@faststore/core 4.3.0-dev.6 → 4.3.0-dev.7

package/.turbo/turbo-generate.log

@@ -1,9 +1,9 @@
 
-> @faststore/core@4.3.0-dev.5 generate /home/runner/work/faststore/faststore/packages/core
+> @faststore/core@4.3.0-dev.6 generate /home/runner/work/faststore/faststore/packages/core
 > pnpm run gen-types && pnpm run cache-graphql 
 
 
-> @faststore/core@4.3.0-dev.5 gen-types /home/runner/work/faststore/faststore/packages/core
+> @faststore/core@4.3.0-dev.6 gen-types /home/runner/work/faststore/faststore/packages/core
 > node ../cli/bin/run generate-types .
 
 [STARTED] Parse Configuration
@@ -19,7 +19,7 @@
 [COMPLETED] Generate to /home/runner/work/faststore/faststore/packages/core/@generated/
 [COMPLETED] Generate outputs
 
-> @faststore/core@4.3.0-dev.5 cache-graphql /home/runner/work/faststore/faststore/packages/core
+> @faststore/core@4.3.0-dev.6 cache-graphql /home/runner/work/faststore/faststore/packages/core
 > node ../cli/bin/run cache-graphql --config=./discovery.config.default.js --queries=./@generated/persisted-documents.json
 
 [Info] - Config file location: /home/runner/work/faststore/faststore/packages/core/discovery.config.default.js

package/.turbo/turbo-test.log

@@ -1,12 +1,12 @@
 
-> @faststore/core@4.3.0-dev.5 test /home/runner/work/faststore/faststore/packages/core
+> @faststore/core@4.3.0-dev.6 test /home/runner/work/faststore/faststore/packages/core
 > vitest run
 
 
  RUN  v4.0.7 /home/runner/work/faststore/faststore/packages/core
 
- ✓  browser  test/sdk/session/installLocaleCorrector.browser.test.ts (7 tests) 48ms
- ✓  browser  test/sdk/session/getInitialSession.browser.test.ts (6 tests) 29ms
+ ✓  browser  test/sdk/session/getInitialSession.browser.test.ts (6 tests) 36ms
+ ✓  browser  test/sdk/session/installLocaleCorrector.browser.test.ts (7 tests) 54ms
 stderr | test/sdk/localization/store-url.browser.test.ts
 Error in optimistic validation: TypeError: Cannot read properties of undefined (reading 'read')
     at validateCart (/home/runner/work/faststore/faststore/packages/core/src/sdk/cart/index.ts:119:27)
@@ -14,15 +14,14 @@
     at a (/home/runner/work/faststore/faststore/packages/sdk/dist/es/index.mjs:353:23)
     at processTicksAndRejections (node:internal/process/task_queues:103:5)
 
- ✓  node  test/utils/localization/bindingPaths.test.ts (71 tests) 78ms
- ✓  browser  test/sdk/localization/store-url.browser.test.ts (3 tests) 18ms
- ✓  node  test/utils/match-url.test.ts (10 tests) 33ms
- ✓  browser  test/utils/isLocalHost.browser.test.ts (3 tests) 12ms
- ✓  node  test/sdk/localization/bindingSelector.test.ts (18 tests) 39ms
+ ✓  browser  test/sdk/localization/store-url.browser.test.ts (3 tests) 11ms
+ ✓  node  test/utils/localization/bindingPaths.test.ts (71 tests) 123ms
+ ✓  node  test/utils/match-url.test.ts (10 tests) 21ms
+ ✓  browser  test/utils/isLocalHost.browser.test.ts (3 tests) 15ms
+ ✓  node  test/sdk/localization/bindingSelector.test.ts (18 tests) 20ms
 stderr | test/components/search/SearchInputComponent.test.tsx
 Warning: forwardRef render functions accept exactly two parameters: props and ref. Did you forget to use the ref parameter?
 
