@salesforce/webapp-template-feature-react-authentication-experimental 1.3.4

package/dist/force-app/main/default/webapplications/feature-react-authentication/src/pages/ChangePassword.tsx

@@ -0,0 +1,105 @@
+import { useState } from "react";
+import { Link } from "react-router";
+import { z } from "zod";
+import { baseClient } from "@salesforce/webapp-experimental/api";
+import { CenteredPageLayout } from "../components/layout/centered-page-layout";
+import { AuthForm } from "../components/forms/auth-form";
+import { useAppForm } from "../hooks/form";
+import { ROUTES, AUTH_PLACEHOLDERS } from "../utils/authenticationConfig";
+import { newPasswordSchema, handleApiResponse, getErrorMessage } from "../utils/helpers";
+import { getUser } from "../context/AuthContext";
+
+const changePasswordSchema = z
+	.object({
+		currentPassword: z.string().min(1, "Current password is required"),
+	})
+	.and(newPasswordSchema);
+
+export default function ChangePassword() {
+	const [success, setSuccess] = useState(false);
+	const [submitError, setSubmitError] = useState<string | null>(null);
+	const user = getUser();
+
+	const form = useAppForm({
+		defaultValues: { currentPassword: "", newPassword: "", confirmPassword: "" },
+		validators: { onChange: changePasswordSchema, onSubmit: changePasswordSchema },
+		onSubmit: async ({ value }) => {
+			setSubmitError(null);
+			setSuccess(false);
+			try {
+				// [Dev Note] Custom Apex Endpoint: /auth/change-password
+				// Security Critical:
+				// We must pass the `user.id` (from AuthContext) to the Apex endpoint
+				// to ensure the password change is applied to the correct user.
+				// The Apex backend should also verify that the authenticated session matches this ID.
+				// You must ensure this Apex class exists in your org
+				const response = await baseClient.post("/services/apexrest/auth/change-password", {
+					userId: user.id,
+					currentPassword: value.currentPassword,
+					newPassword: value.newPassword,
+				});
+				await handleApiResponse(response, "Password change failed");
+				setSuccess(true);
+				form.reset();
+			} catch (err) {
+				setSubmitError(getErrorMessage(err, "Password change failed"));
+			}
+		},
+		onSubmitInvalid: () => {},
+	});
+
+	return (
+		<CenteredPageLayout title={ROUTES.CHANGE_PASSWORD.TITLE}>
+			<form.AppForm>
+				<AuthForm
+					title="Change Password"
+					description="Enter your current and new password below"
+					error={submitError}
+					success={
+						success && (
+							<>
+								Password changed successfully!{" "}
+								<Link to={ROUTES.PROFILE.PATH} className="underline">
+									Back to Profile
+								</Link>
+							</>
+						)
+					}
+					submit={{ text: "Change Password", loadingText: "Changing…" }}
+					footer={{ link: ROUTES.PROFILE.PATH, linkText: "Back to Profile" }}
+				>
+					<form.AppField name="currentPassword">
+						{(field) => (
+							<field.PasswordField
+								label="Current Password"
+								placeholder={AUTH_PLACEHOLDERS.PASSWORD}
+								autoComplete="current-password"
+								disabled={success}
+							/>
+						)}
+					</form.AppField>
+					<form.AppField name="newPassword">
+						{(field) => (
+							<field.PasswordField
+								label="New Password"
+								placeholder={AUTH_PLACEHOLDERS.PASSWORD_NEW}
+								autoComplete="new-password"
+								disabled={success}
+							/>
+						)}
+					</form.AppField>
+					<form.AppField name="confirmPassword">
+						{(field) => (
+							<field.PasswordField
+								label="Confirm Password"
+								placeholder={AUTH_PLACEHOLDERS.PASSWORD_NEW_CONFIRM}
+								autoComplete="new-password"
+								disabled={success}
+							/>
+						)}
+					</form.AppField>
+				</AuthForm>
+			</form.AppForm>
+		</CenteredPageLayout>
+	);
+}

package/dist/force-app/main/default/webapplications/feature-react-authentication/src/pages/ForgotPassword.tsx

