@salesforce/webapp-template-app-react-template-b2e-experimental 1.36.3

package/dist/force-app/main/default/webapplications/appreacttemplateb2e/src/pages/ResetPassword.tsx

@@ -0,0 +1,101 @@
+import { useState } from "react";
+import { Link, useSearchParams } from "react-router";
+import { baseClient } from "@salesforce/webapp-experimental/api";
+import { CardLayout } from "../components/layout/card-layout";
+import { CenteredPageLayout } from "../components/layout/centered-page-layout";
+import { AuthForm } from "../components/forms/auth-form";
+import { StatusAlert } from "../components/alerts/status-alert";
+import { useAppForm } from "../hooks/form";
+import { ROUTES, AUTH_PLACEHOLDERS } from "../utils/authenticationConfig";
+import { newPasswordSchema, handleApiResponse, getErrorMessage } from "../utils/helpers";
+
+export default function ResetPassword() {
+	const [searchParams] = useSearchParams();
+	const token = searchParams.get("token");
+	const [success, setSuccess] = useState(false);
+	const [submitError, setSubmitError] = useState<string | null>(null);
+
+	const form = useAppForm({
+		defaultValues: { newPassword: "", confirmPassword: "" },
+		validators: { onChange: newPasswordSchema, onSubmit: newPasswordSchema },
+		onSubmit: async ({ value }) => {
+			setSubmitError(null);
+			setSuccess(false);
+			try {
+				// [Dev Note] Custom Apex Endpoint: /auth/reset-password
+				// You must ensure this Apex class exists in your org
+				const response = await baseClient.post("/services/apexrest/auth/reset-password", {
+					token,
+					newPassword: value.newPassword,
+				});
+				await handleApiResponse(response, "Password reset failed");
+				setSuccess(true);
+				// Scroll to top of page after successful submission so user sees it
+				window.scrollTo({ top: 0, behavior: "smooth" });
+			} catch (err) {
+				setSubmitError(getErrorMessage(err, "Password reset failed"));
+			}
+		},
+		onSubmitInvalid: () => {},
+	});
+
+	if (!token) {
+		return (
+			<CenteredPageLayout title={ROUTES.RESET_PASSWORD.TITLE}>
+				<CardLayout title="Reset Password">
+					<StatusAlert>
+						Reset token is invalid or expired.{" "}
+						<Link to={ROUTES.FORGOT_PASSWORD.PATH} className="underline underline-offset-4">
+							Request a new password reset link.
+						</Link>
+					</StatusAlert>
+				</CardLayout>
+			</CenteredPageLayout>
+		);
+	}
+
+	return (
+		<CenteredPageLayout title={ROUTES.RESET_PASSWORD.TITLE}>
+			<form.AppForm>
+				<AuthForm
+					title="Reset Password"
+					description="Enter your new password below"
+					error={submitError}
+					success={
+						success && (
+							<>
+								Password reset successfully!{" "}
+								<Link to={ROUTES.LOGIN.PATH} className="underline">
+									Sign in
+								</Link>
+							</>
+						)
+					}
+					submit={{ text: "Reset Password", loadingText: "Resetting…" }}
+					footer={{ text: "Remember your password?", link: ROUTES.LOGIN.PATH, linkText: "Sign in" }}
+				>
+					<form.AppField name="newPassword">
+						{(field) => (
+							<field.PasswordField
+								label="New Password"
+								placeholder={AUTH_PLACEHOLDERS.PASSWORD_NEW}
+								autoComplete="new-password"
+								disabled={success}
+							/>
+						)}
+					</form.AppField>
+					<form.AppField name="confirmPassword">
+						{(field) => (
+							<field.PasswordField
+								label="Confirm Password"
+								placeholder={AUTH_PLACEHOLDERS.PASSWORD_NEW_CONFIRM}
+								autoComplete="new-password"
+								disabled={success}
+							/>
+						)}
+					</form.AppField>
+				</AuthForm>
+			</form.AppForm>
+		</CenteredPageLayout>
+	);
+}

package/dist/force-app/main/default/webapplications/appreacttemplateb2e/src/pages/new.tsx

@@ -0,0 +1,10 @@
+export default function New() {
+	return (
+		<div className="max-w-7xl mx-auto px-4 sm:px-6 lg:px-8 py-12">
+			<div className="text-center">
+				<h1 className="text-4xl font-bold text-gray-900 mb-4">New</h1>
+				<p className="text-lg text-gray-600">This is the new page.</p>
+			</div>
+		</div>
+	);
+}

package/dist/force-app/main/default/webapplications/appreacttemplateb2e/src/router-utils.tsx

