@open-mercato/core 0.4.8-develop-409bb4a065 → 0.4.8-develop-d16e2f51dc
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/modules/auth/api/reset.js +4 -1
- package/dist/modules/auth/api/reset.js.map +2 -2
- package/dist/modules/auth/frontend/reset.js +8 -1
- package/dist/modules/auth/frontend/reset.js.map +2 -2
- package/package.json +3 -3
- package/src/modules/auth/api/reset.ts +4 -1
- package/src/modules/auth/frontend/reset.tsx +8 -1
- package/src/modules/auth/i18n/de.json +1 -0
- package/src/modules/auth/i18n/en.json +1 -0
- package/src/modules/auth/i18n/es.json +1 -0
- package/src/modules/auth/i18n/pl.json +1 -0
|
@@ -34,7 +34,10 @@ async function POST(req) {
|
|
|
34
34
|
});
|
|
35
35
|
if (rateLimitError) return rateLimitError;
|
|
36
36
|
const parsed = requestPasswordResetSchema.safeParse({ email });
|
|
37
|
-
if (!parsed.success)
|
|
37
|
+
if (!parsed.success) {
|
|
38
|
+
const fieldErrors = parsed.error.flatten().fieldErrors;
|
|
39
|
+
return NextResponse.json({ error: "Validation failed", fieldErrors }, { status: 422 });
|
|
40
|
+
}
|
|
38
41
|
const c = await createRequestContainer();
|
|
39
42
|
const auth = c.resolve("authService");
|
|
40
43
|
const resReq = await auth.requestPasswordReset(parsed.data.email);
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../../../../src/modules/auth/api/reset.ts"],
|
|
4
|
-
"sourcesContent": ["import { requestPasswordResetSchema } from '@open-mercato/core/modules/auth/data/validators'\nimport { NextResponse } from 'next/server'\nimport type { OpenApiRouteDoc } from '@open-mercato/shared/lib/openapi'\nimport { createRequestContainer } from '@open-mercato/shared/lib/di/container'\nimport { AuthService } from '@open-mercato/core/modules/auth/services/authService'\nimport { sendEmail } from '@open-mercato/shared/lib/email/send'\nimport ResetPasswordEmail from '@open-mercato/core/modules/auth/emails/ResetPasswordEmail'\nimport { resolveTranslations } from '@open-mercato/shared/lib/i18n/server'\nimport { buildNotificationFromType } from '@open-mercato/core/modules/notifications/lib/notificationBuilder'\nimport { resolveNotificationService } from '@open-mercato/core/modules/notifications/lib/notificationService'\nimport notificationTypes from '@open-mercato/core/modules/auth/notifications'\nimport { z } from 'zod'\nimport { rateLimitErrorSchema } from '@open-mercato/shared/lib/ratelimit/helpers'\nimport { readEndpointRateLimitConfig } from '@open-mercato/shared/lib/ratelimit/config'\nimport { checkAuthRateLimit } from '@open-mercato/core/modules/auth/lib/rateLimitCheck'\n\nconst resetRateLimitConfig = readEndpointRateLimitConfig('RESET', {\n points: 3, duration: 60, blockDuration: 60, keyPrefix: 'reset',\n})\nconst resetIpRateLimitConfig = readEndpointRateLimitConfig('RESET_IP', {\n points: 10, duration: 60, blockDuration: 60, keyPrefix: 'reset-ip',\n})\n\n// validation via requestPasswordResetSchema\n\nexport async function POST(req: Request) {\n const form = await req.formData()\n const email = String(form.get('email') ?? '')\n // Rate limit \u2014 two layers, both checked before validation and DB work\n const { error: rateLimitError } = await checkAuthRateLimit({\n req, ipConfig: resetIpRateLimitConfig, compoundConfig: resetRateLimitConfig, compoundIdentifier: email,\n })\n if (rateLimitError) return rateLimitError\n const parsed = requestPasswordResetSchema.safeParse({ email })\n if (!parsed.success) return NextResponse.json({
