npm - @open-mercato/core - Versions diffs - 0.4.2-canary-15c0b23a3a → 0.4.2-canary-da2b080494 - Mend

@open-mercato/core 0.4.2-canary-15c0b23a3a → 0.4.2-canary-da2b080494

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (433) hide show

package/src/modules/auth/api/sidebar/preferences/route.ts CHANGED Viewed

@@ -64,16 +64,12 @@ export async function GET(req: Request) {
     { tenantId: auth.tenantId ?? null, organizationId: auth.orgId ?? null },
   ) ?? false
-  // For API key auth, use userId (the actual user) if available
-  const effectiveUserId = auth.isApiKey ? auth.userId : auth.sub
-  const settings = effectiveUserId
-    ? await loadSidebarPreference(em, {
-        userId: effectiveUserId,
-        tenantId: auth.tenantId ?? null,
-        organizationId: auth.orgId ?? null,
-        locale,
-      })
-    : null
+  const settings = await loadSidebarPreference(em, {
+    userId: auth.sub,
+    tenantId: auth.tenantId ?? null,
+    organizationId: auth.orgId ?? null,
+    locale,
+  })
   let rolesPayload: Array<{ id: string; name: string; hasPreference: boolean }> = []
   if (canApplyToRoles) {
@@ -96,11 +92,11 @@ export async function GET(req: Request) {
   return NextResponse.json({
     locale,
     settings: {
-      version: settings?.version ?? SIDEBAR_PREFERENCES_VERSION,
-      groupOrder: settings?.groupOrder ?? [],
-      groupLabels: settings?.groupLabels ?? {},
-      itemLabels: settings?.itemLabels ?? {},
-      hiddenItems: settings?.hiddenItems ?? [],
+      version: settings.version ?? SIDEBAR_PREFERENCES_VERSION,
+      groupOrder: settings.groupOrder ?? [],
+      groupLabels: settings.groupLabels ?? {},
+      itemLabels: settings.itemLabels ?? {},
+      hiddenItems: settings.hiddenItems ?? [],
     },
     canApplyToRoles,
     roles: rolesPayload,
@@ -110,11 +106,6 @@ export async function GET(req: Request) {
 export async function PUT(req: Request) {
   const auth = await getAuthFromRequest(req)
   if (!auth) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
-  // For API key auth, use userId (the actual user) if available
-  const effectiveUserId = auth.isApiKey ? auth.userId : auth.sub
-  if (!effectiveUserId) {
-    return NextResponse.json({ error: 'Cannot save preferences: no user associated with this API key' }, { status: 403 })
-  }
   let parsedBody: unknown
   try {
@@ -191,7 +182,7 @@ export async function PUT(req: Request) {
   }
   const settings = await saveSidebarPreference(em, {
-    userId: effectiveUserId,
+    userId: auth.sub,
     tenantId: auth.tenantId ?? null,
     organizationId: auth.orgId ?? null,
     locale,

package/src/modules/auth/api/users/route.ts CHANGED Viewed

@@ -15,7 +15,6 @@ import type { EntityManager } from '@mikro-orm/postgresql'
 import { userCrudEvents, userCrudIndexer } from '@open-mercato/core/modules/auth/commands/users'
 import { findWithDecryption } from '@open-mercato/shared/lib/encryption/find'
 import { escapeLikePattern } from '@open-mercato/shared/lib/db/escapeLikePattern'
-import { buildPasswordSchema } from '@open-mercato/shared/lib/auth/passwordPolicy'
 const querySchema = z.object({
   id: z.string().uuid().optional(),
@@ -28,11 +27,9 @@ const querySchema = z.object({
 const rawBodySchema = z.object({}).passthrough()
-const passwordSchema = buildPasswordSchema()
 const userCreateSchema = z.object({
   email: z.string().email(),
-  password: passwordSchema,
+  password: z.string().min(6),
   organizationId: z.string().uuid(),
   roles: z.array(z.string()).optional(),
 })
@@ -40,7 +37,7 @@ const userCreateSchema = z.object({
 const userUpdateSchema = z.object({
   id: z.string().uuid(),
   email: z.string().email().optional(),
-  password: passwordSchema.optional(),
+  password: z.string().min(6).optional(),
   organizationId: z.string().uuid().optional(),
   roles: z.array(z.string()).optional(),
 })

