@open-mercato/core 0.4.2-canary-3b5064ce72 → 0.4.2-canary-15e78de280

package/src/modules/auth/backend/users/[id]/edit/page.tsx

@@ -10,9 +10,8 @@ import { AclEditor, type AclData } from '@open-mercato/core/modules/auth/compone
 import { OrganizationSelect } from '@open-mercato/core/modules/directory/components/OrganizationSelect'
 import { TenantSelect } from '@open-mercato/core/modules/directory/components/TenantSelect'
 import { fetchRoleOptions } from '@open-mercato/core/modules/auth/backend/users/roleOptions'
-import { WidgetVisibilityEditor, type WidgetVisibilityEditorHandle } from '@open-mercato/core/modules/dashboards/components/WidgetVisibilityEditor'
+import { WidgetVisibilityEditor } from '@open-mercato/core/modules/dashboards/components/WidgetVisibilityEditor'
 import { useT } from '@open-mercato/shared/lib/i18n/context'
-import { formatPasswordRequirements, getPasswordPolicy } from '@open-mercato/shared/lib/auth/passwordPolicy'
 
 type EditUserFormValues = {
   email: string
@@ -109,17 +108,6 @@ export default function EditUserPage({ params }: { params?: { id?: string } }) {
   const [aclData, setAclData] = React.useState<AclData>({ isSuperAdmin: false, features: [], organizations: null })
   const [customFieldValues, setCustomFieldValues] = React.useState<Record<string, unknown>>({})
   const [actorIsSuperAdmin, setActorIsSuperAdmin] = React.useState(false)
-  const widgetEditorRef = React.useRef<WidgetVisibilityEditorHandle | null>(null)
-  const passwordPolicy = React.useMemo(() => getPasswordPolicy(), [])
-  const passwordRequirements = React.useMemo(
-    () => formatPasswordRequirements(passwordPolicy, t),
-    [passwordPolicy, t],
-  )
-  const passwordDescription = React.useMemo(() => (
-    passwordRequirements
-      ? t('auth.password.requirements.help', 'Password requirements: {requirements}', { requirements: passwordRequirements })
-      : undefined
-  ), [passwordRequirements, t])
 
   React.useEffect(() => {
     if (!id) {
@@ -213,12 +201,7 @@ export default function EditUserPage({ params }: { params?: { id?: string } }) {
   const fields: CrudField[] = React.useMemo(() => {
     const items: CrudField[] = [
       { id: 'email', label: t('auth.users.form.field.email', 'Email'), type: 'text', required: true },
-      {
-        id: 'password',
-        label: t('auth.users.form.field.password', 'Password'),
-        type: 'text',
-        description: passwordDescription,
-      },
+      { id: 'password', label: t('auth.users.form.field.password', 'Password'), type: 'text' },
     ]
     if (actorIsSuperAdmin) {
       items.push({
@@ -268,7 +251,7 @@ export default function EditUserPage({ params }: { params?: { id?: string } }) {
     })
     items.push({ id: 'roles', label: t('auth.users.form.field.roles', 'Roles'), type: 'tags', loadOptions: loadRoleOptions })
     return items
-  }, [actorIsSuperAdmin, loadRoleOptions, passwordDescription, preloadedTenants, selectedOrgId, selectedTenantId, t])
+  }, [actorIsSuperAdmin, loadRoleOptions, preloadedTenants, selectedOrgId, selectedTenantId, t])
 
   const detailFieldIds = React.useMemo(() => {
     const base: string[] = ['email', 'password', 'organizationId', 'roles']
@@ -309,7 +292,6 @@ export default function EditUserPage({ params }: { params?: { id?: string } }) {
             targetId={String(id)}
             tenantId={selectedTenantId ?? null}
             organizationId={initialUser?.organizationId ?? null}
-            ref={widgetEditorRef}
           />
         ) : null
       ),
@@ -372,7 +354,6 @@ export default function EditUserPage({ params }: { params?: { id?: string } }) {
             await updateCrud('auth/users/acl', { userId: id, ...aclData }, {
               errorMessage: t('auth.users.form.errors.aclUpdate', 'Failed to update user access control'),
             })
-            await widgetEditorRef.current?.save()
             try { window.dispatchEvent(new Event('om:refresh-sidebar')) } catch {}
           }}
           onDelete={async () => {