- ✓  node  test/utils/cookieCacheBusting.test.ts (10 tests) 55ms
 stderr | test/components/search/SearchInputComponent.test.tsx > SearchInput (OES integration) > renders without crashing
 Warning: React does not recognize the `visibleDropdown` prop on a DOM element. If you intentionally want it to appear in the DOM as a custom attribute, spell it as lowercase `visibledropdown` instead. If you accidentally passed it from a parent component, remove it from the DOM element.
     at div
@@ -83,12 +82,17 @@ Warning: React does not recognize the `providerProps` prop on a DOM element. If
     at Suspense
     at Wrapper (/home/runner/work/faststore/faststore/packages/core/test/components/search/SearchInputComponent.test.tsx:106:20)
 
- ✓  node  test/components/search/SearchInputComponent.test.tsx (6 tests) 407ms
- ✓  node  test/sdk/search/useSearchHistory.test.ts (13 tests) 200ms
- ✓  node  test/sdk/localization/useBindingSelector.test.tsx (12 tests) 53ms
- ✓  node  test/utils/multipleTemplates.test.ts (8 tests) 30ms
+ ✓  node  test/components/search/SearchInputComponent.test.tsx (6 tests) 372ms
+ ✓  node  test/utils/cookieCacheBusting.test.ts (10 tests) 50ms
+ ✓  node  test/sdk/search/useSearchHistory.test.ts (13 tests) 244ms
+ ✓  node  test/sdk/localization/useBindingSelector.test.tsx (12 tests) 71ms
  ✓  node  test/utils/clearCookies.test.ts (20 tests) 98ms
- ✓  node  test/sdk/orderEntry/useOrderEntryOperation.test.ts (8 tests) 118ms
+ ✓  node  test/utils/multipleTemplates.test.ts (8 tests) 37ms
+stderr | test/sdk/account/useSetPassword.test.ts > useSetPassword > maps wrongcredentials error responses to the existing message
+Set password request failed: Bad Request
+
+ ✓  node  test/sdk/account/useSetPassword.test.ts (6 tests) 247ms
+ ✓  node  test/sdk/orderEntry/useOrderEntryOperation.test.ts (8 tests) 89ms
 stderr | test/pages/api/graphql.test.ts > /api/graphql error status propagation > propagates the upstream 400 from a wrapped BadRequestError instead of 500
 Graphql execution returned with error:  [
   {
@@ -135,26 +139,27 @@ Warning: React does not recognize the `providerProps` prop on a DOM element. If
   { message: 'bad', status: 400, type: 'BadRequestError' }
 ]
 