|
|
5
|
-
"mappings": "AAAA,SAAS,kCAAkC;AAC3C,SAAS,oBAAoB;AAE7B,SAAS,8BAA8B;AAEvC,SAAS,iBAAiB;AAC1B,OAAO,wBAAwB;AAC/B,SAAS,2BAA2B;AACpC,SAAS,iCAAiC;AAC1C,SAAS,kCAAkC;AAC3C,OAAO,uBAAuB;AAC9B,SAAS,SAAS;AAClB,SAAS,4BAA4B;AACrC,SAAS,mCAAmC;AAC5C,SAAS,0BAA0B;AAEnC,MAAM,uBAAuB,4BAA4B,SAAS;AAAA,EAChE,QAAQ;AAAA,EAAG,UAAU;AAAA,EAAI,eAAe;AAAA,EAAI,WAAW;AACzD,CAAC;AACD,MAAM,yBAAyB,4BAA4B,YAAY;AAAA,EACrE,QAAQ;AAAA,EAAI,UAAU;AAAA,EAAI,eAAe;AAAA,EAAI,WAAW;AAC1D,CAAC;AAID,eAAsB,KAAK,KAAc;AACvC,QAAM,OAAO,MAAM,IAAI,SAAS;AAChC,QAAM,QAAQ,OAAO,KAAK,IAAI,OAAO,KAAK,EAAE;AAE5C,QAAM,EAAE,OAAO,eAAe,IAAI,MAAM,mBAAmB;AAAA,IACzD;AAAA,IAAK,UAAU;AAAA,IAAwB,gBAAgB;AAAA,IAAsB,oBAAoB;AAAA,EACnG,CAAC;AACD,MAAI,eAAgB,QAAO;AAC3B,QAAM,SAAS,2BAA2B,UAAU,EAAE,MAAM,CAAC;AAC7D,MAAI,CAAC,OAAO,
|
|
4
|
+
"sourcesContent": ["import { requestPasswordResetSchema } from '@open-mercato/core/modules/auth/data/validators'\nimport { NextResponse } from 'next/server'\nimport type { OpenApiRouteDoc } from '@open-mercato/shared/lib/openapi'\nimport { createRequestContainer } from '@open-mercato/shared/lib/di/container'\nimport { AuthService } from '@open-mercato/core/modules/auth/services/authService'\nimport { sendEmail } from '@open-mercato/shared/lib/email/send'\nimport ResetPasswordEmail from '@open-mercato/core/modules/auth/emails/ResetPasswordEmail'\nimport { resolveTranslations } from '@open-mercato/shared/lib/i18n/server'\nimport { buildNotificationFromType } from '@open-mercato/core/modules/notifications/lib/notificationBuilder'\nimport { resolveNotificationService } from '@open-mercato/core/modules/notifications/lib/notificationService'\nimport notificationTypes from '@open-mercato/core/modules/auth/notifications'\nimport { z } from 'zod'\nimport { rateLimitErrorSchema } from '@open-mercato/shared/lib/ratelimit/helpers'\nimport { readEndpointRateLimitConfig } from '@open-mercato/shared/lib/ratelimit/config'\nimport { checkAuthRateLimit } from '@open-mercato/core/modules/auth/lib/rateLimitCheck'\n\nconst resetRateLimitConfig = readEndpointRateLimitConfig('RESET', {\n points: 3, duration: 60, blockDuration: 60, keyPrefix: 'reset',\n})\nconst resetIpRateLimitConfig = readEndpointRateLimitConfig('RESET_IP', {\n points: 10, duration: 60, blockDuration: 60, keyPrefix: 'reset-ip',\n})\n\n// validation via requestPasswordResetSchema\n\nexport async function POST(req: Request) {\n const form = await req.formData()\n const email = String(form.get('email') ?? '')\n // Rate limit \u2014 two layers, both checked before validation and DB work\n const { error: rateLimitError } = await checkAuthRateLimit({\n req, ipConfig: resetIpRateLimitConfig, compoundConfig: resetRateLimitConfig, compoundIdentifier: email,\n })\n if (rateLimitError) return rateLimitError\n const parsed = requestPasswordResetSchema.safeParse({ email })\n if (!parsed.success) {\n const fieldErrors = parsed.error.flatten().fieldErrors\n return NextResponse.json({ error: 'Validation failed', fieldErrors }, { status: 422 })\n }\n