package/src/modules/auth/backend/roles/[id]/edit/page.tsx CHANGED Viewed

@@ -6,7 +6,7 @@ import { apiCall } from '@open-mercato/ui/backend/utils/apiCall'
 import { deleteCrud, updateCrud } from '@open-mercato/ui/backend/utils/crud'
 import { collectCustomFieldValues } from '@open-mercato/ui/backend/utils/customFieldValues'
 import { AclEditor, type AclData } from '@open-mercato/core/modules/auth/components/AclEditor'
-import { WidgetVisibilityEditor, type WidgetVisibilityEditorHandle } from '@open-mercato/core/modules/dashboards/components/WidgetVisibilityEditor'
+import { WidgetVisibilityEditor } from '@open-mercato/core/modules/dashboards/components/WidgetVisibilityEditor'
 import { E } from '#generated/entities.ids.generated'
 import { TenantSelect } from '@open-mercato/core/modules/directory/components/TenantSelect'
 import { useT } from '@open-mercato/shared/lib/i18n/context'
@@ -37,7 +37,6 @@ export default function EditRolePage({ params }: { params?: { id?: string } }) {
   const [aclData, setAclData] = React.useState<AclData>({ isSuperAdmin: false, features: [], organizations: null })
   const [actorIsSuperAdmin, setActorIsSuperAdmin] = React.useState(false)
   const [selectedTenantId, setSelectedTenantId] = React.useState<string | null>(null)
-  const widgetEditorRef = React.useRef<WidgetVisibilityEditorHandle | null>(null)
   React.useEffect(() => {
     if (!id) return
@@ -154,7 +153,6 @@ export default function EditRolePage({ params }: { params?: { id?: string } }) {
             kind="role"
             targetId={String(id)}
             tenantId={selectedTenantId ?? (initial?.tenantId ?? null)}
-            ref={widgetEditorRef}
           />
         )
         : null),
@@ -193,7 +191,6 @@ export default function EditRolePage({ params }: { params?: { id?: string } }) {
             await updateCrud('auth/roles/acl', { roleId: id, tenantId: effectiveTenantId, ...aclData }, {
               errorMessage: t('auth.roles.form.errors.aclUpdate', 'Failed to update role access control'),
             })
-            await widgetEditorRef.current?.save()
             try { window.dispatchEvent(new Event('om:refresh-sidebar')) } catch {}
           }}
           onDelete={async () => {

package/src/modules/auth/backend/roles/page.tsx CHANGED Viewed

@@ -117,9 +117,9 @@ export default function RolesListPage() {
           onSearchChange={(v) => { setSearch(v); setPage(1) }}
           rowActions={(row) => (
             <RowActions items={[
-              { id: 'edit', label: t('common.edit', 'Edit'), href: `/backend/roles/${row.id}/edit` },
-              { id: 'show-users', label: t('auth.roles.list.actions.showUsers', 'Show users'), href: `/backend/users?roleId=${encodeURIComponent(row.id)}` },
-              { id: 'delete', label: t('common.delete', 'Delete'), destructive: true, onSelect: () => { void handleDelete(row) } },
+              { label: t('common.edit', 'Edit'), href: `/backend/roles/${row.id}/edit` },
+              { label: t('auth.roles.list.actions.showUsers', 'Show users'), href: `/backend/users?roleId=${encodeURIComponent(row.id)}` },
+              { label: t('common.delete', 'Delete'), destructive: true, onSelect: () => { void handleDelete(row) } },
             ]} />
           )}
           sortable