- ✓  node  test/pages/api/graphql.test.ts (10 tests) 58ms
- ✓  node  test/sdk/orderEntry/useOrderEntryUpload.test.ts (8 tests) 48ms
- ✓  node  test/sdk/orderEntry/useOrderEntry.test.ts (8 tests) 33ms
- ✓  node  test/sdk/orderEntry/useOrderFormItems.test.ts (7 tests) 49ms
- ✓  node  test/server/cms/global.test.ts (3 tests) 4ms
- ✓  node  test/server/content/service.test.ts (5 tests) 4ms
- ✓  node  test/sdk/localization/store-url.test.ts (1 test) 4ms
- ✓  node  test/server/index.test.ts (7 tests) 990ms
-       ✓ should handle options and execute  520ms
- ✓  node  test/utils/getRequestHostname.test.ts (12 tests) 6ms
- ✓  node  test/pages/api/preview.test.ts (2 tests) 7ms
- ✓  node  test/sdk/auth/useAuth.test.ts (5 tests) 32ms
+ ✓  node  test/pages/api/graphql.test.ts (10 tests) 59ms
+ ✓  node  test/sdk/orderEntry/useOrderEntryUpload.test.ts (8 tests) 81ms
+ ✓  node  test/sdk/orderEntry/useOrderEntry.test.ts (8 tests) 62ms
+ ✓  node  test/sdk/orderEntry/useOrderFormItems.test.ts (7 tests) 41ms
+ ✓  node  test/server/cms/global.test.ts (3 tests) 5ms
+ ✓  node  test/server/index.test.ts (7 tests) 862ms
+       ✓ should exist with its plugins  303ms
+       ✓ should handle options and execute  311ms
+ ✓  node  test/server/content/service.test.ts (5 tests) 6ms
+ ✓  node  test/sdk/localization/store-url.test.ts (1 test) 5ms
+ ✓  node  test/utils/getRequestHostname.test.ts (12 tests) 7ms
+ ✓  node  test/pages/api/preview.test.ts (2 tests) 10ms
+ ✓  node  test/sdk/auth/useAuth.test.ts (5 tests) 33ms
  ✓  node  test/utils/validateSessionRefreshToken.test.ts (6 tests) 5ms
  ✓  node  test/components/search/SearchInput.test.ts (6 tests) 8ms
- ✓  node  test/server/cms/index.test.ts (2 tests) 4ms
- ✓  node  test/utils/isLocalHost.test.ts (7 tests) 7ms
- ✓  node  test/components/auth/ProfileChallenge.test.tsx (3 tests) 26ms
-
- Test Files  30 passed (30)
-      Tests  287 passed (287)
-   Start at  15:21:20
-   Duration  21.59s (transform 6.15s, setup 0ms, collect 18.64s, tests 2.50s, environment 28.13s, prepare 992ms)
+ ✓  node  test/utils/isLocalHost.test.ts (7 tests) 6ms
+ ✓  node  test/server/cms/index.test.ts (2 tests) 6ms
+ ✓  node  test/components/auth/ProfileChallenge.test.tsx (3 tests) 27ms
+
+ Test Files  31 passed (31)
+      Tests  293 passed (293)
+   Start at  16:58:10
+   Duration  24.02s (transform 5.83s, setup 0ms, collect 19.89s, tests 2.71s, environment 32.71s, prepare 998ms)
 

package/CHANGELOG.md

@@ -3,6 +3,12 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+# [4.3.0-dev.7](https://github.com/vtex/faststore/compare/v4.3.0-dev.6...v4.3.0-dev.7) (2026-06-17)
+
+### Bug Fixes
+
+- **core:** use authenticator route for setpassword ([#3380](https://github.com/vtex/faststore/issues/3380)) ([a155269](https://github.com/vtex/faststore/commit/a155269678d8a0584a98008b1384bf146f6da1cb))
+
 # [4.3.0-dev.6](https://github.com/vtex/faststore/compare/v4.3.0-dev.5...v4.3.0-dev.6) (2026-06-17)
 
 ### Bug Fixes

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@faststore/core",
-  "version": "4.3.0-dev.6",
+  "version": "4.3.0-dev.7",
   "license": "MIT",
   "repository": {
     "type": "git",
@@ -70,11 +70,11 @@
     "style-loader": "^3.3.1",
     "swr": "^2.2.5",
     "use-sync-external-store": "^1.6.0",
-    "@faststore/api": "4.3.0-dev.6",
-    "@faststore/lighthouse": "4.3.0-dev.6",
-    "@faststore/sdk": "4.3.0-dev.6",
-    "@faststore/ui": "4.3.0-dev.6",
-    "@faststore/diagnostics": "4.3.0-dev.6"
+    "@faststore/api": "4.3.0-dev.7",
+    "@faststore/diagnostics": "4.3.0-dev.7",
+    "@faststore/lighthouse": "4.3.0-dev.7",
+    "@faststore/ui": "4.3.0-dev.7",
+    "@faststore/sdk": "4.3.0-dev.7"
   },
   "devDependencies": {
     "@cypress/code-coverage": "^3.12.1",

package/src/sdk/account/useSetPassword.ts

@@ -39,84 +39,89 @@ const authMessage = {
 export const useSetPassword = (accountName?: string) => {
   const [loading, setLoading] = useState<boolean>(false)
 