const c = await createRequestContainer()\n const auth = c.resolve<AuthService>('authService')\n const resReq = await auth.requestPasswordReset(parsed.data.email)\n if (!resReq) return NextResponse.json({ ok: true })\n const { user, token } = resReq\n const url = new URL(req.url)\n const base = process.env.APP_URL || `${url.protocol}//${url.host}`\n const resetUrl = `${base}/reset/${token}`\n\n const { translate } = await resolveTranslations()\n const subject = translate('auth.email.resetPassword.subject', 'Reset your password')\n const copy = {\n preview: translate('auth.email.resetPassword.preview', 'Reset your password'),\n title: translate('auth.email.resetPassword.title', 'Reset your password'),\n body: translate('auth.email.resetPassword.body', 'Click the link below to set a new password. This link will expire in 60 minutes.'),\n cta: translate('auth.email.resetPassword.cta', 'Set a new password'),\n hint: translate('auth.email.resetPassword.hint', \"If you didn't request this, you can safely ignore this email.\"),\n }\n\n await sendEmail({ to: user.email, subject, react: ResetPasswordEmail({ resetUrl, copy }) })\n try {\n const tenantId = user.tenantId ? String(user.tenantId) : null\n if (tenantId) {\n const notificationService = resolveNotificationService(c)\n const typeDef = notificationTypes.find((type) => type.type === 'auth.password_reset.requested')\n if (typeDef) {\n const notificationInput = buildNotificationFromType(typeDef, {\n recipientUserId: String(user.id),\n sourceEntityType: 'auth:user',\n sourceEntityId: String(user.id),\n })\n await notificationService.create(notificationInput, {\n tenantId,\n organizationId: user.organizationId ? String(user.organizationId) : null,\n })\n }\n }\n } catch (err) {\n console.error('[auth.reset] Failed to create notification:', err)\n }\n return NextResponse.json({ ok: true })\n}\n\nexport const metadata = {}\n\nconst passwordResetRequestSchema = z.object({\n email: z.string().email(),\n})\n\nconst passwordResetResponseSchema = z.object({\n ok: z.literal(true),\n})\n\nexport const openApi: OpenApiRouteDoc = {\n tag: 'Authentication & Accounts',\n summary: 'Request password reset',\n methods: {\n POST: {\n summary: 'Send reset email',\n description: 'Requests a password reset email for the given account. The endpoint always returns `ok: true` to avoid leaking account existence.',\n requestBody: {\n contentType: 'application/x-www-form-urlencoded',\n schema: passwordResetRequestSchema,\n },\n responses: [\n { status: 200, description: 'Reset email dispatched (or ignored for unknown accounts)', schema: passwordResetResponseSchema },\n ],\n errors: [\n { status: 429, description: 'Too many password reset requests', schema: rateLimitErrorSchema },\n ],\n },\n },\n}\n"],
|
|
5
|
+
