@mindfulauth/core 2.0.1 → 3.0.0

package/dist/authScripts/RegisterPasswordScript.astro

@@ -0,0 +1,118 @@
+---
+// Mindful Auth - Register Password Script Component
+// Provides: Password registration form handling
+---
+<script is:inline>
+// Register password script - Astro Optimized
+async function handleRegisterSubmit(event) {
+    event.preventDefault();
+    const form = event.target;
+    const messageEl = document.querySelector('[data-mindfulauth-field="message"]');
+    const nameInput = form.querySelector('[data-mindfulauth-field="name"]');
+    const emailInput = form.querySelector('[data-mindfulauth-field="email"]');
+    const passwordInput = form.querySelector('[data-mindfulauth-field="password"]');
+    const confirmPasswordInput = form.querySelector('[data-mindfulauth-field="confirm-password"]');
+    const submitBtn = form.querySelector('button[type="submit"]');
+
+    // Skip API call on localhost to prevent production logs pollution
+    const hostname = window.location.hostname;
+    if (hostname === 'localhost' || hostname === '127.0.0.1' || hostname.endsWith('.local')) {
+        messageEl.textContent = 'Registration is disabled on localhost. Use a real domain for testing.';
+        console.log('[Register] Blocked form submission on localhost');
+        return;
+    }
+
+    // Clear previous messages
+    messageEl.textContent = '';
+
+    // Client-side validation
+    if (!nameInput.value.trim()) {
+        messageEl.textContent = 'Name is required.';
+        return;
+    }
+
+    if (!emailInput.value.trim()) {
+        messageEl.textContent = 'Email is required.';
+        return;
+    }
+
+    if (passwordInput.value.length < 8) {
+        messageEl.textContent = 'Password must be at least 8 characters.';
+        return;
+    }
+
+    if (passwordInput.value !== confirmPasswordInput.value) {
+        messageEl.textContent = 'Passwords do not match.';
+        return;
+    }
+
+    messageEl.textContent = 'Validating password...';
+    submitBtn.disabled = true;
+
+    try {
+        // First validate password against policy
+        const passwordValidateResponse = await window.apiFetch('/auth/validate-password', {
+            body: JSON.stringify({
+                password: passwordInput.value
+            })
+        });
+
+        const passwordValidateResult = await passwordValidateResponse.json();
+        if (!passwordValidateResult.success) {
+            throw new Error(passwordValidateResult.message);
+        }
+
+        messageEl.textContent = 'Creating account...';
+
+        // Get Turnstile token
+        const turnstileResponse = form.querySelector('[name="cf-turnstile-response"]')?.value;
+        if (!turnstileResponse) {
+            throw new Error('Bot protection validation required.');
+        }
+
+        // Register user via Mindful Auth API (backend validates Turnstile)
+        const registerResponse = await window.apiFetch('/auth/register-password', {
+            body: JSON.stringify({
+                name: nameInput.value.trim(),
+                email: emailInput.value.trim(),
+                password: passwordInput.value,
+                'cf-turnstile-response': turnstileResponse
+            })
+        });
+
+        const registerResult = await registerResponse.json();
+        if (!registerResult.success) {
+            throw new Error(registerResult.message || 'Registration failed. Please try again.');
+        }
+
+        // Success
+        messageEl.textContent = registerResult.message || 'Account created successfully! Please check your email to verify your account.';
+        form.reset();
+
+        // Don't auto-redirect - user needs to verify email first
+        // Show link to login page (using safe DOM manipulation)
+        setTimeout(() => {
+            const loginLink = document.createElement('p');
+            const anchor = document.createElement('a');
+            anchor.href = '/login';
+            anchor.textContent = 'Return to login page';
+            loginLink.appendChild(anchor);
+            messageEl.appendChild(loginLink);
+        }, 2000);
+
+    } catch (error) {
+        messageEl.textContent = `Error: ${error.message}`;
+    } finally {
+        submitBtn.disabled = false;
+        window.turnstile?.reset();
+    }
+}
+
+// --- MAIN EXECUTION ---
+document.addEventListener('DOMContentLoaded', function() {
+    const form = document.querySelector('[data-mindfulauth-form="register"]');
+    if (!form) return;
+    
+    form.addEventListener('submit', handleRegisterSubmit);
+});
+</script>