package/src/modules/auth/backend/users/[id]/edit/page.tsx CHANGED Viewed

@@ -10,9 +10,8 @@ import { AclEditor, type AclData } from '@open-mercato/core/modules/auth/compone
 import { OrganizationSelect } from '@open-mercato/core/modules/directory/components/OrganizationSelect'
 import { TenantSelect } from '@open-mercato/core/modules/directory/components/TenantSelect'
 import { fetchRoleOptions } from '@open-mercato/core/modules/auth/backend/users/roleOptions'
-import { WidgetVisibilityEditor, type WidgetVisibilityEditorHandle } from '@open-mercato/core/modules/dashboards/components/WidgetVisibilityEditor'
+import { WidgetVisibilityEditor } from '@open-mercato/core/modules/dashboards/components/WidgetVisibilityEditor'
 import { useT } from '@open-mercato/shared/lib/i18n/context'
-import { formatPasswordRequirements, getPasswordPolicy } from '@open-mercato/shared/lib/auth/passwordPolicy'
 type EditUserFormValues = {
   email: string
@@ -109,17 +108,6 @@ export default function EditUserPage({ params }: { params?: { id?: string } }) {
   const [aclData, setAclData] = React.useState<AclData>({ isSuperAdmin: false, features: [], organizations: null })
   const [customFieldValues, setCustomFieldValues] = React.useState<Record<string, unknown>>({})
   const [actorIsSuperAdmin, setActorIsSuperAdmin] = React.useState(false)
-  const widgetEditorRef = React.useRef<WidgetVisibilityEditorHandle | null>(null)
-  const passwordPolicy = React.useMemo(() => getPasswordPolicy(), [])
-  const passwordRequirements = React.useMemo(
-    () => formatPasswordRequirements(passwordPolicy, t),
-    [passwordPolicy, t],
-  )
-  const passwordDescription = React.useMemo(() => (
-    passwordRequirements
-      ? t('auth.password.requirements.help', 'Password requirements: {requirements}', { requirements: passwordRequirements })
-      : undefined
-  ), [passwordRequirements, t])
   React.useEffect(() => {
     if (!id) {
@@ -213,12 +201,7 @@ export default function EditUserPage({ params }: { params?: { id?: string } }) {
   const fields: CrudField[] = React.useMemo(() => {
     const items: CrudField[] = [
       { id: 'email', label: t('auth.users.form.field.email', 'Email'), type: 'text', required: true },
-      {
-        id: 'password',
-        label: t('auth.users.form.field.password', 'Password'),
-        type: 'text',
-        description: passwordDescription,
-      },
+      { id: 'password', label: t('auth.users.form.field.password', 'Password'), type: 'text' },
     ]
     if (actorIsSuperAdmin) {
       items.push({
@@ -268,7 +251,7 @@ export default function EditUserPage({ params }: { params?: { id?: string } }) {
     })
     items.push({ id: 'roles', label: t('auth.users.form.field.roles', 'Roles'), type: 'tags', loadOptions: loadRoleOptions })
     return items
-  }, [actorIsSuperAdmin, loadRoleOptions, passwordDescription, preloadedTenants, selectedOrgId, selectedTenantId, t])
+  }, [actorIsSuperAdmin, loadRoleOptions, preloadedTenants, selectedOrgId, selectedTenantId, t])
   const detailFieldIds = React.useMemo(() => {
     const base: string[] = ['email', 'password', 'organizationId', 'roles']
@@ -309,7 +292,6 @@ export default function EditUserPage({ params }: { params?: { id?: string } }) {
             targetId={String(id)}
             tenantId={selectedTenantId ?? null}
             organizationId={initialUser?.organizationId ?? null}
-            ref={widgetEditorRef}
           />
         ) : null
       ),
@@ -372,7 +354,6 @@ export default function EditUserPage({ params }: { params?: { id?: string } }) {
             await updateCrud('auth/users/acl', { userId: id, ...aclData }, {
               errorMessage: t('auth.users.form.errors.aclUpdate', 'Failed to update user access control'),
             })
-            await widgetEditorRef.current?.save()
             try { window.dispatchEvent(new Event('om:refresh-sidebar')) } catch {}
           }}
           onDelete={async () => {