@@ -0,0 +1,34 @@
+import type { RouteObject } from "react-router";
+import { routes } from "./routes";
+
+export type RouteWithFullPath = RouteObject & { fullPath: string };
+
+const flatMapRoutes = (route: RouteObject, parentPath: string = ""): RouteWithFullPath[] => {
+	// Construct the full path for this route
+	let fullPath: string;
+
+	if (route.index) {
+		// Index routes use the parent path
+		fullPath = parentPath || "/";
+	} else if (route.path) {
+		// Combine parent path with current path
+		if (route.path.startsWith("/")) {
+			fullPath = route.path;
+		} else {
+			fullPath = parentPath === "/" ? `/${route.path}` : `${parentPath}/${route.path}`;
+		}
+	} else {
+		fullPath = parentPath;
+	}
+
+	const routeWithPath = { ...route, fullPath };
+
+	// Recursively process children
+	const childRoutes = route.children?.flatMap((child) => flatMapRoutes(child, fullPath)) || [];
+
+	return [routeWithPath, ...childRoutes];
+};
+
+export const getAllRoutes = (): RouteWithFullPath[] => {
+	return routes.flatMap((route) => flatMapRoutes(route));
+};

package/dist/force-app/main/default/webapplications/appreacttemplateb2e/src/routes.tsx

@@ -0,0 +1,88 @@
+import type { RouteObject } from 'react-router';
+import AppLayout from './appLayout';
+import Home from './pages/Home';
+import About from './pages/About';
+import NotFound from './pages/NotFound';
+import Login from "./pages/Login";
+import Register from "./pages/Register";
+import ForgotPassword from "./pages/ForgotPassword";
+import ResetPassword from "./pages/ResetPassword";
+import Profile from "./pages/Profile";
+import ChangePassword from "./pages/ChangePassword";
+import AuthenticationRoute from "./components/auth/authentication-route";
+import PrivateRoute from "./components/auth/private-route";
+import { ROUTES } from "./utils/authenticationConfig";
+import New from "./pages/new";
+
+export const routes: RouteObject[] = [
+  {
+    path: "/",
+    element: <AppLayout />,
+    children: [
+      {
+        index: true,
+        element: <Home />,
+        handle: { showInNavigation: true, label: 'Home' }
+      },
+      {
+        path: "about",
+        element: <About />,
+        handle: { showInNavigation: true, label: "About" }
+      },
+      {
+        path: '*',
+        element: <NotFound />
+      },
+      {
+        element: <AuthenticationRoute />,
+        children: [
+          {
+            path: ROUTES.LOGIN.PATH,
+            element: <Login />,
+            handle: { showInNavigation: true, label: "Login", title: ROUTES.LOGIN.TITLE }
+          },
+          {
+            path: ROUTES.REGISTER.PATH,
+            element: <Register />,
+            handle: { showInNavigation: false, title: ROUTES.REGISTER.TITLE }
+          },
+          {
+            path: ROUTES.FORGOT_PASSWORD.PATH,
+            element: <ForgotPassword />,
+            handle: { showInNavigation: false, title: ROUTES.FORGOT_PASSWORD.TITLE }
+          },
+          {
+            path: ROUTES.RESET_PASSWORD.PATH,
+            element: <ResetPassword />,
+            handle: { showInNavigation: false, title: ROUTES.RESET_PASSWORD.TITLE }
+          }
+        ]
+      },
+      {
+        element: <PrivateRoute />,
+        children: [
+          {
+            path: ROUTES.PROFILE.PATH,
+            element: <Profile />,
+            handle: { showInNavigation: true, label: "Profile", title: ROUTES.PROFILE.TITLE }
+          },
+          {
+            path: ROUTES.CHANGE_PASSWORD.PATH,
+            element: <ChangePassword />,
+            handle: { showInNavigation: false, title: ROUTES.CHANGE_PASSWORD.TITLE }
+          }
+        ]
+      },
+      {
+        path: "contact",
+        element: <h1>Hello World from Contact Page</h1>,
+        handle: { showInNavigation: false }
+      },
+      {
+        path: "new",
+        element: <New />,
+        handle: { showInNavigation: true, label: "New Page" }
+      }
+    ]
+  }
+];

package/dist/force-app/main/default/webapplications/appreacttemplateb2e/src/styles/global.css