"mappings": "AAAA,SAAS,kCAAkC;AAC3C,SAAS,oBAAoB;AAE7B,SAAS,8BAA8B;AAEvC,SAAS,iBAAiB;AAC1B,OAAO,wBAAwB;AAC/B,SAAS,2BAA2B;AACpC,SAAS,iCAAiC;AAC1C,SAAS,kCAAkC;AAC3C,OAAO,uBAAuB;AAC9B,SAAS,SAAS;AAClB,SAAS,4BAA4B;AACrC,SAAS,mCAAmC;AAC5C,SAAS,0BAA0B;AAEnC,MAAM,uBAAuB,4BAA4B,SAAS;AAAA,EAChE,QAAQ;AAAA,EAAG,UAAU;AAAA,EAAI,eAAe;AAAA,EAAI,WAAW;AACzD,CAAC;AACD,MAAM,yBAAyB,4BAA4B,YAAY;AAAA,EACrE,QAAQ;AAAA,EAAI,UAAU;AAAA,EAAI,eAAe;AAAA,EAAI,WAAW;AAC1D,CAAC;AAID,eAAsB,KAAK,KAAc;AACvC,QAAM,OAAO,MAAM,IAAI,SAAS;AAChC,QAAM,QAAQ,OAAO,KAAK,IAAI,OAAO,KAAK,EAAE;AAE5C,QAAM,EAAE,OAAO,eAAe,IAAI,MAAM,mBAAmB;AAAA,IACzD;AAAA,IAAK,UAAU;AAAA,IAAwB,gBAAgB;AAAA,IAAsB,oBAAoB;AAAA,EACnG,CAAC;AACD,MAAI,eAAgB,QAAO;AAC3B,QAAM,SAAS,2BAA2B,UAAU,EAAE,MAAM,CAAC;AAC7D,MAAI,CAAC,OAAO,SAAS;AACnB,UAAM,cAAc,OAAO,MAAM,QAAQ,EAAE;AAC3C,WAAO,aAAa,KAAK,EAAE,OAAO,qBAAqB,YAAY,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACvF;AACA,QAAM,IAAI,MAAM,uBAAuB;AACvC,QAAM,OAAO,EAAE,QAAqB,aAAa;AACjD,QAAM,SAAS,MAAM,KAAK,qBAAqB,OAAO,KAAK,KAAK;AAChE,MAAI,CAAC,OAAQ,QAAO,aAAa,KAAK,EAAE,IAAI,KAAK,CAAC;AAClD,QAAM,EAAE,MAAM,MAAM,IAAI;AACxB,QAAM,MAAM,IAAI,IAAI,IAAI,GAAG;AAC3B,QAAM,OAAO,QAAQ,IAAI,WAAW,GAAG,IAAI,QAAQ,KAAK,IAAI,IAAI;AAChE,QAAM,WAAW,GAAG,IAAI,UAAU,KAAK;AAEvC,QAAM,EAAE,UAAU,IAAI,MAAM,oBAAoB;AAChD,QAAM,UAAU,UAAU,oCAAoC,qBAAqB;AACnF,QAAM,OAAO;AAAA,IACX,SAAS,UAAU,oCAAoC,qBAAqB;AAAA,IAC5E,OAAO,UAAU,kCAAkC,qBAAqB;AAAA,IACxE,MAAM,UAAU,iCAAiC,kFAAkF;AAAA,IACnI,KAAK,UAAU,gCAAgC,oBAAoB;AAAA,IACnE,MAAM,UAAU,iCAAiC,+DAA+D;AAAA,EAClH;AAEA,QAAM,UAAU,EAAE,IAAI,KAAK,OAAO,SAAS,OAAO,mBAAmB,EAAE,UAAU,KAAK,CAAC,EAAE,CAAC;AAC1F,MAAI;AACF,UAAM,WAAW,KAAK,WAAW,OAAO,KAAK,QAAQ,IAAI;AACzD,QAAI,UAAU;AACZ,YAAM,sBAAsB,2BAA2B,CAAC;AACxD,YAAM,UAAU,kBAAkB,KAAK,CAAC,SAAS,KAAK,SAAS,+BAA+B;AAC9F,UAAI,SAAS;AACX,cAAM,oBAAoB,0BAA0B,SAAS;AAAA,UAC3D,iBAAiB,OAAO,KAAK,EAAE;AAAA,UAC/B,kBAAkB;AAAA,UAClB,gBAAgB,OAAO,KAAK,EAAE;AAAA,QAChC,CAAC;AACD,cAAM,oBAAoB,OAAO,mBAAmB;AAAA,UAClD;AAAA,UACA,gBAAgB,KAAK,iBAAiB,OAAO,KAAK,cAAc,IAAI;AAAA,QACtE,CAAC;AAAA,MACH;AAAA,IACF;AAAA,EACF,SAAS,KAAK;AACZ,YAAQ,MAAM,+CAA+C,GAAG;AAAA,EAClE;AACA,SAAO,aAAa,KAAK,EAAE,IAAI,KAAK,CAAC;AACvC;AAEO,MAAM,WAAW,CAAC;AAEzB,MAAM,6BAA6B,EAAE,OAAO;AAAA,EAC1C,OAAO,EAAE,OAAO,EAAE,MAAM;AAC1B,CAAC;AAED,MAAM,8BAA8B,EAAE,OAAO;AAAA,EAC3C,IAAI,EAAE,QAAQ,IAAI;AACpB,CAAC;AAEM,MAAM,UAA2B;AAAA,EACtC,KAAK;AAAA,EACL,SAAS;AAAA,EACT,SAAS;AAAA,IACP,MAAM;AAAA,MACJ,SAAS;AAAA,MACT,aAAa;AAAA,MACb,aAAa;AAAA,QACX,aAAa;AAAA,QACb,QAAQ;AAAA,MACV;AAAA,MACA,WAAW;AAAA,QACT,EAAE,QAAQ,KAAK,aAAa,4DAA4D,QAAQ,4BAA4B;AAAA,MAC9H;AAAA,MACA,QAAQ;AAAA,QACN,EAAE,QAAQ,KAAK,aAAa,oCAAoC,QAAQ,qBAAqB;AAAA,MAC/F;AAAA,IACF;AAAA,EACF;AACF;",
|
|
6
6
|
"names": []
|
|
7
7
|
}
|
|
@@ -11,15 +11,21 @@ function ResetPage() {
|
|
|
11
11
|
const [sent, setSent] = useState(false);
|
|
12
12
|
const [submitting, setSubmitting] = useState(false);
|
|
13
13
|
const [error, setError] = useState(null);
|
|
14
|
+
const [fieldError, setFieldError] = useState(null);
|
|
14
15
|
async function onSubmit(e) {
|
|
15
16
|
e.preventDefault();
|
|
16
17
|
setError(null);
|
|
18
|
+
setFieldError(null);
|
|
17
19
|
setSubmitting(true);
|
|
18
20
|
try {
|
|
19
21
|
const form = new FormData(e.currentTarget);
|
|
20
22
|
const res = await fetch("/api/auth/reset", { method: "POST", body: form });
|
|
21
23
|
if (!res.ok) {
|
|
22
24
|
const data = await res.json().catch(() => null);
|
|
25
|
+
if (data?.fieldErrors?.email?.length) {
|
|
26
|
+
setFieldError(t("auth.reset.errors.emailInvalid", "Please enter a valid email address."));
|
|
27
|
+
return;
|
|
28
|
+
}
|
|
23
29
|
setError(data?.error || t("auth.reset.error", "Something went wrong"));
|
|
24
30
|
return;
|
|
25
31
|
}
|
|