package/dist/authScripts/ResendVerificationScript.astro

@@ -0,0 +1,51 @@
+---
+// Mindful Auth - Resend Verification Script Component
+// Provides: Resend verification email form handling
+---
+<script is:inline>
+// Resend verification Script - Astro Optimized
+async function handleResendVerificationSubmit(event) {
+    event.preventDefault();
+    const form = event.target;
+    const emailInput = form.querySelector('[data-mindfulauth-field="email"]');
+    const messageEl = document.querySelector('[data-mindfulauth-field="message"]');
+    const submitBtn = form.querySelector('button[type="submit"]');
+
+    // Skip API call on localhost to prevent production logs pollution
+    const hostname = window.location.hostname;
+    if (hostname === 'localhost' || hostname === '127.0.0.1' || hostname.endsWith('.local')) {
+        messageEl.textContent = 'Resend verification is disabled on localhost. Use a real domain for testing.';
+        console.log('[Resend Verification] Blocked form submission on localhost');
+        return;
+    }
+
+    messageEl.textContent = 'Sending...';
+    submitBtn.disabled = true;
+
+    try {
+        const response = await window.apiFetch('/auth/resend-verification', {
+            body: JSON.stringify({
+                'cf-turnstile-response': form.querySelector('[name="cf-turnstile-response"]')?.value,
+                email: emailInput.value
+            })
+        });
+
+        const result = await response.json();
+        messageEl.textContent = result.message;
+
+    } catch (error) {
+        messageEl.textContent = 'An error occurred. Please try again.';
+    } finally {
+        submitBtn.disabled = false;
+        window.turnstile?.reset();
+    }
+}
+
+// --- MAIN EXECUTION ---
+document.addEventListener('DOMContentLoaded', function() {
+    const form = document.querySelector('[data-mindfulauth-form="resend-verification"]');
+    if (!form) return;
+    
+    form.addEventListener('submit', handleResendVerificationSubmit);
+});
+</script>

