: SecurityDrawerProps) => {
   const [newPassword, setNewPassword] = useState('')
   const [showNewPassword, setShowNewPassword] = useState(false)
 
+  const [formError, setFormError] = useState<string | null>(null)
+
+  const { setPassword, loading, error } = useSetPassword(accountName)
+
   const newPasswordValidations = validations.map((rule) => ({
     label: rule.label,
     isValid: rule.test(newPassword),
@@ -40,6 +54,7 @@ export const SecurityDrawer = ({ isOpen, onClose }: SecurityDrawerProps) => {
   const allValid = newPasswordValidations.every((r) => r.isValid)
 
   const handleClose = () => {
+    setFormError(null)
     setCurrentPassword('')
     setShowCurrentPassword(false)
     setNewPassword('')
@@ -47,6 +62,65 @@ export const SecurityDrawer = ({ isOpen, onClose }: SecurityDrawerProps) => {
     onClose()
   }
 
+  const handleSetPassword = async () => {
+    if (!userEmail) {
+      setFormError('Email is required to set a new password.')
+      return
+    }
+
+    if (!newPassword || !currentPassword) {
+      setFormError('All fields are required to set a new password.')
+      return
+    }
+
+    if (newPassword === currentPassword) {
+      setFormError('New password cannot be the same as the current password.')
+      return
+    }
+
+    try {
+      const data = await setPassword({
+        userEmail,
+        currentPassword,
+        newPassword,
+      })
+
+      if (error) {
+        throw error
+      }
+
+      if (!data.success) {
+        pushToast({
+          title: 'Error setting password',
+          status: 'ERROR',
+          message: `Failed to set password: ${data.message}`,
+          icon: <Icon width={30} height={30} name="CircleWavyWarning" />,
+        })
+
+        return
+      }
+
+      if (data.success) {
+        pushToast({
+          title: 'Success setting password',
+          status: 'INFO',
+          message: 'Password updated successfully',
+          icon: <Icon width={30} height={30} name="CircleWavyCheck" />,
+        })
+
+        handleClose()
+      }
+    } catch (error) {
+      console.error('Error setting password:', error)
+      pushToast({
+        title: 'Error setting password',
+        status: 'ERROR',
+        message: 'Failed to set password.',
+        icon: <Icon width={30} height={30} name="CircleWavyWarning" />,
+      })
+    }
+  }
+
   return (
     <SlideOver
       data-fs-security-drawer
@@ -72,7 +146,10 @@ export const SecurityDrawer = ({ isOpen, onClose }: SecurityDrawerProps) => {
               placeholder="Current Password"
               inputMode="text"
               value={currentPassword}
-              onChange={(e) => setCurrentPassword(e.target.value)}
+              onChange={(e) => {
+                setFormError(null)
+                setCurrentPassword(e.target.value)
+              }}
             />
             <IconButton
               data-fs-security-drawer-input-password-toggle
@@ -97,7 +174,10 @@ export const SecurityDrawer = ({ isOpen, onClose }: SecurityDrawerProps) => {
               placeholder="New Password"
               inputMode="text"
               value={newPassword}
-              onChange={(e) => setNewPassword(e.target.value)}
+              onChange={(e) => {
+                setFormError(null)
+                setNewPassword(e.target.value)
+              }}
             />
             <IconButton
               data-fs-security-drawer-input-password-toggle
@@ -110,6 +190,18 @@ export const SecurityDrawer = ({ isOpen, onClose }: SecurityDrawerProps) => {
             />
           </div>
 