@@ -0,0 +1,67 @@
+import { useState } from "react";
+import { z } from "zod";
+import { baseClient } from "@salesforce/webapp-experimental/api";
+import { CenteredPageLayout } from "../components/layout/centered-page-layout";
+import { AuthForm } from "../components/forms/auth-form";
+import { useAppForm } from "../hooks/form";
+import { ROUTES, AUTH_PLACEHOLDERS } from "../utils/authenticationConfig";
+import { handleApiResponse, getErrorMessage } from "../utils/helpers";
+
+const forgotPasswordSchema = z.object({
+	username: z.string().trim().toLowerCase().email("Please enter a valid username"),
+});
+
+export default function ForgotPassword() {
+	const [success, setSuccess] = useState(false);
+	const [submitError, setSubmitError] = useState<string | null>(null);
+
+	const form = useAppForm({
+		defaultValues: { username: "" },
+		validators: { onChange: forgotPasswordSchema, onSubmit: forgotPasswordSchema },
+		onSubmit: async ({ value }) => {
+			setSubmitError(null);
+			setSuccess(false);
+			try {
+				// [Dev Note] Custom Apex Endpoint: /auth/forgot-password
+				// You must ensure this Apex class exists in your org
+				const response = await baseClient.post("/services/apexrest/auth/forgot-password", {
+					username: value.username.trim(),
+				});
+				await handleApiResponse(response, "Failed to send reset link");
+				setSuccess(true);
+			} catch (err) {
+				setSubmitError(getErrorMessage(err, "Failed to send reset link"));
+			}
+		},
+		onSubmitInvalid: () => {},
+	});
+
+	return (
+		<CenteredPageLayout title={ROUTES.FORGOT_PASSWORD.TITLE}>
+			<form.AppForm>
+				<AuthForm
+					title="Forgot Password"
+					description="Enter your username and we'll send you a reset link"
+					error={submitError}
+					success={
+						success &&
+						"If that username exists in our system, you will receive a reset link shortly."
+					}
+					submit={{ text: "Send Reset Link", loadingText: "Sending…" }}
+					footer={{ text: "Remember your password?", link: ROUTES.LOGIN.PATH, linkText: "Sign in" }}
+				>
+					<form.AppField name="username">
+						{(field) => (
+							<field.TextField
+								label="Username"
+								placeholder={AUTH_PLACEHOLDERS.USERNAME}
+								autoComplete="username"
+								disabled={success}
+							/>
+						)}
+					</form.AppField>
+				</AuthForm>
+			</form.AppForm>
+		</CenteredPageLayout>
+	);
+}

package/dist/force-app/main/default/webapplications/feature-react-authentication/src/pages/Home.tsx

@@ -0,0 +1,12 @@
+export default function Home() {
+  return (
+    <div className="max-w-7xl mx-auto px-4 sm:px-6 lg:px-8 py-12">
+      <div className="text-center">
+        <h1 className="text-4xl font-bold text-gray-900 mb-4">Home</h1>
+        <p className="text-lg text-gray-600 mb-8">
+          Welcome to your React application.
+        </p>
+      </div>
+    </div>
+  );
+}

package/dist/force-app/main/default/webapplications/feature-react-authentication/src/pages/Login.tsx

@@ -0,0 +1,84 @@
+import { useState } from "react";
+import { useNavigate, useSearchParams, Link } from "react-router";
+import { z } from "zod";
+import { baseClient } from "@salesforce/webapp-experimental/api";
+import { CenteredPageLayout } from "../components/layout/centered-page-layout";
+import { AuthForm } from "../components/forms/auth-form";
+import { useAppForm } from "../hooks/form";
+import { ROUTES } from "../utils/authenticationConfig";
+import { emailSchema, getStartUrl, handleApiResponse, getErrorMessage } from "../utils/helpers";
+
+const loginSchema = z.object({
+	email: emailSchema,
+	password: z.string().min(1, "Password is required"),
+});
+
+export default function Login() {
+	const navigate = useNavigate();
+	const [searchParams] = useSearchParams();
+	const [submitError, setSubmitError] = useState<string | null>(null);
+
+	const form = useAppForm({
+		defaultValues: { email: "", password: "" },
+		validators: { onChange: loginSchema, onSubmit: loginSchema },
+		onSubmit: async ({ value }) => {
+			setSubmitError(null);
+			try {
+				// [Dev Note] Salesforce Integration:
+				// We use 'baseClient.post' to make an authenticated (or guest) call to Salesforce.
+				// "/services/apexrest/auth/login" refers to a custom Apex Class exposed as a REST resource.
+				// You must ensure this Apex class exists in your org and handles the login logic
+				// (e.g., creating a session or returning a token).
+				const response = await baseClient.post("/services/apexrest/auth/login", {
+					email: value.email.trim().toLowerCase(),
+					password: value.password,
+				});
+				await handleApiResponse(response, "Login failed");
+
+				// [Dev Note] After successful API call, redirect to the intended page.
+				// The session cookie is typically set by the server/Apex response headers.
+				navigate(getStartUrl(searchParams), { replace: true });
+			} catch (err) {
+				setSubmitError(getErrorMessage(err, "Login failed"));
+			}
+		},
+		onSubmitInvalid: () => {},
+	});
+
+	return (
+		<CenteredPageLayout title={ROUTES.LOGIN.TITLE}>
+			<form.AppForm>
+				<AuthForm
+					title="Login"
+					description="Enter your email below to login to your account"
+					error={submitError}
+					submit={{ text: "Login", loadingText: "Logging in…" }}
+					footer={{
+						text: "Don't have an account?",
+						link: ROUTES.REGISTER.PATH,
+						linkText: "Sign up",
+					}}
+				>
+					<form.AppField name="email">
+						{(field) => <field.EmailField label="Email" />}
+					</form.AppField>
+					<form.AppField name="password">
+						{(field) => (
+							<field.PasswordField
+								label="Password"
+								labelAction={
+									<Link
+										to={ROUTES.FORGOT_PASSWORD.PATH}
+										className="text-sm underline-offset-4 hover:underline"
+									>
+										Forgot your password?
+									</Link>
+								}
+							/>
+						)}
+					</form.AppField>
+				</AuthForm>
+			</form.AppForm>
+		</CenteredPageLayout>
+	);
+}