package/src/modules/auth/backend/users/create/page.tsx

@@ -11,7 +11,6 @@ import { TenantSelect } from '@open-mercato/core/modules/directory/components/Te
 import { fetchRoleOptions } from '@open-mercato/core/modules/auth/backend/users/roleOptions'
 import { Spinner } from '@open-mercato/ui/primitives/spinner'
 import { useT } from '@open-mercato/shared/lib/i18n/context'
-import { formatPasswordRequirements, getPasswordPolicy } from '@open-mercato/shared/lib/auth/passwordPolicy'
 
 type CreateUserFormValues = {
   email: string
@@ -85,16 +84,6 @@ export default function CreateUserPage() {
   const [selectedWidgets, setSelectedWidgets] = React.useState<string[]>([])
   const [selectedTenantId, setSelectedTenantId] = React.useState<string | null>(null)
   const [actorIsSuperAdmin, setActorIsSuperAdmin] = React.useState(false)
-  const passwordPolicy = React.useMemo(() => getPasswordPolicy(), [])
-  const passwordRequirements = React.useMemo(
-    () => formatPasswordRequirements(passwordPolicy, t),
-    [passwordPolicy, t],
-  )
-  const passwordDescription = React.useMemo(() => (
-    passwordRequirements
-      ? t('auth.password.requirements.help', 'Password requirements: {requirements}', { requirements: passwordRequirements })
-      : undefined
-  ), [passwordRequirements, t])
 
   React.useEffect(() => {
     let cancelled = false
@@ -167,13 +156,7 @@ export default function CreateUserPage() {
   const fields: CrudField[] = React.useMemo(() => {
     const items: CrudField[] = [
       { id: 'email', label: t('auth.users.form.field.email', 'Email'), type: 'text', required: true },
-      {
-        id: 'password',
-        label: t('auth.users.form.field.password', 'Password'),
-        type: 'text',
-        required: true,
-        description: passwordDescription,
-      },
+      { id: 'password', label: t('auth.users.form.field.password', 'Password'), type: 'text', required: true },
     ]
     if (actorIsSuperAdmin) {
       items.push({
@@ -220,7 +203,7 @@ export default function CreateUserPage() {
     })
     items.push({ id: 'roles', label: t('auth.users.form.field.roles', 'Roles'), type: 'tags', loadOptions: loadRoleOptions })
     return items
-  }, [actorIsSuperAdmin, loadRoleOptions, passwordDescription, selectedTenantId, t])
+  }, [actorIsSuperAdmin, loadRoleOptions, selectedTenantId, t])
 
   const detailFieldIds = React.useMemo(() => {
     const base: string[] = ['email', 'password', 'organizationId', 'roles']

package/src/modules/auth/backend/users/page.tsx

@@ -383,9 +383,9 @@ export default function UsersListPage() {
           perspective={{ tableId: 'auth.users.list' }}
           rowActions={(row) => (
             <RowActions items={[
-              { id: 'edit', label: t('common.edit', 'Edit'), href: `/backend/users/${row.id}/edit` },
-              { id: 'show-roles', label: t('auth.users.list.actions.showRoles', 'Show roles'), href: `/backend/roles?userId=${encodeURIComponent(row.id)}` },
-              { id: 'delete', label: t('common.delete', 'Delete'), destructive: true, onSelect: () => { void handleDelete(row) } },
+              { label: t('common.edit', 'Edit'), href: `/backend/users/${row.id}/edit` },
+              { label: t('auth.users.list.actions.showRoles', 'Show roles'), href: `/backend/roles?userId=${encodeURIComponent(row.id)}` },
+              { label: t('common.delete', 'Delete'), destructive: true, onSelect: () => { void handleDelete(row) } },
             ]} />
           )}
           pagination={{ page, pageSize: 50, total, totalPages, onPageChange: setPage }}