package/src/modules/auth/backend/users/create/page.tsx CHANGED Viewed

@@ -11,7 +11,6 @@ import { TenantSelect } from '@open-mercato/core/modules/directory/components/Te
 import { fetchRoleOptions } from '@open-mercato/core/modules/auth/backend/users/roleOptions'
 import { Spinner } from '@open-mercato/ui/primitives/spinner'
 import { useT } from '@open-mercato/shared/lib/i18n/context'
-import { formatPasswordRequirements, getPasswordPolicy } from '@open-mercato/shared/lib/auth/passwordPolicy'
 type CreateUserFormValues = {
   email: string
@@ -85,16 +84,6 @@ export default function CreateUserPage() {
   const [selectedWidgets, setSelectedWidgets] = React.useState<string[]>([])
   const [selectedTenantId, setSelectedTenantId] = React.useState<string | null>(null)
   const [actorIsSuperAdmin, setActorIsSuperAdmin] = React.useState(false)
-  const passwordPolicy = React.useMemo(() => getPasswordPolicy(), [])
-  const passwordRequirements = React.useMemo(
-    () => formatPasswordRequirements(passwordPolicy, t),
-    [passwordPolicy, t],
-  )
-  const passwordDescription = React.useMemo(() => (
-    passwordRequirements
-      ? t('auth.password.requirements.help', 'Password requirements: {requirements}', { requirements: passwordRequirements })
-      : undefined
-  ), [passwordRequirements, t])
   React.useEffect(() => {
     let cancelled = false
@@ -167,13 +156,7 @@ export default function CreateUserPage() {
   const fields: CrudField[] = React.useMemo(() => {
     const items: CrudField[] = [
       { id: 'email', label: t('auth.users.form.field.email', 'Email'), type: 'text', required: true },
-      {
-        id: 'password',
-        label: t('auth.users.form.field.password', 'Password'),
-        type: 'text',
-        required: true,
-        description: passwordDescription,
-      },
+      { id: 'password', label: t('auth.users.form.field.password', 'Password'), type: 'text', required: true },
     ]
     if (actorIsSuperAdmin) {
       items.push({
@@ -220,7 +203,7 @@ export default function CreateUserPage() {
     })
     items.push({ id: 'roles', label: t('auth.users.form.field.roles', 'Roles'), type: 'tags', loadOptions: loadRoleOptions })
     return items
-  }, [actorIsSuperAdmin, loadRoleOptions, passwordDescription, selectedTenantId, t])
+  }, [actorIsSuperAdmin, loadRoleOptions, selectedTenantId, t])
   const detailFieldIds = React.useMemo(() => {
     const base: string[] = ['email', 'password', 'organizationId', 'roles']

package/src/modules/auth/backend/users/page.tsx CHANGED Viewed

@@ -383,9 +383,9 @@ export default function UsersListPage() {
           perspective={{ tableId: 'auth.users.list' }}
           rowActions={(row) => (
             <RowActions items={[
-              { id: 'edit', label: t('common.edit', 'Edit'), href: `/backend/users/${row.id}/edit` },
-              { id: 'show-roles', label: t('auth.users.list.actions.showRoles', 'Show roles'), href: `/backend/roles?userId=${encodeURIComponent(row.id)}` },
-              { id: 'delete', label: t('common.delete', 'Delete'), destructive: true, onSelect: () => { void handleDelete(row) } },
+              { label: t('common.edit', 'Edit'), href: `/backend/users/${row.id}/edit` },
+              { label: t('auth.users.list.actions.showRoles', 'Show roles'), href: `/backend/roles?userId=${encodeURIComponent(row.id)}` },
+              { label: t('common.delete', 'Delete'), destructive: true, onSelect: () => { void handleDelete(row) } },
             ]} />
           )}
           pagination={{ page, pageSize: 50, total, totalPages, onPageChange: setPage }}