@@ -37,7 +43,8 @@ function ResetPage() {
|
|
|
37
43
|
error && /* @__PURE__ */ jsx("div", { className: "text-sm text-red-600", children: error }),
|
|
38
44
|
/* @__PURE__ */ jsxs("div", { className: "grid gap-1", children: [
|
|
39
45
|
/* @__PURE__ */ jsx(Label, { htmlFor: "email", children: t("auth.email") }),
|
|
40
|
-
/* @__PURE__ */ jsx(Input, { id: "email", name: "email", type: "email", required: true })
|
|
46
|
+
/* @__PURE__ */ jsx(Input, { id: "email", name: "email", type: "email", required: true, "aria-invalid": !!fieldError, "aria-describedby": fieldError ? "email-error" : void 0 }),
|
|
47
|
+
fieldError && /* @__PURE__ */ jsx("p", { id: "email-error", className: "text-sm text-red-600", children: fieldError })
|
|
41
48
|
] }),
|
|
42
49
|
/* @__PURE__ */ jsx(Button, { type: "submit", className: "mt-2 w-full", disabled: submitting, children: submitting ? "..." : t("auth.sendResetLink") })
|
|
43
50
|
] }) })
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../../../../src/modules/auth/frontend/reset.tsx"],
|
|
4
|
-
"sourcesContent": ["\"use client\"\nimport { useState } from 'react'\nimport { Card, CardContent, CardHeader, CardTitle, CardDescription } from '@open-mercato/ui/primitives/card'\nimport { Button } from '@open-mercato/ui/primitives/button'\nimport { Input } from '@open-mercato/ui/primitives/input'\nimport { Label } from '@open-mercato/ui/primitives/label'\nimport { useT } from '@open-mercato/shared/lib/i18n/context'\n\nexport default function ResetPage() {\n const t = useT()\n const [sent, setSent] = useState(false)\n const [submitting, setSubmitting] = useState(false)\n const [error, setError] = useState<string | null>(null)\n\n async function onSubmit(e: React.FormEvent<HTMLFormElement>) {\n e.preventDefault()\n setError(null)\n setSubmitting(true)\n try {\n const form = new FormData(e.currentTarget)\n const res = await fetch('/api/auth/reset', { method: 'POST', body: form })\n if (!res.ok) {\n const data = await res.json().catch(() => null)\n setError(data?.error || t('auth.reset.error', 'Something went wrong'))\n return\n }\n setSent(true)\n } finally {\n setSubmitting(false)\n }\n }\n\n return (\n <div className=\"min-h-svh flex items-center justify-center p-4\">\n <Card className=\"w-full max-w-sm\">\n <CardHeader>\n <CardTitle>{t('auth.resetPassword')}</CardTitle>\n <CardDescription>{t('auth.reset.description', 'Enter your email to receive reset link')}</CardDescription>\n </CardHeader>\n <CardContent>\n {sent ? (\n <div className=\"text-sm text-muted-foreground\">\n {t('auth.reset.sent', 'If an account with that email exists, we sent a reset link. Please check your inbox.')}\n </div>\n ) : (\n <form className=\"grid gap-3\" onSubmit={onSubmit} noValidate>\n {error && <div className=\"text-sm text-red-600\">{error}</div>}\n <div className=\"grid gap-1\">\n <Label htmlFor=\"email\">{t('auth.email')}</Label>\n <Input id=\"email\" name=\"email\" type=\"email\" required />\n </div>\n <Button type=\"submit\" className=\"mt-2 w-full\" disabled={submitting}>\n {submitting ? '...' : t('auth.sendResetLink')}\n </Button>\n </form>\n )}\n </CardContent>\n </Card>\n </div>\n )\n}\n"],
|
|
5
|
-
"mappings": ";
|
|
4
|
+