@@ -0,0 +1,94 @@
+@import "tailwindcss";
+@layer base {
+	:root {
+		/* browser system elements (scrollbars, etc) */
+		color-scheme: light;
+
+		--background: oklch(1 0 0);
+		--foreground: oklch(0.145 0 0);
+		--card: oklch(1 0 0);
+		--card-foreground: oklch(0.145 0 0);
+		--popover: oklch(1 0 0);
+		--popover-foreground: oklch(0.145 0 0);
+		--primary: oklch(0.205 0 0);
+		--primary-foreground: oklch(0.985 0 0);
+		--secondary: oklch(0.97 0 0);
+		--secondary-foreground: oklch(0.205 0 0);
+		--muted: oklch(0.97 0 0);
+		--muted-foreground: oklch(0.556 0 0);
+		--accent: oklch(0.97 0 0);
+		--accent-foreground: oklch(0.205 0 0);
+		--destructive: oklch(0.577 0.245 27.325);
+		/* 1. Maintenance: Added missing token for accessible text on red backgrounds */
+		--destructive-foreground: oklch(0.985 0 0);
+		--border: oklch(0.922 0 0);
+		--input: oklch(0.922 0 0);
+		--ring: oklch(0.205 0 0);
+		--radius: 0.625rem;
+		--spacing: 0.25rem;
+	}
+	.dark {
+		/* browser system elements */
+		color-scheme: dark;
+
+		--background: oklch(0.145 0 0);
+		--foreground: oklch(0.985 0 0);
+		--card: oklch(0.145 0 0);
+		--card-foreground: oklch(0.985 0 0);
+		--popover: oklch(0.145 0 0);
+		--popover-foreground: oklch(0.985 0 0);
+		--primary: oklch(0.985 0 0);
+		--primary-foreground: oklch(0.205 0 0);
+		--secondary: oklch(0.269 0 0);
+		--secondary-foreground: oklch(0.985 0 0);
+		--muted: oklch(0.269 0 0);
+		--muted-foreground: oklch(0.708 0 0);
+		--accent: oklch(0.269 0 0);
+		--accent-foreground: oklch(0.985 0 0);
+		--destructive: oklch(0.396 0.141 25.723);
+		/* Dark mode text for destructive actions */
+		--destructive-foreground: oklch(0.985 0 0);
+		--accent-foreground: oklch(0.985 0 0);
+	}
+	/* 2. Accessibility: Global reset for users who prefer reduced motion */
+	@media (prefers-reduced-motion: reduce) {
+		* {
+			animation-duration: 0.01ms !important;
+			animation-iteration-count: 1 !important;
+			transition-duration: 0.01ms !important;
+			scroll-behavior: auto !important;
+		}
+	}
+	* {
+		@apply border-[var(--border)];
+	}
+	body {
+		@apply bg-[var(--background)] text-[var(--foreground)] antialiased;
+	}
+}
+
+@theme inline {
+	--color-background: var(--background);
+	--color-foreground: var(--foreground);
+	--color-card: var(--card);
+	--color-card-foreground: var(--card-foreground);
+	--color-popover: var(--popover);
+	--color-popover-foreground: var(--popover-foreground);
+	--color-primary: var(--primary);
+	--color-primary-foreground: var(--primary-foreground);
+	--color-secondary: var(--secondary);
+	--color-secondary-foreground: var(--secondary-foreground);
+	--color-muted: var(--muted);
+	--color-muted-foreground: var(--muted-foreground);
+	--color-accent: var(--accent);
+	--color-accent-foreground: var(--accent-foreground);
+	--color-destructive: var(--destructive);
+	--color-border: var(--border);
+	--color-input: var(--input);
+	--color-ring: var(--ring);
+	--radius-sm: calc(var(--radius) - 4px);
+	--radius-md: calc(var(--radius) - 2px);
+	--radius-lg: var(--radius);
+	--radius-xl: calc(var(--radius) + 4px);
+	--spacing: var(--spacing);
+}

package/dist/force-app/main/default/webapplications/appreacttemplateb2e/src/utils/authenticationConfig.ts