package/src/modules/auth/cli.ts CHANGED Viewed

@@ -16,8 +16,6 @@ import { decryptWithAesGcm } from '@open-mercato/shared/lib/encryption/aes'
 import { env } from 'process'
 import type { KmsService, TenantDek } from '@open-mercato/shared/lib/encryption/kms'
 import crypto from 'node:crypto'
-import { formatPasswordRequirements, getPasswordPolicy, validatePassword } from '@open-mercato/shared/lib/auth/passwordPolicy'
-import { parseBooleanToken } from '@open-mercato/shared/lib/boolean'
 const addUser: ModuleCli = {
   command: 'add-user',
@@ -36,7 +34,6 @@ const addUser: ModuleCli = {
       console.error('Usage: mercato auth add-user --email <email> --password <password> --organizationId <id> [--roles customer,employee]')
       return
     }
-    if (!ensurePasswordPolicy(password)) return
     const { resolve } = await createRequestContainer()
     const em = resolve('em') as any
     const org =
@@ -105,16 +102,6 @@ function hashSecret(value: string | null | undefined): string | null {
   return crypto.createHash('sha256').update(normalizeKeyInput(value)).digest('hex').slice(0, 12)
 }
-function ensurePasswordPolicy(password: string): boolean {
-  const policy = getPasswordPolicy()
-  const result = validatePassword(password, policy)
-  if (result.ok) return true
-  const requirements = formatPasswordRequirements(policy, (_key, fallback) => fallback)
-  const suffix = requirements ? `: ${requirements}` : ''
-  console.error(`Password does not meet the requirements${suffix}.`)
-  return false
-}
 async function withEncryptionDebugDisabled<T>(fn: () => Promise<T>): Promise<T> {
   const previous = process.env.TENANT_DATA_ENCRYPTION_DEBUG
   process.env.TENANT_DATA_ENCRYPTION_DEBUG = 'no'
@@ -405,33 +392,20 @@ const addOrganization: ModuleCli = {
 const setupApp: ModuleCli = {
   command: 'setup',
   async run(rest) {
-    const args = parseArgs(rest)
-    const orgName = typeof args.orgName === 'string'
-      ? args.orgName
-      : typeof args.name === 'string'
-        ? args.name
-        : undefined
-    const email = typeof args.email === 'string' ? args.email : undefined
-    const password = typeof args.password === 'string' ? args.password : undefined
-    const rolesCsv = typeof args.roles === 'string'
-      ? args.roles.trim()
-      : 'superadmin,admin,employee'
-    const skipPasswordPolicyRaw =
-      args['skip-password-policy'] ??
-      args.skipPasswordPolicy ??
-      args['allow-weak-password'] ??
-      args.allowWeakPassword
-    const skipPasswordPolicy = typeof skipPasswordPolicyRaw === 'boolean'
-      ? skipPasswordPolicyRaw
-      : parseBooleanToken(typeof skipPasswordPolicyRaw === 'string' ? skipPasswordPolicyRaw : null) ?? false
+    const args: Record<string, string> = {}
+    for (let i = 0; i < rest.length; i += 2) {
+      const k = rest[i]?.replace(/^--/, '')
+      const v = rest[i + 1]
+      if (k) args[k] = v
+    }
+    const orgName = args.orgName || args.name
+    const email = args.email
+    const password = args.password
+    const rolesCsv = (args.roles ?? 'superadmin,admin,employee').trim()
     if (!orgName || !email || !password) {
-      console.error('Usage: mercato auth setup --orgName <name> --email <email> --password <password> [--roles superadmin,admin,employee] [--skip-password-policy]')
+      console.error('Usage: mercato auth setup --orgName <name> --email <email> --password <password> [--roles superadmin,admin,employee]')
       return
     }
-    if (!skipPasswordPolicy && !ensurePasswordPolicy(password)) return
-    if (skipPasswordPolicy) {
-      console.warn('⚠️  Password policy validation skipped for setup.')
-    }
     const { resolve } = await createRequestContainer()
     const em = resolve<EntityManager>('em')
     const roleNames = rolesCsv
@@ -621,7 +595,6 @@ const setPassword: ModuleCli = {
       console.error('Usage: mercato auth set-password --email <email> --password <newPassword>')
       return
     }
-    if (!ensurePasswordPolicy(password)) return
     const { resolve } = await createRequestContainer()
     const em = resolve('em') as any