-  const setPassword = useCallback(async (input: SetPasswordInput) => {
-    setLoading(true)
-
-    try {
-      await startLogin({ email: input.userEmail, accountName })
-
-      const body = {
-        login: input.userEmail,
-        currentPassword: input.currentPassword,
-        newPassword: input.newPassword,
-        accesskey: !input.accesskey ? null : input.accesskey,
-        recaptcha: !input.recaptcha ? null : input.recaptcha,
-      }
+  const setPassword = useCallback(
+    async (input: SetPasswordInput) => {
+      setLoading(true)
+
+      try {
+        const an = encodeURIComponent(accountName ?? config.api.storeId)
 
-      const response = await fetch(
-        `/api/vtexid/pub/authentication/classic/setpassword?expireSessions=true`,
-        {
-          method: 'POST',
-          body: buildFormData(body),
-          credentials: 'include',
+        await startLogin({ email: input.userEmail, accountName, an })
+
+        const body = {
+          login: input.userEmail,
+          currentPassword: input.currentPassword,
+          newPassword: input.newPassword,
+          accesskey: !input.accesskey ? null : input.accesskey,
+          recaptcha: !input.recaptcha ? null : input.recaptcha,
         }
-      )
 
-      if (!response.ok) {
-        setLoading(false)
+        const response = await fetch(
+          `/api/authenticator/pub/authentication/classic/setpassword?expireSessions=true&an=${an}`,
+          {
+            method: 'POST',
+            body: buildFormData(body),
+            credentials: 'include',
+          }
+        )
+
+        if (!response.ok) {
+          setLoading(false)
 
-        console.error('Set password request failed:', response.statusText)
+          console.error('Set password request failed:', response.statusText)
 
-        let errorStatus = AUTH_STATUS.UNEXPECTED_ERROR
+          let errorStatus = AUTH_STATUS.UNEXPECTED_ERROR
 
-        try {
-          const errorBody = await response.json()
-          if (errorBody?.authStatus) {
-            errorStatus = String(errorBody.authStatus).toLowerCase().trim()
+          try {
+            const errorBody = await response.json()
+            if (errorBody?.authStatus) {
+              errorStatus = String(errorBody.authStatus).toLowerCase().trim()
+            }
+          } catch {
+            // Keep the default error
           }
-        } catch {
-          // Keep the default error
-        }
 
-        return {
-          success: false,
-          message: authMessage[errorStatus],
+          return {
+            success: false,
+            message: authMessage[errorStatus],
+          }
         }
-      }
 
-      const result: SetPasswordResultType = await response.json()
+        const result: SetPasswordResultType = await response.json()
 
-      if (!result) {
-        setLoading(false)
+        if (!result) {
+          setLoading(false)
 
-        return {
-          success: false,
-          message: authMessage[AUTH_STATUS.NO_RESPONSE],
+          return {
+            success: false,
+            message: authMessage[AUTH_STATUS.NO_RESPONSE],
+          }
         }
-      }
 
-      const authStatus = result?.authStatus?.toLowerCase().trim() ?? ''
+        const authStatus = result?.authStatus?.toLowerCase().trim() ?? ''
 
-      return {
-        success: authStatus === AUTH_STATUS.SUCCESS,
-        message: authMessage[authStatus] || 'Unexpected error occurred',
-      }
-    } catch (err) {
-      console.error('Error setting password:', err)
+        return {
+          success: authStatus === AUTH_STATUS.SUCCESS,
+          message: authMessage[authStatus] || 'Unexpected error occurred',
+        }
+      } catch (err) {
+        console.error('Error setting password:', err)
 
-      const authStatus =
-        typeof err === 'object' && err !== null && 'authStatus' in err
-          ? String(err.authStatus).toLowerCase().trim()
-          : AUTH_STATUS.UNEXPECTED_ERROR
+        const authStatus =
+          typeof err === 'object' && err !== null && 'authStatus' in err
+            ? String(err.authStatus).toLowerCase().trim()
+            : AUTH_STATUS.UNEXPECTED_ERROR
 