"sourcesContent": ["\"use client\"\nimport { useState } from 'react'\nimport { Card, CardContent, CardHeader, CardTitle, CardDescription } from '@open-mercato/ui/primitives/card'\nimport { Button } from '@open-mercato/ui/primitives/button'\nimport { Input } from '@open-mercato/ui/primitives/input'\nimport { Label } from '@open-mercato/ui/primitives/label'\nimport { useT } from '@open-mercato/shared/lib/i18n/context'\n\nexport default function ResetPage() {\n const t = useT()\n const [sent, setSent] = useState(false)\n const [submitting, setSubmitting] = useState(false)\n const [error, setError] = useState<string | null>(null)\n const [fieldError, setFieldError] = useState<string | null>(null)\n\n async function onSubmit(e: React.FormEvent<HTMLFormElement>) {\n e.preventDefault()\n setError(null)\n setFieldError(null)\n setSubmitting(true)\n try {\n const form = new FormData(e.currentTarget)\n const res = await fetch('/api/auth/reset', { method: 'POST', body: form })\n if (!res.ok) {\n const data = await res.json().catch(() => null)\n if (data?.fieldErrors?.email?.length) {\n setFieldError(t('auth.reset.errors.emailInvalid', 'Please enter a valid email address.'))\n return\n }\n setError(data?.error || t('auth.reset.error', 'Something went wrong'))\n return\n }\n setSent(true)\n } finally {\n setSubmitting(false)\n }\n }\n\n return (\n <div className=\"min-h-svh flex items-center justify-center p-4\">\n <Card className=\"w-full max-w-sm\">\n <CardHeader>\n <CardTitle>{t('auth.resetPassword')}</CardTitle>\n <CardDescription>{t('auth.reset.description', 'Enter your email to receive reset link')}</CardDescription>\n </CardHeader>\n <CardContent>\n {sent ? (\n <div className=\"text-sm text-muted-foreground\">\n {t('auth.reset.sent', 'If an account with that email exists, we sent a reset link. Please check your inbox.')}\n </div>\n ) : (\n <form className=\"grid gap-3\" onSubmit={onSubmit} noValidate>\n {error && <div className=\"text-sm text-red-600\">{error}</div>}\n <div className=\"grid gap-1\">\n <Label htmlFor=\"email\">{t('auth.email')}</Label>\n <Input id=\"email\" name=\"email\" type=\"email\" required aria-invalid={!!fieldError} aria-describedby={fieldError ? 'email-error' : undefined} />\n {fieldError && <p id=\"email-error\" className=\"text-sm text-red-600\">{fieldError}</p>}\n </div>\n <Button type=\"submit\" className=\"mt-2 w-full\" disabled={submitting}>\n {submitting ? '...' : t('auth.sendResetLink')}\n </Button>\n </form>\n )}\n </CardContent>\n </Card>\n </div>\n )\n}\n"],
|
|
5
|
+
"mappings": ";AAyCQ,SACE,KADF;AAxCR,SAAS,gBAAgB;AACzB,SAAS,MAAM,aAAa,YAAY,WAAW,uBAAuB;AAC1E,SAAS,cAAc;AACvB,SAAS,aAAa;AACtB,SAAS,aAAa;AACtB,SAAS,YAAY;AAEN,SAAR,YAA6B;AAClC,QAAM,IAAI,KAAK;AACf,QAAM,CAAC,MAAM,OAAO,IAAI,SAAS,KAAK;AACtC,QAAM,CAAC,YAAY,aAAa,IAAI,SAAS,KAAK;AAClD,QAAM,CAAC,OAAO,QAAQ,IAAI,SAAwB,IAAI;AACtD,QAAM,CAAC,YAAY,aAAa,IAAI,SAAwB,IAAI;AAEhE,iBAAe,SAAS,GAAqC;AAC3D,MAAE,eAAe;AACjB,aAAS,IAAI;AACb,kBAAc,IAAI;AAClB,kBAAc,IAAI;AAClB,QAAI;AACF,YAAM,OAAO,IAAI,SAAS,EAAE,aAAa;AACzC,YAAM,MAAM,MAAM,MAAM,mBAAmB,EAAE,QAAQ,QAAQ,MAAM,KAAK,CAAC;AACzE,UAAI,CAAC,IAAI,IAAI;AACX,cAAM,OAAO,MAAM,IAAI,KAAK,EAAE,MAAM,MAAM,IAAI;AAC9C,YAAI,MAAM,aAAa,OAAO,QAAQ;AACpC,wBAAc,EAAE,kCAAkC,qCAAqC,CAAC;AACxF;AAAA,QACF;AACA,iBAAS,MAAM,SAAS,EAAE,oBAAoB,sBAAsB,CAAC;AACrE;AAAA,MACF;AACA,cAAQ,IAAI;AAAA,IACd,UAAE;AACA,oBAAc,KAAK;AAAA,IACrB;AAAA,EACF;AAEA,SACE,oBAAC,SAAI,WAAU,kDACb,+BAAC,QAAK,WAAU,mBACd;AAAA,yBAAC,cACC;AAAA,0BAAC,aAAW,YAAE,oBAAoB,GAAE;AAAA,MACpC,oBAAC,mBAAiB,YAAE,0BAA0B,wCAAwC,GAAE;AAAA,OAC1F;AAAA,IACA,oBAAC,eACE,iBACC,oBAAC,SAAI,WAAU,iCACZ,YAAE,mBAAmB,sFAAsF,GAC9G,IAEA,qBAAC,UAAK,WAAU,cAAa,UAAoB,YAAU,MACxD;AAAA,eAAS,oBAAC,SAAI,WAAU,wBAAwB,iBAAM;AAAA,MACvD,qBAAC,SAAI,WAAU,cACb;AAAA,4BAAC,SAAM,SAAQ,SAAS,YAAE,YAAY,GAAE;AAAA,QACxC,oBAAC,SAAM,IAAG,SAAQ,MAAK,SAAQ,MAAK,SAAQ,UAAQ,MAAC,gBAAc,CAAC,CAAC,YAAY,oBAAkB,aAAa,gBAAgB,QAAW;AAAA,QAC1I,cAAc,oBAAC,OAAE,IAAG,eAAc,WAAU,wBAAwB,sBAAW;AAAA,SAClF;AAAA,MACA,oBAAC,UAAO,MAAK,UAAS,WAAU,eAAc,UAAU,YACrD,uBAAa,QAAQ,EAAE,oBAAoB,GAC9C;AAAA,OACF,GAEJ;AAAA,KACF,GACF;AAEJ;",
|
|
6
6
|
"names": []
|
|
7
7
|
}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@open-mercato/core",
|
|
3
|
-
"version": "0.4.8-develop-
|
|
3
|
+
"version": "0.4.8-develop-d16e2f51dc",
|
|
4
4
|
"type": "module",
|
|
5
5
|
"main": "./dist/index.js",
|
|
6
6
|
"scripts": {
|
|
@@ -217,10 +217,10 @@
|
|
|
217
217
|
"semver": "^7.6.3"
|
|
218
218
|
},
|
|
219
219
|
"peerDependencies": {
|
|
220
|
-
"@open-mercato/shared": "0.4.8-develop-
|
|
220
|
+
"@open-mercato/shared": "0.4.8-develop-d16e2f51dc"
|
|
221
221
|
},
|
|
222
222
|
"devDependencies": {
|
|
223
|
-
"@open-mercato/shared": "0.4.8-develop-
|
|
223
|
+
"@open-mercato/shared": "0.4.8-develop-d16e2f51dc",
|
|
224
224
|
"@testing-library/dom": "^10.4.1",
|
|
225
225
|
"@testing-library/jest-dom": "^6.9.1",
|
|
226
226
|
"@testing-library/react": "^16.3.1",
|
|
@@ -32,7 +32,10 @@ export async function POST(req: Request) {
|
|
|
32
32
|
})
|
|
33
33
|
if (rateLimitError) return rateLimitError
|
|
34
34
|
const parsed = requestPasswordResetSchema.safeParse({ email })
|
|
35
|
-
if (!parsed.success)
|
|
35
|
+
if (!parsed.success) {
|
|
36
|
+
const fieldErrors = parsed.error.flatten().fieldErrors
|
|
37
|
+
return NextResponse.json({ error: 'Validation failed', fieldErrors }, { status: 422 })
|
|
38
|
+
}
|
|
36
39
|
const c = await createRequestContainer()
|
|
37
40
|
const auth = c.resolve<AuthService>('authService')
|
|
38
41
|
const resReq = await auth.requestPasswordReset(parsed.data.email)
|
|
@@ -11,16 +11,22 @@ export default function ResetPage() {
|
|
|
11
11
|
const [sent, setSent] = useState(false)
|
|
12
12
|
const [submitting, setSubmitting] = useState(false)
|
|
13
13
|
const [error, setError] = useState<string | null>(null)
|
|
14
|
+
const [fieldError, setFieldError] = useState<string | null>(null)
|
|
14
15
|
|
|
15
16
|
async function onSubmit(e: React.FormEvent<HTMLFormElement>) {
|
|
16
17
|
e.preventDefault()
|
|
17
18
|
setError(null)
|
|
19
|
+
setFieldError(null)
|
|
18
20
|
setSubmitting(true)
|
|
19
21
|
try {
|
|
20
22
|
const form = new FormData(e.currentTarget)
|
|
21
23
|
const res = await fetch('/api/auth/reset', { method: 'POST', body: form })
|
|
22
24
|
if (!res.ok) {
|
|
23
25
|
const data = await res.json().catch(() => null)
|
|
26
|
+
if (data?.fieldErrors?.email?.length) {
|
|
27
|
+
setFieldError(t('auth.reset.errors.emailInvalid', 'Please enter a valid email address.'))