package/src/modules/auth/cli.ts

@@ -16,8 +16,6 @@ import { decryptWithAesGcm } from '@open-mercato/shared/lib/encryption/aes'
 import { env } from 'process'
 import type { KmsService, TenantDek } from '@open-mercato/shared/lib/encryption/kms'
 import crypto from 'node:crypto'
-import { formatPasswordRequirements, getPasswordPolicy, validatePassword } from '@open-mercato/shared/lib/auth/passwordPolicy'
-import { parseBooleanToken } from '@open-mercato/shared/lib/boolean'
 
 const addUser: ModuleCli = {
   command: 'add-user',
@@ -36,7 +34,6 @@ const addUser: ModuleCli = {
       console.error('Usage: mercato auth add-user --email <email> --password <password> --organizationId <id> [--roles customer,employee]')
       return
     }
-    if (!ensurePasswordPolicy(password)) return
     const { resolve } = await createRequestContainer()
     const em = resolve('em') as any
     const org =
@@ -105,16 +102,6 @@ function hashSecret(value: string | null | undefined): string | null {
   return crypto.createHash('sha256').update(normalizeKeyInput(value)).digest('hex').slice(0, 12)
 }
 
-function ensurePasswordPolicy(password: string): boolean {
-  const policy = getPasswordPolicy()
-  const result = validatePassword(password, policy)
-  if (result.ok) return true
-  const requirements = formatPasswordRequirements(policy, (_key, fallback) => fallback)
-  const suffix = requirements ? `: ${requirements}` : ''
-  console.error(`Password does not meet the requirements${suffix}.`)
-  return false
-}
-
 async function withEncryptionDebugDisabled<T>(fn: () => Promise<T>): Promise<T> {
   const previous = process.env.TENANT_DATA_ENCRYPTION_DEBUG
   process.env.TENANT_DATA_ENCRYPTION_DEBUG = 'no'
@@ -405,33 +392,20 @@ const addOrganization: ModuleCli = {
 const setupApp: ModuleCli = {
   command: 'setup',
   async run(rest) {
-    const args = parseArgs(rest)
-    const orgName = typeof args.orgName === 'string'
-      ? args.orgName
-      : typeof args.name === 'string'
-        ? args.name
-        : undefined
-    const email = typeof args.email === 'string' ? args.email : undefined
-    const password = typeof args.password === 'string' ? args.password : undefined
-    const rolesCsv = typeof args.roles === 'string'
-      ? args.roles.trim()
-      : 'superadmin,admin,employee'
-    const skipPasswordPolicyRaw =
-      args['skip-password-policy'] ??
-      args.skipPasswordPolicy ??
-      args['allow-weak-password'] ??
-      args.allowWeakPassword
-    const skipPasswordPolicy = typeof skipPasswordPolicyRaw === 'boolean'
-      ? skipPasswordPolicyRaw
-      : parseBooleanToken(typeof skipPasswordPolicyRaw === 'string' ? skipPasswordPolicyRaw : null) ?? false
+    const args: Record<string, string> = {}
+    for (let i = 0; i < rest.length; i += 2) {
+      const k = rest[i]?.replace(/^--/, '')
+      const v = rest[i + 1]
+      if (k) args[k] = v
+    }
+    const orgName = args.orgName || args.name
+    const email = args.email
+    const password = args.password
+    const rolesCsv = (args.roles ?? 'superadmin,admin,employee').trim()
     if (!orgName || !email || !password) {
-      console.error('Usage: mercato auth setup --orgName <name> --email <email> --password <password> [--roles superadmin,admin,employee] [--skip-password-policy]')
+      console.error('Usage: mercato auth setup --orgName <name> --email <email> --password <password> [--roles superadmin,admin,employee]')
       return
     }
-    if (!skipPasswordPolicy && !ensurePasswordPolicy(password)) return
-    if (skipPasswordPolicy) {
-      console.warn('⚠️  Password policy validation skipped for setup.')
-    }
     const { resolve } = await createRequestContainer()
     const em = resolve<EntityManager>('em')
     const roleNames = rolesCsv
@@ -621,7 +595,6 @@ const setPassword: ModuleCli = {
       console.error('Usage: mercato auth set-password --email <email> --password <newPassword>')
       return
     }
-    if (!ensurePasswordPolicy(password)) return
     