package/dist/force-app/main/default/webapplications/feature-react-authentication/src/pages/NotFound.tsx

@@ -0,0 +1,18 @@
+import { Link } from 'react-router';
+
+export default function NotFound() {
+  return (
+    <div className="max-w-7xl mx-auto px-4 sm:px-6 lg:px-8 py-12">
+      <div className="text-center">
+        <h1 className="text-4xl font-bold text-gray-900 mb-4">404</h1>
+        <p className="text-lg text-gray-600 mb-8">Page not found</p>
+        <Link
+          to="/"
+          className="inline-block px-4 py-2 bg-blue-600 text-white rounded-md hover:bg-blue-700 transition-colors"
+        >
+          Go to Home
+        </Link>
+      </div>
+    </div>
+  );
+}

package/dist/force-app/main/default/webapplications/feature-react-authentication/src/pages/Profile.tsx

@@ -0,0 +1,146 @@
+import { useState, useEffect } from "react";
+import { z } from "zod";
+
+// [Dev Note] These are standard Salesforce SDK methods that interact with the UI API.
+// They respect field-level security and validation rules defined in Salesforce.
+import { getRecord, updateRecord } from "@salesforce/webapp-experimental/api";
+
+import { CenteredPageLayout } from "../components/layout/centered-page-layout";
+import { LoadingPage } from "../components/layout/loading-page";
+import { AuthForm } from "../components/forms/auth-form";
+import { useAppForm } from "../hooks/form";
+import { ROUTES } from "../utils/authenticationConfig";
+import { emailSchema, flattenUiApiRecord, getErrorMessage } from "../utils/helpers";
+import { getUser } from "../context/AuthContext";
+
+const optionalString = z
+	.string()
+	.trim()
+	.transform((val) => (val === "" ? null : val))
+	.nullable()
+	.optional();
+
+const profileSchema = z.object({
+	FirstName: z.string().trim().min(1, "First name is required"),
+	LastName: z.string().trim().min(1, "Last name is required"),
+	Email: emailSchema,
+	Phone: optionalString,
+	Street: optionalString,
+	City: optionalString,
+	State: optionalString,
+	PostalCode: optionalString,
+	Country: optionalString,
+});
+
+type ProfileFormValues = z.infer<typeof profileSchema>;
+
+export default function Profile() {
+	const user = getUser();
+	const [profile, setProfile] = useState<ProfileFormValues | null>(null);
+	const [loadError, setLoadError] = useState<string | null>(null);
+	const [success, setSuccess] = useState(false);
+	const [submitError, setSubmitError] = useState<string | null>(null);
+
+	const form = useAppForm({
+		defaultValues: {} as ProfileFormValues,
+		validators: { onChange: profileSchema, onSubmit: profileSchema },
+		onSubmit: async ({ value }) => {
+			setSubmitError(null);
+			setSuccess(false);
+			try {
+				// [Dev Note] updateRecord automatically handles the PATCH request to the UI API.
+				// It expects the Record ID (user.id) and an object of field values.
+				const record = await updateRecord(user.id, value);
+
+				// [Dev Note] We flatten the complex UI API response structure for easier local use.
+				setProfile(flattenUiApiRecord(record));
+
+				setSuccess(true);
+				// Scroll to top of page after successful update so user sees it
+				window.scrollTo({ top: 0, behavior: "smooth" });
+			} catch (err) {
+				setSubmitError(getErrorMessage(err, "Failed to update profile"));
+			}
+		},
+		onSubmitInvalid: () => {},
+	});
+
+	useEffect(() => {
+		let mounted = true;
+
+		// [Dev Note] Fetch the user record fields. "layoutTypes: 'Full'" asks for the default layout fields.
+		// Ensure the authenticated user has Read access to these fields in Salesforce.
+		getRecord(user.id, { layoutTypes: "Full" })