+          {formError && (
+            <div data-fs-security-drawer-error>
+              <Icon
+                width={20}
+                height={20}
+                name="CircleWavyWarning"
+                data-fs-security-drawer-error-icon
+              />
+              <span>{formError}</span>
+            </div>
+          )}
+
           {newPassword.length > 0 && (
             <div data-fs-security-drawer-input-password-rules-container>
               <p data-fs-security-drawer-input-password-rules-title>
@@ -145,12 +237,9 @@ export const SecurityDrawer = ({ isOpen, onClose }: SecurityDrawerProps) => {
         <Button
           data-fs-security-drawer-footer-button
           variant="primary"
-          disabled={!currentPassword || !newPassword || !allValid}
-          onClick={() => {
-            // TODO: Handle password save logic here
-            console.log('Saving new password')
-            handleClose()
-          }}
+          loading={loading}
+          disabled={loading || !currentPassword || !newPassword || !allValid}
+          onClick={handleSetPassword}
         >
           Save Password
         </Button>

package/src/components/account/security/SecuritySection.tsx

@@ -4,12 +4,19 @@ import { Button } from '@faststore/ui'
 import { SecurityDrawer } from './SecurityDrawer'
 import styles from './styles.module.scss'
 
-export const SecuritySection = () => {
+type SecuritySectionProps = { userEmail: string; accountName?: string }
+
+export const SecuritySection = ({
+  userEmail,
+  accountName,
+}: SecuritySectionProps) => {
   const [isDrawerOpen, setIsDrawerOpen] = useState(false)
   return (
     <>
       {isDrawerOpen && (
         <SecurityDrawer
+          userEmail={userEmail}
+          accountName={accountName}
           isOpen={isDrawerOpen}
           onClose={() => setIsDrawerOpen(false)}
         />

package/src/components/account/security/styles.module.scss

@@ -231,6 +231,21 @@
       padding-inline: var(--fs-spacing-1);
     }
 
+    [data-fs-security-drawer-error] {
+      display: flex;
+      gap: var(--fs-spacing-1);
+      align-items: center;
+      font-size: var(--fs-text-size-1);
+      font-weight: var(--fs-text-weight-regular);
+      color: var(--fs-color-danger-text);
+      background-color: var(--fs-color-danger-background);
+      border-radius: var(--fs-border-radius);
+    }
+
+    [data-fs-security-drawer-error-icon] {
+      flex-shrink: 0;
+    }
+
     @include media("<notebook") {
       [data-fs-security-header] {
         padding-inline: var(--fs-spacing-4);

package/src/pages/account/security.tsx

@@ -15,8 +15,8 @@ import { getGlobalSectionsData } from 'src/components/cms/GlobalSections'
 
 import { gql } from '@generated/gql'
 import type {
-  ServerSecurityQueryQuery,
-  ServerSecurityQueryQueryVariables,
+  ServerSecurityQuery,
+  ServerSecurityQueryVariables,
 } from '@generated/graphql'
 import { default as AfterSection } from 'src/customizations/src/myAccount/extensions/security/after'
 import { default as BeforeSection } from 'src/customizations/src/myAccount/extensions/security/before'
@@ -40,12 +40,14 @@ const COMPONENTS: Record<string, ComponentType<any>> = {
 
 type SecurityPageProps = {
   accountName: string
+  userEmail: string
 } & MyAccountProps
 
 export default function Page({
   globalSections: globalSectionsProp,
   accountName,
   isRepresentative,
+  userEmail,
 }: SecurityPageProps) {
   const { sections: globalSections, settings: globalSettings } =
     globalSectionsProp ?? {}
@@ -60,7 +62,7 @@ export default function Page({
           accountName={accountName}
         >
           <BeforeSection />
-          <SecuritySection />
+          <SecuritySection userEmail={userEmail} />
           <AfterSection />
         </MyAccountLayout>
       </RenderSections>
@@ -69,8 +71,11 @@ export default function Page({
 }
 
 const query = gql(`
-  query ServerSecurityQuery {
+  query ServerSecurity {
     accountName
+    userDetails {
+      email
+    }
   }
 `)
 