     const { resolve } = await createRequestContainer()
     const em = resolve('em') as any

package/src/modules/auth/commands/users.ts

@@ -27,10 +27,6 @@ import {
 import { normalizeTenantId } from '@open-mercato/core/modules/auth/lib/tenantAccess'
 import { computeEmailHash } from '@open-mercato/core/modules/auth/lib/emailHash'
 import { findOneWithDecryption, findWithDecryption } from '@open-mercato/shared/lib/encryption/find'
-import { buildNotificationFromType } from '@open-mercato/core/modules/notifications/lib/notificationBuilder'
-import { resolveNotificationService } from '@open-mercato/core/modules/notifications/lib/notificationService'
-import notificationTypes from '@open-mercato/core/modules/auth/notifications'
-import { buildPasswordSchema } from '@open-mercato/shared/lib/auth/passwordPolicy'
 
 type SerializedUser = {
   email: string
@@ -67,11 +63,9 @@ type UserSnapshots = {
   undo: UserUndoSnapshot
 }
 
-const passwordSchema = buildPasswordSchema()
-
 const createSchema = z.object({
   email: z.string().email(),
-  password: passwordSchema,
+  password: z.string().min(6),
   organizationId: z.string().uuid(),
   roles: z.array(z.string()).optional(),
 })
@@ -79,7 +73,7 @@ const createSchema = z.object({
 const updateSchema = z.object({
   id: z.string().uuid(),
   email: z.string().email().optional(),
-  password: passwordSchema.optional(),
+  password: z.string().min(6).optional(),
   organizationId: z.string().uuid().optional(),
   roles: z.array(z.string()).optional(),
 })
@@ -111,46 +105,6 @@ export const userCrudIndexer: CrudIndexerConfig = {
   }),
 }
 
-async function notifyRoleChanges(
-  ctx: CommandRuntimeContext,
-  user: User,
-  assignedRoles: string[],
-  revokedRoles: string[],
-): Promise<void> {
-  const tenantId = user.tenantId ? String(user.tenantId) : null
-  if (!tenantId) return
-  const organizationId = user.organizationId ? String(user.organizationId) : null
-
-  try {
-    const notificationService = resolveNotificationService(ctx.container)
-    if (assignedRoles.length) {
-      const assignedType = notificationTypes.find((type) => type.type === 'auth.role.assigned')
-      if (assignedType) {
-        const notificationInput = buildNotificationFromType(assignedType, {
-          recipientUserId: String(user.id),
-          sourceEntityType: 'auth:user',
-          sourceEntityId: String(user.id),
-        })
-        await notificationService.create(notificationInput, { tenantId, organizationId })
-      }
-    }
-
-    if (revokedRoles.length) {
-      const revokedType = notificationTypes.find((type) => type.type === 'auth.role.revoked')
-      if (revokedType) {
-        const notificationInput = buildNotificationFromType(revokedType, {
-          recipientUserId: String(user.id),
-          sourceEntityType: 'auth:user',
-          sourceEntityId: String(user.id),
-        })
-        await notificationService.create(notificationInput, { tenantId, organizationId })
-      }
-    }
-  } catch (err) {
-    console.error('[auth.users.roles] Failed to create notification:', err)
-  }
-}
-
 const createUserCommand: CommandHandler<Record<string, unknown>, User> = {
   id: 'auth.users.create',
   async execute(rawInput, ctx) {
@@ -193,10 +147,8 @@ const createUserCommand: CommandHandler<Record<string, unknown>, User> = {
       throw error
     }
 