@@ -0,0 +1,52 @@
+/**
+ * [Dev Note] Centralized configuration for Auth routes.
+ * Each route contains both the path and page title.
+ * Using constants prevents typos in route paths across the application.
+ */
+export const ROUTES = {
+	LOGIN: {
+		PATH: "/login",
+		TITLE: "Login | MyApp",
+	},
+	REGISTER: {
+		PATH: "/register",
+		TITLE: "Create Account | MyApp",
+	},
+	FORGOT_PASSWORD: {
+		PATH: "/forgot-password",
+		TITLE: "Recover Password | MyApp",
+	},
+	RESET_PASSWORD: {
+		PATH: "/reset-password",
+		TITLE: "Reset Password | MyApp",
+	},
+	PROFILE: {
+		PATH: "/profile",
+		TITLE: "My Profile | MyApp",
+	},
+	CHANGE_PASSWORD: {
+		PATH: "/change-password",
+		TITLE: "Change Password | MyApp",
+	},
+} as const;
+
+/**
+ * [Dev Note] Query parameter key used to store the return URL.
+ * e.g. /login?startUrl=/profile
+ */
+export const AUTH_REDIRECT_PARAM = "startUrl";
+
+/**
+ * Placeholder text constants for authentication form inputs.
+ */
+export const AUTH_PLACEHOLDERS = {
+	EMAIL: "asalesforce@example.com",
+	PASSWORD: "",
+	PASSWORD_CREATE: "",
+	PASSWORD_CONFIRM: "",
+	PASSWORD_NEW: "",
+	PASSWORD_NEW_CONFIRM: "",
+	FIRST_NAME: "Astro",
+	LAST_NAME: "Salesforce",
+	USERNAME: "asalesforce",
+} as const;

package/dist/force-app/main/default/webapplications/appreacttemplateb2e/src/utils/helpers.ts

@@ -0,0 +1,187 @@
+import { AUTH_REDIRECT_PARAM } from "./authenticationConfig";
+import { z } from "zod";
+
+/** Email field validation */
+export const emailSchema = z.string().trim().email("Please enter a valid email address");
+
+/** Password field validation (minimum 8 characters) */
+export const passwordSchema = z.string().min(8, "Password must be at least 8 characters");
+
+/**
+ * Shared schema for new password + confirmation fields.
+ * Validates password length and matching confirmation.
+ */
+export const newPasswordSchema = z
+	.object({
+		newPassword: passwordSchema,
+		confirmPassword: z.string().min(1, "Please confirm your password"),
+	})
+	.refine((data) => data.newPassword === data.confirmPassword, {
+		message: "Passwords do not match",
+		path: ["confirmPassword"],
+	});
+
+/**
+ *
+ * Extracts the startUrl from URLSearchParams, defaulting to '/'.
+ *
+ * SECURITY NOTE: This function strictly validates the URL to prevent
+ * Open Redirect vulnerabilities. It allows only relative paths.
+ *
+ * @param searchParams - The URLSearchParams object from useSearchParams()
+ * @returns The start URL for post-authentication redirect
+ */
+export function getStartUrl(searchParams: URLSearchParams): string {
+	// 1. Check for the standard redirect parameter
+	const url = searchParams.get(AUTH_REDIRECT_PARAM);
+	// 2. Security Check: Validation Logic
+	if (url && isValidRedirect(url)) {
+		return url;
+	}
+	// 3. Fallback: Default to root
+	return "/";
+}
+
+/**
+ * [Dev Note] Security: Validates that the redirect URL is a relative path
+ * to prevent Open Redirect vulnerabilities.
+ *
+ * Security Checks:
+ * 1. Rejects protocol-relative URLs (//)
+ * 2. Rejects backslash usage which some browsers treat as slashes (/\)
+ * 3. Rejects control characters
+ */
+function isValidRedirect(url: string): boolean {
+	// Basic structure check
+	if (!url.startsWith("/") || url.startsWith("//")) return false;
+	// Security: Reject backslashes to prevent /\example.com bypasses
+	if (url.includes("\\")) return false;
+	// Robustness: Ensure it doesn't contain whitespace/control characters
+	if (/[^\u0021-\u00ff]/.test(url)) return false;
+	return true;
+}
+
+/**
+ * MAINTAINABILITY: Robust error extraction.
+ * Handles strings, objects, and standard Error instances.
+ *
+ * @param err - The error object (unknown type)
+ * @param fallback - Fallback message if error doesn't have a message property
+ * @returns The error message string
+ */
+export function getErrorMessage(err: unknown, fallback: string): string {
+	if (err instanceof Error) return err.message;
+	if (typeof err === "string") return err;
+	// Check if it's an object with a message property
+	if (typeof err === "object" && err !== null && "message" in err) {
+		return String((err as { message: unknown }).message);
+	}
+	return fallback;
+}
+
+/**
+ * [Dev Note] Helper to parse the fetch Response.
+ * It handles the distinction between success (JSON) and failure (throwing Error).
+ */
+export async function handleApiResponse<T = unknown>(
+	response: Response,
+	fallbackError: string,
+): Promise<T> {
+	// 1. Robustness: Handle 204 No Content gracefully
+	if (response.status === 204) {
+		return {} as T;
+	}
+
+	let data: any = null;
+
+	const contentType = response.headers.get("content-type");
+	if (contentType?.includes("application/json")) {
+		data = await response.json();
+	} else {
+		// [Dev Note] If Salesforce returns HTML (e.g. standard error page),
+		// we consume text to avoid parsing errors.
+		await response.text();
+	}
+
+	if (!response.ok) {
+		// [Dev Note] Throwing here allows the calling component to catch and
+		// display the error via getErrorMessage()
+		throw new Error(parseApiResponseError(data, fallbackError));
+	}
+
+	return data as T;
+}
+
+/**
+ * Shared response type for authentication endpoints (login/register).
+ * Success responses contain `success: true` and `redirectUrl`.
+ * Error responses contain `errors` array.
+ */
+export interface AuthResponse {
+	success?: boolean;
+	redirectUrl?: string | null;
+	errors?: string[];
+}
+
+/**
+ * UI API Record response structure.
+ */
+export type RecordResponse = {
+	fields: Record<
+		string,
+		{
+			value: string;
+		}
+	>;
+};
+
+/**
+ * [Dev Note] The UI API returns a complex nested structure.
+ * This helper flattens it to a simple object for easier form binding.
+ * Flattens { fields: { FieldName: { displayValue, value } } } to { FieldName: value }
+ *
+ * @param data - The RecordResponse with field objects.
+ * @throws {Error} If data is not a valid RecordResponse.
+ * @returns Flattened object with field values.
+ */
+export function flattenUiApiRecord<T>(data: RecordResponse): T {
+	if (!data?.fields) {
+		throw new Error(parseApiResponseError(data));
+	}
+
+	return Object.fromEntries(
+		Object.entries(data.fields).map(([key, field]) => [key, field?.value ?? null]),
+	) as T;
+}
+
+/**
+ * [Dev Note] Salesforce APIs may return errors as an array or a single object.
+ * This helper standardizes the extraction of the error message string.
+ *
+ * @param data - The response data.
+ * @param fallbackError - Fallback error message if response doesn't have a message property
+ * @returns The error message string
+ */
+function parseApiResponseError(
+	data: any,
+	fallbackError: string = "An unknown error occurred",
+): string {
+	if (data?.message) {
+		return data.message;
+	}
+	if (data?.error) {
+		return data.error;
+	}
+	if (data?.errors && Array.isArray(data.errors) && data.errors.length > 0) {
+		return data.errors.join(" ") || fallbackError;
+	}
+	if (Array.isArray(data) && data.length > 0) {
+		return (
+			data
+				.map((e) => e?.message)
+				.filter(Boolean)
+				.join(" ") || fallbackError
+		);
+	}
+	return fallbackError;
+}