package/src/modules/auth/commands/users.ts CHANGED Viewed

@@ -27,10 +27,6 @@ import {
 import { normalizeTenantId } from '@open-mercato/core/modules/auth/lib/tenantAccess'
 import { computeEmailHash } from '@open-mercato/core/modules/auth/lib/emailHash'
 import { findOneWithDecryption, findWithDecryption } from '@open-mercato/shared/lib/encryption/find'
-import { buildNotificationFromType } from '@open-mercato/core/modules/notifications/lib/notificationBuilder'
-import { resolveNotificationService } from '@open-mercato/core/modules/notifications/lib/notificationService'
-import notificationTypes from '@open-mercato/core/modules/auth/notifications'
-import { buildPasswordSchema } from '@open-mercato/shared/lib/auth/passwordPolicy'
 type SerializedUser = {
   email: string
@@ -67,11 +63,9 @@ type UserSnapshots = {
   undo: UserUndoSnapshot
 }
-const passwordSchema = buildPasswordSchema()
 const createSchema = z.object({
   email: z.string().email(),
-  password: passwordSchema,
+  password: z.string().min(6),
   organizationId: z.string().uuid(),
   roles: z.array(z.string()).optional(),
 })
@@ -79,7 +73,7 @@ const createSchema = z.object({
 const updateSchema = z.object({
   id: z.string().uuid(),
   email: z.string().email().optional(),
-  password: passwordSchema.optional(),
+  password: z.string().min(6).optional(),
   organizationId: z.string().uuid().optional(),
   roles: z.array(z.string()).optional(),
 })
@@ -111,46 +105,6 @@ export const userCrudIndexer: CrudIndexerConfig = {
   }),
 }
-async function notifyRoleChanges(
-  ctx: CommandRuntimeContext,
-  user: User,
-  assignedRoles: string[],
-  revokedRoles: string[],
-): Promise<void> {
-  const tenantId = user.tenantId ? String(user.tenantId) : null
-  if (!tenantId) return
-  const organizationId = user.organizationId ? String(user.organizationId) : null
-  try {
-    const notificationService = resolveNotificationService(ctx.container)
-    if (assignedRoles.length) {
-      const assignedType = notificationTypes.find((type) => type.type === 'auth.role.assigned')
-      if (assignedType) {
-        const notificationInput = buildNotificationFromType(assignedType, {
-          recipientUserId: String(user.id),
-          sourceEntityType: 'auth:user',
-          sourceEntityId: String(user.id),
-        })
-        await notificationService.create(notificationInput, { tenantId, organizationId })
-      }
-    }
-    if (revokedRoles.length) {
-      const revokedType = notificationTypes.find((type) => type.type === 'auth.role.revoked')
-      if (revokedType) {
-        const notificationInput = buildNotificationFromType(revokedType, {
-          recipientUserId: String(user.id),