-    let assignedRoles: string[] = []
     if (Array.isArray(parsed.roles) && parsed.roles.length) {
       await syncUserRoles(em, user, parsed.roles, tenantId)
-      assignedRoles = await loadUserRoleNames(em, String(user.id))
     }
 
     await setCustomFieldsIfAny({
@@ -221,10 +173,6 @@ const createUserCommand: CommandHandler<Record<string, unknown>, User> = {
       indexer: userCrudIndexer,
     })
 
-    if (assignedRoles.length) {
-      await notifyRoleChanges(ctx, user, assignedRoles, [])
-    }
-
     return user
   },
   captureAfter: async (_input, result, ctx) => {
@@ -340,9 +288,6 @@ const updateUserCommand: CommandHandler<Record<string, unknown>, User> = {
   async execute(rawInput, ctx) {
     const { parsed, custom } = parseWithCustomFields(updateSchema, rawInput)
     const em = (ctx.container.resolve('em') as EntityManager)
-    const rolesBefore = Array.isArray(parsed.roles)
-      ? await loadUserRoleNames(em, parsed.id)
-      : null
 
     if (parsed.email !== undefined) {
       const emailHash = computeEmailHash(parsed.email)
@@ -432,14 +377,6 @@ const updateUserCommand: CommandHandler<Record<string, unknown>, User> = {
       indexer: userCrudIndexer,
     })
 
-    if (Array.isArray(parsed.roles) && rolesBefore) {
-      const rolesAfter = await loadUserRoleNames(em, String(user.id))
-      const { assigned, revoked } = diffRoleChanges(rolesBefore, rolesAfter)
-      if (assigned.length || revoked.length) {
-        await notifyRoleChanges(ctx, user, assigned, revoked)
-      }
-    }
-
     await invalidateUserCache(ctx, parsed.id)
 
     return user
@@ -835,14 +772,6 @@ async function invalidateUserCache(ctx: CommandRuntimeContext, userId: string) {
   }
 }
 
-function diffRoleChanges(before: string[], after: string[]) {
-  const beforeSet = new Set(before)
-  const afterSet = new Set(after)
-  const assigned = after.filter((role) => !beforeSet.has(role))
-  const revoked = before.filter((role) => !afterSet.has(role))
-  return { assigned, revoked }
-}
-
 function arrayEquals(left: string[] | undefined, right: string[]): boolean {
   if (!left) return false
   if (left.length !== right.length) return false

package/src/modules/auth/data/validators.ts

@@ -1,14 +1,10 @@
 import { z } from 'zod'
-import { buildPasswordSchema } from '@open-mercato/shared/lib/auth/passwordPolicy'
-
-const passwordSchema = buildPasswordSchema()
 
 // Core auth validators
 export const userLoginSchema = z.object({
   email: z.string().email(),
   password: z.string().min(6),
   requireRole: z.string().optional(),
-  tenantId: z.string().uuid().optional(),
 })
 
 export const requestPasswordResetSchema = z.object({
@@ -17,7 +13,7 @@ export const requestPasswordResetSchema = z.object({
 
 export const confirmPasswordResetSchema = z.object({
   token: z.string().min(10),
-  password: passwordSchema,
+  password: z.string().min(6),
 })
 
 export const sidebarPreferencesInputSchema = z.object({
@@ -33,7 +29,7 @@ export const sidebarPreferencesInputSchema = z.object({
 // Optional helpers for CLI or admin forms
 export const userCreateSchema = z.object({
   email: z.string().email(),
-  password: passwordSchema,
+  password: z.string().min(6),
   tenantId: z.string().uuid().optional(),
   organizationId: z.string().uuid(),
   rolesCsv: z.string().optional(),