@@ -111,7 +116,7 @@ export const getServerSideProps: GetServerSideProps<
 
   const [security, globalSections, globalSectionsHeader, globalSectionsFooter] =
     await Promise.all([
-      execute<ServerSecurityQueryQueryVariables, ServerSecurityQueryQuery>(
+      execute<ServerSecurityQueryVariables, ServerSecurityQuery>(
         {
           variables: {},
           operation: query,
@@ -144,8 +149,9 @@ export const getServerSideProps: GetServerSideProps<
 
   return {
     props: {
-      globalSections: globalSectionsResult,
       accountName: security.data.accountName,
+      userEmail: security.data?.userDetails.email || '',
+      globalSections: globalSectionsResult,
       isRepresentative,
     },
   }

package/src/sdk/account/useSetPassword.ts

@@ -0,0 +1,146 @@
+import { useState, useCallback } from 'react'
+import fetch from 'isomorphic-unfetch'
+import { buildFormData } from 'src/utils/utilities'
+import config from '../../../discovery.config'
+
+type SetPasswordInput = {
+  userEmail: string
+  newPassword: string
+  currentPassword: string
+  accesskey?: string
+  recaptcha?: string
+}
+
+type SetPasswordState = {
+  error: Error | null
+  loading: boolean
+}
+
+type SetPasswordResultType = {
+  authStatus?: string
+  message?: string
+}
+
+export const useSetPassword = (accountName?: string) => {
+  const [state, setState] = useState<SetPasswordState>({
+    error: null,
+    loading: false,
+  })
+
+  const setPassword = useCallback(async (input: SetPasswordInput) => {
+    setState((prev) => ({ ...prev, loading: true, error: null }))
+
+    try {
+      await startLogin({ email: input.userEmail, accountName })
+
+      const body = {
+        login: input.userEmail,
+        currentPassword: input.currentPassword,
+        newPassword: input.newPassword,
+        accesskey: !input.accesskey ? null : input.accesskey,
+        recaptcha: !input.recaptcha ? null : input.recaptcha,
+      }
+
+      const response = await fetch(
+        `/api/vtexid/pub/authentication/classic/setpassword?expireSessions=true`,
+        {
+          method: 'POST',
+          body: buildFormData(body),
+          credentials: 'include',
+        }
+      )
+
+      if (!response.ok) {
+        throw new Error(
+          `Failed to set password: ${response.status} ${response.statusText}`
+        )
+      }
+
+      const result: SetPasswordResultType = (await response.json()) ?? {
+        authStatus: 'Unexpected error',
+        message: 'Unexpected error while setting password',
+      }
+
+      if (!result) {
+        const fallback = {
+          success: false,
+          message: 'No response from set password API',
+        }
+
+        setState({ loading: false, error: new Error(fallback.message) })
+
+        return fallback
+      }
+
+      setState({ error: null, loading: false })
+
+      return {
+        success: result?.authStatus
+          ? result?.authStatus.toLowerCase() === 'success'
+          : false,
+        message: 'Password set successfully',
+      }
+    } catch (err) {
+      console.error('Error setting password:', err)
+
+      const authStatus =
+        typeof err === 'object' && err !== null && 'authStatus' in err
+          ? String(err.authStatus)
+          : 'Unexpected error'
+
+      const isInvalidCredentials =
+        authStatus.toLowerCase().includes('invalidemail') ||
+        authStatus.toLowerCase().includes('invalidpassword')
+
+      const errorResult = {
+        success: false,
+        message: isInvalidCredentials
+          ? 'Invalid email or password'
+          : 'Unexpected error while setting password',
+      }
+
+      setState({ error: new Error('Failed to set password'), loading: false })
+      return errorResult
+    } finally {
+      setState((prev) => ({ ...prev, loading: false }))
+    }
+  }, [])
+
+  return {
+    setPassword,
+    error: state.error,
+    loading: state.loading,
+  }
+}
+
+const startLogin = async ({
+  email,
+  accountName,
+}: {
+  email: string
+  accountName?: string
+}) => {
+  try {
+    const response = await fetch(`/api/vtexid/pub/authentication/startlogin`, {
+      method: 'POST',
+      credentials: 'include',
+      body: buildFormData({
+        user: email,
+        scope: accountName ?? config.api.storeId,
+        accountName: accountName ?? config.api.storeId,
+        returnUrl: '/',
+        callbackUrl: '/',
+        fingerprint: null,
+      }),
+    })
+
+    if (!response.ok) {
+      throw {
+        response: {},
+      }
+    }
+  } catch (error) {
+    console.error('Error starting login:', error)
+    throw error
+  }
+}