-          sourceEntityType: 'auth:user',
-          sourceEntityId: String(user.id),
-        })
-        await notificationService.create(notificationInput, { tenantId, organizationId })
-      }
-    }
-  } catch (err) {
-    console.error('[auth.users.roles] Failed to create notification:', err)
-  }
-}
 const createUserCommand: CommandHandler<Record<string, unknown>, User> = {
   id: 'auth.users.create',
   async execute(rawInput, ctx) {
@@ -193,10 +147,8 @@ const createUserCommand: CommandHandler<Record<string, unknown>, User> = {
       throw error
     }
-    let assignedRoles: string[] = []
     if (Array.isArray(parsed.roles) && parsed.roles.length) {
       await syncUserRoles(em, user, parsed.roles, tenantId)
-      assignedRoles = await loadUserRoleNames(em, String(user.id))
     }
     await setCustomFieldsIfAny({
@@ -221,10 +173,6 @@ const createUserCommand: CommandHandler<Record<string, unknown>, User> = {
       indexer: userCrudIndexer,
     })
-    if (assignedRoles.length) {
-      await notifyRoleChanges(ctx, user, assignedRoles, [])
-    }
     return user
   },
   captureAfter: async (_input, result, ctx) => {
@@ -340,9 +288,6 @@ const updateUserCommand: CommandHandler<Record<string, unknown>, User> = {
   async execute(rawInput, ctx) {
     const { parsed, custom } = parseWithCustomFields(updateSchema, rawInput)
     const em = (ctx.container.resolve('em') as EntityManager)
-    const rolesBefore = Array.isArray(parsed.roles)
-      ? await loadUserRoleNames(em, parsed.id)
-      : null
     if (parsed.email !== undefined) {
       const emailHash = computeEmailHash(parsed.email)
@@ -432,14 +377,6 @@ const updateUserCommand: CommandHandler<Record<string, unknown>, User> = {
       indexer: userCrudIndexer,
     })
-    if (Array.isArray(parsed.roles) && rolesBefore) {
-      const rolesAfter = await loadUserRoleNames(em, String(user.id))
-      const { assigned, revoked } = diffRoleChanges(rolesBefore, rolesAfter)
-      if (assigned.length || revoked.length) {
-        await notifyRoleChanges(ctx, user, assigned, revoked)
-      }
-    }
     await invalidateUserCache(ctx, parsed.id)
     return user
@@ -835,14 +772,6 @@ async function invalidateUserCache(ctx: CommandRuntimeContext, userId: string) {
   }
 }
-function diffRoleChanges(before: string[], after: string[]) {
-  const beforeSet = new Set(before)
-  const afterSet = new Set(after)
-  const assigned = after.filter((role) => !beforeSet.has(role))
-  const revoked = before.filter((role) => !afterSet.has(role))
-  return { assigned, revoked }
-}
 function arrayEquals(left: string[] | undefined, right: string[]): boolean {
   if (!left) return false
   if (left.length !== right.length) return false