package/src/modules/auth/frontend/login.tsx

@@ -1,40 +1,14 @@
 "use client"
-import { useCallback, useEffect, useState } from 'react'
+import { useState } from 'react'
 import Image from 'next/image'
 import Link from 'next/link'
 import { useRouter, useSearchParams } from 'next/navigation'
-import { Card, CardContent, CardHeader, CardDescription } from '@open-mercato/ui/primitives/card'
+import { Card, CardContent, CardHeader, CardTitle, CardDescription } from '@open-mercato/ui/primitives/card'
 import { Input } from '@open-mercato/ui/primitives/input'
 import { Label } from '@open-mercato/ui/primitives/label'
-import { Button } from '@open-mercato/ui/primitives/button'
 import { useT } from '@open-mercato/shared/lib/i18n/context'
 import { translateWithFallback } from '@open-mercato/shared/lib/i18n/translate'
 import { clearAllOperations } from '@open-mercato/ui/backend/operations/store'
-import { apiCall } from '@open-mercato/ui/backend/utils/apiCall'
-import { X } from 'lucide-react'
-
-const loginTenantKey = 'om_login_tenant'
-const loginTenantCookieMaxAge = 60 * 60 * 24 * 14
-
-function readTenantCookie() {
-  if (typeof document === 'undefined') return null
-  const entries = document.cookie.split(';')
-  for (const entry of entries) {
-    const [name, ...rest] = entry.trim().split('=')
-    if (name === loginTenantKey) return decodeURIComponent(rest.join('='))
-  }
-  return null
-}
-
-function setTenantCookie(value: string) {
-  if (typeof document === 'undefined') return
-  document.cookie = `${loginTenantKey}=${encodeURIComponent(value)}; path=/; max-age=${loginTenantCookieMaxAge}; samesite=lax`
-}
-
-function clearTenantCookie() {
-  if (typeof document === 'undefined') return
-  document.cookie = `${loginTenantKey}=; path=/; max-age=0; samesite=lax`
-}
 
 function extractErrorMessage(payload: unknown): string | null {
   if (!payload) return null
@@ -70,11 +44,8 @@ function looksLikeJsonString(value: string): boolean {
 
 export default function LoginPage() {
   const t = useT()
-  const translate = useCallback(
-    (key: string, fallback: string, params?: Record<string, string | number>) =>
-      translateWithFallback(t, key, fallback, params),
-    [t],
-  )
+  const translate = (key: string, fallback: string, params?: Record<string, string | number>) =>
+    translateWithFallback(t, key, fallback, params)
   const router = useRouter()
   const searchParams = useSearchParams()
   const requireRole = (searchParams.get('requireRole') || searchParams.get('role') || '').trim()
@@ -85,80 +56,6 @@ export default function LoginPage() {
   const translatedFeatures = requiredFeatures.map((feature) => translate(`features.${feature}`, feature))
   const [error, setError] = useState<string | null>(null)
   const [submitting, setSubmitting] = useState(false)
-  const [tenantId, setTenantId] = useState<string | null>(null)
-  const [tenantName, setTenantName] = useState<string | null>(null)
-  const [tenantLoading, setTenantLoading] = useState(false)
-  const [tenantInvalid, setTenantInvalid] = useState<string | null>(null)
-  const showTenantInvalid = tenantId != null && tenantInvalid === tenantId
-
-  useEffect(() => {
-    const tenantParam = (searchParams.get('tenant') || '').trim()
-    if (tenantParam) {
-      setTenantId(tenantParam)
-      window.localStorage.setItem(loginTenantKey, tenantParam)
-      setTenantCookie(tenantParam)
-      return
-    }
-    const storedTenant = window.localStorage.getItem(loginTenantKey) || readTenantCookie()
-    if (storedTenant) {
-      setTenantId(storedTenant)
-    }
-  }, [searchParams])
-
-  useEffect(() => {
-    if (!tenantId) {
-      setTenantName(null)
-      setTenantInvalid(null)
-      return
-    }
-    if (tenantInvalid === tenantId) {
-      setTenantName(null)
-      setTenantLoading(false)
-      return
-    }
-    let active = true
-    setTenantLoading(true)
-    setTenantInvalid(null)
-    apiCall<{ ok: boolean; tenant?: { id: string; name: string }; error?: string }>(
-      `/api/directory/tenants/lookup?tenantId=${encodeURIComponent(tenantId)}`,
-    )
-      .then(({ result }) => {
-        if (!active) return
-        if (result?.ok && result.tenant) {
-          setTenantName(result.tenant.name)
-          return
-        }
-        const message = translate('auth.login.errors.tenantInvalid', 'Tenant not found. Clear the tenant selection and try again.')
-        setTenantName(null)
-        setTenantInvalid(tenantId)
-        setError(null)
-      })
-      .catch(() => {
-        if (!active) return
-        setTenantName(null)
-        setTenantInvalid(tenantId)
-        setError(null)
-      })
-      .finally(() => {
-        if (active) setTenantLoading(false)
-      })
-    return () => {
-      active = false
-    }
-  }, [tenantId, translate])
-
-  function handleClearTenant() {
-    window.localStorage.removeItem(loginTenantKey)
-    clearTenantCookie()
-    setTenantId(null)
-    setTenantName(null)
-    setTenantInvalid(null)
-    const params = new URLSearchParams(searchParams)
-    params.delete('tenant')
-    setError(null)
-    const query = params.toString()
-    router.replace(query ? `/login?${query}` : '/login')
-  }
 