-      return {
-        success: false,
-        message: authMessage[authStatus] || 'Unexpected error occurred',
+        return {
+          success: false,
+          message: authMessage[authStatus] || 'Unexpected error occurred',
+        }
+      } finally {
+        setLoading(false)
       }
-    } finally {
-      setLoading(false)
-    }
-  }, [])
+    },
+    [accountName]
+  )
 
   return { setPassword, loading }
 }
@@ -124,23 +129,28 @@ export const useSetPassword = (accountName?: string) => {
 const startLogin = async ({
   email,
   accountName,
+  an,
 }: {
   email: string
   accountName?: string
+  an: string
 }) => {
   try {
-    const response = await fetch(`/api/vtexid/pub/authentication/startlogin`, {
-      method: 'POST',
-      credentials: 'include',
-      body: buildFormData({
-        user: email,
-        scope: accountName ?? config.api.storeId,
-        accountName: accountName ?? config.api.storeId,
-        returnUrl: '/',
-        callbackUrl: '/',
-        fingerprint: null,
-      }),
-    })
+    const scope = accountName ?? config.api.storeId
+
+    const response = await fetch(
+      `/api/authenticator/pub/authentication/start?an=${an}`,
+      {
+        method: 'POST',
+        credentials: 'include',
+        body: buildFormData({
+          user: email,
+          scope,
+          accountName: scope,
+          returnUrl: '/',
+        }),
+      }
+    )
 