package/dist/force-app/main/default/webapplications/appreacttemplateb2e/tsconfig.json

@@ -0,0 +1,36 @@
+{
+  "compilerOptions": {
+    "target": "ES2020",
+    "useDefineForClassFields": true,
+    "lib": ["ES2020", "DOM", "DOM.Iterable"],
+    "module": "ESNext",
+    "skipLibCheck": true,
+
+    /* Bundler mode */
+    "moduleResolution": "bundler",
+    "allowImportingTsExtensions": true,
+    "resolveJsonModule": true,
+    "isolatedModules": true,
+    "noEmit": true,
+    "jsx": "react-jsx",
+
+    /* Linting */
+    "strict": true,
+    "noUnusedLocals": true,
+    "noUnusedParameters": true,
+    "noFallthroughCasesInSwitch": true,
+
+    /* Path mapping */
+    "baseUrl": ".",
+    "paths": {
+      "@/*": ["./src/*"],
+      "@api/*": ["./src/api/*"],
+      "@components/*": ["./src/components/*"],
+      "@utils/*": ["./src/utils/*"],
+      "@styles/*": ["./src/styles/*"],
+      "@assets/*": ["./src/assets/*"]
+    }
+  },
+  "include": ["src", "vite-env.d.ts", "vitest-env.d.ts"],
+  "references": [{ "path": "./tsconfig.node.json" }]
+}

package/dist/force-app/main/default/webapplications/appreacttemplateb2e/tsconfig.node.json

@@ -0,0 +1,13 @@
+{
+  "compilerOptions": {
+    "composite": true,
+    "tsBuildInfoFile": "./node_modules/.tmp/tsconfig.node.tsbuildinfo",
+    "skipLibCheck": true,
+    "module": "ESNext",
+    "moduleResolution": "bundler",
+    "allowSyntheticDefaultImports": true,
+    "strict": true,
+    "outDir": "./build"
+  },
+  "include": ["vite.config.ts"]
+}

package/dist/force-app/main/default/webapplications/appreacttemplateb2e/vite-env.d.ts

@@ -0,0 +1 @@
+/// <reference types="vite/client" />