   async function onSubmit(e: React.FormEvent<HTMLFormElement>) {
     e.preventDefault()
@@ -244,9 +141,6 @@ export default function LoginPage() {
         </CardHeader>
         <CardContent>
           <form className="grid gap-3" onSubmit={onSubmit} noValidate>
-            {tenantId ? (
-              <input type="hidden" name="tenantId" value={tenantId} />
-            ) : null}
             {!!translatedRoles.length && (
               <div className="rounded-md border border-blue-200 bg-blue-50 px-3 py-2 text-center text-xs text-blue-900">
                 {translate(
@@ -265,30 +159,7 @@ export default function LoginPage() {
                 })}
               </div>
             )}
-            {showTenantInvalid ? (
-              <div className="rounded-md border border-red-200 bg-red-50 px-3 py-2 text-center text-xs text-red-700">
-                <div className="font-medium">{translate('auth.login.errors.tenantInvalid', 'Tenant not found. Clear the tenant selection and try again.')}</div>
-                <Button type="button" variant="outline" size="sm" className="mt-2 border-red-300 text-red-700" onClick={handleClearTenant}>
-                  <X className="mr-2 size-4" aria-hidden="true" />
-                  {translate('auth.login.tenantClear', 'Clear')}
-                </Button>
-              </div>
-            ) : tenantId ? (
-              <div className="rounded-md border border-emerald-200 bg-emerald-50 px-3 py-2 text-center text-xs text-emerald-900">
-                <div className="font-medium">
-                  {tenantLoading
-                    ? translate('auth.login.tenantLoading', 'Loading tenant details...')
-                    : translate('auth.login.tenantBanner', "You're logging in to {tenant} tenant.", {
-                        tenant: tenantName || tenantId,
-                      })}
-                </div>
-                <Button type="button" variant="outline" size="sm" className="mt-2 border-emerald-300 text-emerald-900" onClick={handleClearTenant}>
-                  <X className="mr-2 size-4" aria-hidden="true" />
-                  {translate('auth.login.tenantClear', 'Clear')}
-                </Button>
-              </div>
-            ) : null}
-            {error && !showTenantInvalid && (
+            {error && (
               <div className="rounded-md border border-red-200 bg-red-50 px-3 py-2 text-center text-sm text-red-700" role="alert" aria-live="polite">
                 {error}
               </div>