package/src/modules/auth/data/validators.ts CHANGED Viewed

@@ -1,7 +1,4 @@
 import { z } from 'zod'
-import { buildPasswordSchema } from '@open-mercato/shared/lib/auth/passwordPolicy'
-const passwordSchema = buildPasswordSchema()
 // Core auth validators
 export const userLoginSchema = z.object({
@@ -16,7 +13,7 @@ export const requestPasswordResetSchema = z.object({
 export const confirmPasswordResetSchema = z.object({
   token: z.string().min(10),
-  password: passwordSchema,
+  password: z.string().min(6),
 })
 export const sidebarPreferencesInputSchema = z.object({
@@ -32,7 +29,7 @@ export const sidebarPreferencesInputSchema = z.object({
 // Optional helpers for CLI or admin forms
 export const userCreateSchema = z.object({
   email: z.string().email(),
-  password: passwordSchema,
+  password: z.string().min(6),
   tenantId: z.string().uuid().optional(),
   organizationId: z.string().uuid(),
   rolesCsv: z.string().optional(),

package/src/modules/auth/frontend/reset/[token]/page.tsx CHANGED Viewed

@@ -4,20 +4,11 @@ import { Input } from '@open-mercato/ui/primitives/input'
 import { Label } from '@open-mercato/ui/primitives/label'
 import { useState } from 'react'
 import { useRouter } from 'next/navigation'
-import { apiCall } from '@open-mercato/ui/backend/utils/apiCall'
-import { useT } from '@open-mercato/shared/lib/i18n/context'
-import { formatPasswordRequirements, getPasswordPolicy } from '@open-mercato/shared/lib/auth/passwordPolicy'
 export default function ResetWithTokenPage({ params }: { params: { token: string } }) {
   const router = useRouter()
-  const t = useT()
   const [error, setError] = useState<string | null>(null)
   const [submitting, setSubmitting] = useState(false)
-  const passwordPolicy = getPasswordPolicy()
-  const passwordRequirements = formatPasswordRequirements(passwordPolicy, t)
-  const passwordDescription = passwordRequirements
-    ? t('auth.password.requirements.help', 'Password requirements: {requirements}', { requirements: passwordRequirements })
-    : ''
   async function onSubmit(e: React.FormEvent<HTMLFormElement>) {
     e.preventDefault()
@@ -26,15 +17,13 @@ export default function ResetWithTokenPage({ params }: { params: { token: string
     try {
       const form = new FormData(e.currentTarget)
       form.set('token', params.token)
-      const { ok, result } = await apiCall<{ ok?: boolean; error?: string; redirect?: string }>(
-        '/api/auth/reset/confirm',
-        { method: 'POST', body: form },
-      )
-      if (!ok || result?.ok === false) {
-        setError(result?.error || t('auth.reset.errors.failed', 'Unable to reset password'))
+      const res = await fetch('/api/auth/reset/confirm', { method: 'POST', body: form })
+      const data = await res.json().catch(() => null)
+      if (!res.ok) {
+        setError(data?.error || 'Unable to reset password')
         return
       }
-      router.replace(result?.redirect || '/login')
+      router.replace(data?.redirect || '/login')
     } finally {
       setSubmitting(false)
     }
@@ -44,21 +33,18 @@ export default function ResetWithTokenPage({ params }: { params: { token: string
     <div className="min-h-svh flex items-center justify-center p-4">
       <Card className="w-full max-w-sm">
         <CardHeader>
-          <CardTitle>{t('auth.reset.title', 'Set a new password')}</CardTitle>
-          <CardDescription>{t('auth.reset.subtitle', 'Choose a strong password for your account.')}</CardDescription>
+          <CardTitle>Set a new password</CardTitle>
+          <CardDescription>Choose a strong password for your account.</CardDescription>
         </CardHeader>
         <CardContent>
           <form className="grid gap-3" onSubmit={onSubmit}>
             {error && <div className="text-sm text-red-600">{error}</div>}
             <div className="grid gap-1">
-              <Label htmlFor="password">{t('auth.reset.form.password', 'New password')}</Label>
-              <Input id="password" name="password" type="password" required minLength={passwordPolicy.minLength} />
-              {passwordDescription ? (
-                <p className="text-xs text-muted-foreground">{passwordDescription}</p>
-              ) : null}
+              <Label htmlFor="password">New password</Label>
+              <Input id="password" name="password" type="password" required minLength={6} />
             </div>
             <button disabled={submitting} className="h-10 rounded-md bg-foreground text-background mt-2 hover:opacity-90 transition disabled:opacity-60">
-              {submitting ? t('auth.reset.form.loading', '...') : t('auth.reset.form.submit', 'Update password')}
+              {submitting ? '...' : 'Update password'}
             </button>
           </form>
         </CardContent>
@@ -66,3 +52,4 @@ export default function ResetWithTokenPage({ params }: { params: { token: string
     </div>
   )
 }