package/dist/authScripts/ResetPasswordScript.astro

@@ -0,0 +1,155 @@
+---
+// Mindful Auth - Reset Password Script Component
+// Provides: Reset password form handling with 2FA support
+---
+<script is:inline>
+// Reset password script - Astro Optimized
+function getPathParams() {
+    const pathParts = window.location.pathname.split('/');
+    return {
+        recordid: pathParts[2],
+        token: pathParts[3]
+    };
+}
+
+async function handleResetSubmit(event) {
+    event.preventDefault();
+    const form = event.target;
+    const messageEl = document.querySelector('[data-mindfulauth-field="message"]');
+    const newPasswordEl = form.querySelector('[data-mindfulauth-field="new-password"]');
+    const confirmPasswordEl = form.querySelector('[data-mindfulauth-field="confirm-password"]');
+    const twoFACodeEl = form.querySelector('[data-mindfulauth-field="twofa-code"]');
+    const submitBtn = form.querySelector('button[type="submit"]');
+
+    // Skip API call on localhost to prevent production logs pollution
+    const hostname = window.location.hostname;
+    if (hostname === 'localhost' || hostname === '127.0.0.1' || hostname.endsWith('.local')) {
+        messageEl.textContent = 'Password reset is disabled on localhost. Use a real domain for testing.';
+        console.log('[Reset Password] Blocked form submission on localhost');
+        return;
+    }
+
+    if (newPasswordEl.value !== confirmPasswordEl.value) {
+        messageEl.textContent = "Passwords do not match.";
+        return;
+    }
+
+    const { recordid, token } = getPathParams();
+
+    if (!recordid || !token) {
+        messageEl.textContent = "Invalid or expired link. Please request a new one.";
+        form.style.display = 'none';
+        return;
+    }
+
+    if (newPasswordEl.value !== confirmPasswordEl.value) {
+        messageEl.textContent = "Passwords do not match.";
+        return;
+    }
+
+    messageEl.textContent = "Validating password...";
+    submitBtn.disabled = true;
+
+    try {
+        // First validate password against policy
+        const passwordValidateResponse = await window.apiFetch('/auth/validate-password', {
+            body: JSON.stringify({ password: newPasswordEl.value })
+        });
+
+        const passwordValidateResult = await passwordValidateResponse.json();
+        if (!passwordValidateResult.success) {
+            throw new Error(passwordValidateResult.message);
+        }
+
+        // Check if user has 2FA enabled
+        messageEl.textContent = 'Checking security settings...';
+        const statusResponse = await window.apiFetch('/auth/get-2fa-status-by-record', {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify({ recordid })
+        });
+        const statusResult = await statusResponse.json();
+
+        // If 2FA is enabled and code not provided yet, show the input and wait
+        let twoFACode = null;
+        if (statusResult.isEnabled) {
+            if (!twoFACodeEl || !twoFACodeEl.value) {
+                // Show the 2FA input field aggressively
+                const twoFAContainer = form.querySelector('[data-mindfulauth-field="twofa-code-container"]');
+                if (twoFAContainer) {
+                    twoFAContainer.removeAttribute('hidden');
+                    twoFAContainer.classList && twoFAContainer.classList.remove('hidden');
+                    twoFAContainer.style.setProperty('display', 'block', 'important');
+                    // Try common display values
+                    if (window.getComputedStyle(twoFAContainer).display === 'none') {
+                        twoFAContainer.style.setProperty('display', 'flex', 'important');
+                    }
+                }
+                if (twoFACodeEl) {
+                    twoFACodeEl.focus();
+                }
+                messageEl.textContent = '2FA code is required for password reset.';
+                submitBtn.textContent = 'Reset Password with 2FA';
+                submitBtn.disabled = false;
+                return;
+            }
+            twoFACode = twoFACodeEl.value;
+            if (twoFACode.length !== 6) {
+                messageEl.textContent = 'Please enter a valid 6-digit 2FA code.';
+                submitBtn.disabled = false;
+                return;
+            }
+        }
+
+        messageEl.textContent = 'Resetting password...';
+
+        const requestBody = {
+            'cf-turnstile-response': form.querySelector('[name="cf-turnstile-response"]')?.value,
+            recordid,
+            token,
+            newPassword: newPasswordEl.value
+        };
+
+        if (twoFACode) {
+            requestBody.twoFACode = twoFACode;
+        }
+
+        const response = await window.apiFetch('/auth/reset-password', {
+            body: JSON.stringify(requestBody)
+        });
+        
+        const result = await response.json();
+        if (result.success) {
+            messageEl.textContent = result.message;
+            form.style.display = 'none';
+            // Redirect to login page after successful reset
+            if (result.redirect) {
+                setTimeout(() => {
+                    window.location.href = result.redirect;
+                }, 2000);
+            }
+        } else {
+            throw new Error(result.message);
+        }
+    } catch (error) {
+        messageEl.textContent = `Error: ${error.message}`;
+    } finally {
+        submitBtn.disabled = false;
+        window.turnstile?.reset();
+    }
+}
+
+// --- MAIN EXECUTION ---
+document.addEventListener('DOMContentLoaded', function() {
+    const form = document.querySelector('[data-mindfulauth-form="reset-password"]');
+    if (!form) return;
+
+    // Initially hide 2FA field - it will be shown during submit if needed
+    const twoFAContainer = form.querySelector('[data-mindfulauth-field="twofa-code-container"]');
+    if (twoFAContainer) {
+        twoFAContainer.style.display = 'none';
+    }
+
+    form.addEventListener('submit', handleResetSubmit);
+});
+</script>