     if (!response.ok) {
       throw {

package/test/sdk/account/useSetPassword.test.ts

@@ -0,0 +1,192 @@
+/**
+ * @vitest-environment jsdom
+ */
+
+import { act, renderHook } from '@testing-library/react'
+import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest'
+
+vi.mock('discovery.config', () => ({
+  __esModule: true,
+  default: {
+    api: { storeId: 'storeframework' },
+  },
+}))
+
+const mockFetch = vi.hoisted(() => vi.fn())
+vi.mock('isomorphic-unfetch', () => ({ __esModule: true, default: mockFetch }))
+
+import { useSetPassword } from '../../../src/sdk/account/useSetPassword'
+
+const okResponse = (body: unknown) => ({
+  ok: true,
+  statusText: 'OK',
+  json: async () => body,
+})
+
+const errorResponse = (body: unknown) => ({
+  ok: false,
+  statusText: 'Bad Request',
+  json: async () => body,
+})
+
+const validInput = {
+  userEmail: 'shopper@example.com',
+  currentPassword: 'OldPass123',
+  newPassword: 'NewPass123',
+}
+
+function getSetPasswordCall() {
+  return mockFetch.mock.calls.find((call) =>
+    String(call[0]).includes('setpassword')
+  )
+}
+
+function getStartLoginCall() {
+  return mockFetch.mock.calls.find((call) =>
+    String(call[0]).includes('/pub/authentication/start')
+  )
+}
+
+describe('useSetPassword', () => {
+  beforeEach(() => {
+    mockFetch.mockReset()
+  })
+
+  afterEach(() => {
+    vi.clearAllMocks()
+  })
+
+  it('posts to the new authenticator setpassword route with expireSessions and an', async () => {
+    mockFetch
+      .mockResolvedValueOnce(okResponse({})) // startLogin
+      .mockResolvedValueOnce(okResponse({ authStatus: 'success' }))
+
+    const { result } = renderHook(() => useSetPassword('myaccount'))
+
+    await act(async () => {
+      await result.current.setPassword(validInput)
+    })
+
+    const call = getSetPasswordCall()
+    expect(call).toBeDefined()
+
+    const url = String(call?.[0])
+    expect(url).toContain(
+      '/api/authenticator/pub/authentication/classic/setpassword'
+    )
+    expect(url).not.toContain('/api/vtexid/')
+    expect(url).toContain('expireSessions=true')
+    expect(url).toContain('an=myaccount')
+  })
+
+  it('posts to the new authenticator start route with an and credentials', async () => {
+    mockFetch
+      .mockResolvedValueOnce(okResponse({})) // startLogin
+      .mockResolvedValueOnce(okResponse({ authStatus: 'success' }))
+
+    const { result } = renderHook(() => useSetPassword('myaccount'))
+
+    await act(async () => {
+      await result.current.setPassword(validInput)
+    })
+
+    const call = getStartLoginCall()
+    expect(call).toBeDefined()
+
+    const url = String(call?.[0])
+    expect(url).toContain('/api/authenticator/pub/authentication/start')
+    expect(url).not.toContain('/api/vtexid/')
+    expect(url).toContain('an=myaccount')
+
+    const init = call?.[1] as RequestInit
+    expect(init?.method).toBe('POST')
+    expect(init?.credentials).toBe('include')
+
+    const body = init?.body as FormData
+    expect(body).toBeInstanceOf(FormData)
+    expect(body.get('user')).toBe(validInput.userEmail)
+    expect(body.get('scope')).toBe('myaccount')
+    expect(body.get('accountName')).toBe('myaccount')
+    expect(body.get('returnUrl')).toBe('/')
+  })
+
+  it('sends a POST with credentials and the expected form-data body', async () => {
+    mockFetch
+      .mockResolvedValueOnce(okResponse({}))
+      .mockResolvedValueOnce(okResponse({ authStatus: 'success' }))
+
+    const { result } = renderHook(() => useSetPassword('myaccount'))
+
+    await act(async () => {
+      await result.current.setPassword(validInput)
+    })
+
+    const call = getSetPasswordCall()
+    const init = call?.[1] as RequestInit
+
+    expect(init?.method).toBe('POST')
+    expect(init?.credentials).toBe('include')
+
+    const body = init?.body as FormData
+    expect(body).toBeInstanceOf(FormData)
+    expect(body.get('login')).toBe(validInput.userEmail)
+    expect(body.get('currentPassword')).toBe(validInput.currentPassword)
+    expect(body.get('newPassword')).toBe(validInput.newPassword)
+  })
+
+  it('returns success when the endpoint reports authStatus success', async () => {
+    mockFetch
+      .mockResolvedValueOnce(okResponse({}))
+      .mockResolvedValueOnce(okResponse({ authStatus: 'success' }))
+
+    const { result } = renderHook(() => useSetPassword('myaccount'))
+
+    let outcome: { success: boolean; message: string } | undefined
+    await act(async () => {
+      outcome = await result.current.setPassword(validInput)
+    })
+
+    expect(outcome).toEqual({
+      success: true,
+      message: 'Password set successfully',
+    })
+  })
+
+  it('maps wrongcredentials error responses to the existing message', async () => {
+    mockFetch
+      .mockResolvedValueOnce(okResponse({}))
+      .mockResolvedValueOnce(errorResponse({ authStatus: 'wrongcredentials' }))
+
+    const { result } = renderHook(() => useSetPassword('myaccount'))
+
+    let outcome: { success: boolean; message: string } | undefined
+    await act(async () => {
+      outcome = await result.current.setPassword(validInput)
+    })
+
+    expect(outcome).toEqual({ success: false, message: 'Wrong credentials' })
+  })
+
+  it('falls back to config.api.storeId when accountName is missing', async () => {
+    mockFetch
+      .mockResolvedValueOnce(okResponse({}))
+      .mockResolvedValueOnce(okResponse({ authStatus: 'success' }))
+
+    const { result } = renderHook(() => useSetPassword())
+
+    await act(async () => {
+      await result.current.setPassword(validInput)
+    })
+
+    const setPasswordUrl = String(getSetPasswordCall()?.[0])
+    expect(setPasswordUrl).toContain('an=storeframework')
+
+    const startLoginCall = getStartLoginCall()
+    const startLoginUrl = String(startLoginCall?.[0])
+    expect(startLoginUrl).toContain('an=storeframework')
+
+    const startBody = (startLoginCall?.[1] as RequestInit)?.body as FormData
+    expect(startBody.get('scope')).toBe('storeframework')
+    expect(startBody.get('accountName')).toBe('storeframework')
+  })
+})