|
|
28
|
+
return
|
|
29
|
+
}
|
|
24
30
|
setError(data?.error || t('auth.reset.error', 'Something went wrong'))
|
|
25
31
|
return
|
|
26
32
|
}
|
|
@@ -47,7 +53,8 @@ export default function ResetPage() {
|
|
|
47
53
|
{error && <div className="text-sm text-red-600">{error}</div>}
|
|
48
54
|
<div className="grid gap-1">
|
|
49
55
|
<Label htmlFor="email">{t('auth.email')}</Label>
|
|
50
|
-
<Input id="email" name="email" type="email" required />
|
|
56
|
+
<Input id="email" name="email" type="email" required aria-invalid={!!fieldError} aria-describedby={fieldError ? 'email-error' : undefined} />
|
|
57
|
+
{fieldError && <p id="email-error" className="text-sm text-red-600">{fieldError}</p>}
|
|
51
58
|
</div>
|
|
52
59
|
<Button type="submit" className="mt-2 w-full" disabled={submitting}>
|
|
53
60
|
{submitting ? '...' : t('auth.sendResetLink')}
|
|
@@ -87,6 +87,7 @@
|
|
|
87
87
|
"auth.profile.title": "Profil",
|
|
88
88
|
"auth.reset.description": "Gib deine E-Mail-Adresse ein, um einen Zurücksetzungslink zu erhalten",
|
|
89
89
|
"auth.reset.error": "Etwas ist schiefgelaufen",
|
|
90
|
+
"auth.reset.errors.emailInvalid": "Bitte gib eine gültige E-Mail-Adresse ein.",
|
|
90
91
|
"auth.reset.errors.failed": "Passwort konnte nicht zurückgesetzt werden",
|
|
91
92
|
"auth.reset.form.loading": "...",
|
|
92
93
|
"auth.reset.form.password": "Neues Passwort",
|
|
@@ -87,6 +87,7 @@
|
|
|
87
87
|
"auth.profile.title": "Profile",
|
|
88
88
|
"auth.reset.description": "Enter your email to receive reset link",
|
|
89
89
|
"auth.reset.error": "Something went wrong",
|
|
90
|
+
"auth.reset.errors.emailInvalid": "Please enter a valid email address.",
|
|
90
91
|
"auth.reset.errors.failed": "Unable to reset password",
|
|
91
92
|
"auth.reset.form.loading": "...",
|
|
92
93
|
"auth.reset.form.password": "New password",
|
|
@@ -87,6 +87,7 @@
|
|
|
87
87
|
"auth.profile.title": "Perfil",
|
|
88
88
|
"auth.reset.description": "Ingresa tu correo para recibir un enlace de restablecimiento",
|
|
89
89
|
"auth.reset.error": "Algo salió mal",
|
|
90
|
+
"auth.reset.errors.emailInvalid": "Ingresa una dirección de correo electrónico válida.",
|
|
90
91
|
"auth.reset.errors.failed": "No se pudo restablecer la contraseña",
|
|
91
92
|
"auth.reset.form.loading": "...",
|
|
92
93
|
"auth.reset.form.password": "Nueva contraseña",
|
|
@@ -87,6 +87,7 @@
|
|
|
87
87
|
"auth.profile.title": "Profil",
|
|
88
88
|
"auth.reset.description": "Podaj swój adres e-mail, aby otrzymać link do resetowania",
|
|
89
89
|
"auth.reset.error": "Coś poszło nie tak",
|
|
90
|
+
"auth.reset.errors.emailInvalid": "Podaj prawidłowy adres e-mail.",
|
|
90
91
|
"auth.reset.errors.failed": "Nie udało się zresetować hasła",
|
|
91
92
|
"auth.reset.form.loading": "...",
|
|
92
93
|
"auth.reset.form.password": "Nowe hasło",
|