package/src/modules/auth/frontend/reset/[token]/page.tsx

@@ -4,20 +4,11 @@ import { Input } from '@open-mercato/ui/primitives/input'
 import { Label } from '@open-mercato/ui/primitives/label'
 import { useState } from 'react'
 import { useRouter } from 'next/navigation'
-import { apiCall } from '@open-mercato/ui/backend/utils/apiCall'
-import { useT } from '@open-mercato/shared/lib/i18n/context'
-import { formatPasswordRequirements, getPasswordPolicy } from '@open-mercato/shared/lib/auth/passwordPolicy'
 
 export default function ResetWithTokenPage({ params }: { params: { token: string } }) {
   const router = useRouter()
-  const t = useT()
   const [error, setError] = useState<string | null>(null)
   const [submitting, setSubmitting] = useState(false)
-  const passwordPolicy = getPasswordPolicy()
-  const passwordRequirements = formatPasswordRequirements(passwordPolicy, t)
-  const passwordDescription = passwordRequirements
-    ? t('auth.password.requirements.help', 'Password requirements: {requirements}', { requirements: passwordRequirements })
-    : ''
 
   async function onSubmit(e: React.FormEvent<HTMLFormElement>) {
     e.preventDefault()
@@ -26,15 +17,13 @@ export default function ResetWithTokenPage({ params }: { params: { token: string
     try {
       const form = new FormData(e.currentTarget)
       form.set('token', params.token)
-      const { ok, result } = await apiCall<{ ok?: boolean; error?: string; redirect?: string }>(
-        '/api/auth/reset/confirm',
-        { method: 'POST', body: form },
-      )
-      if (!ok || result?.ok === false) {
-        setError(result?.error || t('auth.reset.errors.failed', 'Unable to reset password'))
+      const res = await fetch('/api/auth/reset/confirm', { method: 'POST', body: form })
+      const data = await res.json().catch(() => null)
+      if (!res.ok) {
+        setError(data?.error || 'Unable to reset password')
         return
       }
-      router.replace(result?.redirect || '/login')
+      router.replace(data?.redirect || '/login')
     } finally {
       setSubmitting(false)
     }
@@ -44,21 +33,18 @@ export default function ResetWithTokenPage({ params }: { params: { token: string
     <div className="min-h-svh flex items-center justify-center p-4">
       <Card className="w-full max-w-sm">
         <CardHeader>
-          <CardTitle>{t('auth.reset.title', 'Set a new password')}</CardTitle>
-          <CardDescription>{t('auth.reset.subtitle', 'Choose a strong password for your account.')}</CardDescription>
+          <CardTitle>Set a new password</CardTitle>
+          <CardDescription>Choose a strong password for your account.</CardDescription>
         </CardHeader>
         <CardContent>
           <form className="grid gap-3" onSubmit={onSubmit}>
             {error && <div className="text-sm text-red-600">{error}</div>}
             <div className="grid gap-1">
-              <Label htmlFor="password">{t('auth.reset.form.password', 'New password')}</Label>
-              <Input id="password" name="password" type="password" required minLength={passwordPolicy.minLength} />
-              {passwordDescription ? (
-                <p className="text-xs text-muted-foreground">{passwordDescription}</p>
-              ) : null}
+              <Label htmlFor="password">New password</Label>
+              <Input id="password" name="password" type="password" required minLength={6} />
             </div>
             <button disabled={submitting} className="h-10 rounded-md bg-foreground text-background mt-2 hover:opacity-90 transition disabled:opacity-60">
-              {submitting ? t('auth.reset.form.loading', '...') : t('auth.reset.form.submit', 'Update password')}
+              {submitting ? '...' : 'Update password'}
             </button>
           </form>
         </CardContent>
@@ -66,3 +52,4 @@ export default function ResetWithTokenPage({ params }: { params: { token: string
     </div>
   )
 }
+