+			.then((record: any) => mounted && setProfile(flattenUiApiRecord(record)))
+			.catch((err: any) => {
+				if (mounted) {
+					setLoadError(getErrorMessage(err, "Failed to load profile"));
+				} else {
+					console.error("Failed to load profile", err);
+				}
+			});
+		return () => {
+			mounted = false;
+		};
+	}, [user.id]);
+
+	useEffect(() => {
+		if (profile) {
+			const formData = profileSchema.parse(profile);
+			form.reset(formData);
+		}
+	}, [profile]);
+
+	if (!profile && !loadError) {
+		return <LoadingPage contentMaxWidth="md" loadingText="Loading profile…" />;
+	}
+
+	return (
+		<CenteredPageLayout contentMaxWidth="md" title={ROUTES.PROFILE.TITLE}>
+			<form.AppForm>
+				<AuthForm
+					title="Profile"
+					description="Update your account information"
+					error={loadError ?? submitError}
+					success={success && "Profile updated!"}
+					submit={{ text: "Save Changes", loadingText: "Saving…" }}
+					footer={{ link: ROUTES.CHANGE_PASSWORD.PATH, linkText: "Change password" }}
+				>
+					<div className="grid grid-cols-1 gap-4 sm:grid-cols-2 items-start">
+						<form.AppField name="FirstName">
+							{(field) => <field.TextField label="First name" autoComplete="given-name" />}
+						</form.AppField>
+						<form.AppField name="LastName">
+							{(field) => <field.TextField label="Last name" autoComplete="family-name" />}
+						</form.AppField>
+					</div>
+					<form.AppField name="Email">
+						{(field) => <field.EmailField label="Email" />}
+					</form.AppField>
+					<form.AppField name="Phone">
+						{(field) => <field.TextField label="Phone" type="tel" autoComplete="tel" />}
+					</form.AppField>
+					<form.AppField name="Street">
+						{(field) => <field.TextField label="Street" autoComplete="street-address" />}
+					</form.AppField>
+					<div className="grid grid-cols-1 gap-4 sm:grid-cols-2 items-start">
+						<form.AppField name="City">
+							{(field) => <field.TextField label="City" autoComplete="address-level2" />}
+						</form.AppField>
+						<form.AppField name="State">
+							{(field) => <field.TextField label="State" autoComplete="address-level1" />}
+						</form.AppField>
+					</div>
+					<div className="grid grid-cols-1 gap-4 sm:grid-cols-2 items-start">
+						<form.AppField name="PostalCode">
+							{(field) => <field.TextField label="Postal Code" autoComplete="postal-code" />}
+						</form.AppField>
+						<form.AppField name="Country">
+							{(field) => <field.TextField label="Country" autoComplete="country-name" />}
+						</form.AppField>
+					</div>
+				</AuthForm>
+			</form.AppForm>
+		</CenteredPageLayout>
+	);
+}

package/dist/force-app/main/default/webapplications/feature-react-authentication/src/pages/Register.tsx

@@ -0,0 +1,117 @@
+import { useState } from "react";
+import { useNavigate, useSearchParams } from "react-router";
+import { z } from "zod";
+import { baseClient } from "@salesforce/webapp-experimental/api";
+import { CenteredPageLayout } from "../components/layout/centered-page-layout";
+import { AuthForm } from "../components/forms/auth-form";
+import { useAppForm } from "../hooks/form";
+import { ROUTES, AUTH_PLACEHOLDERS } from "../utils/authenticationConfig";
+import {
+	emailSchema,
+	passwordSchema,
+	getStartUrl,
+	handleApiResponse,
+	getErrorMessage,
+} from "../utils/helpers";
+
+const registerSchema = z
+	.object({
+		firstName: z.string().trim().min(1, "First name is required"),
+		lastName: z.string().trim().min(1, "Last name is required"),
+		email: emailSchema,
+		password: passwordSchema,
+		confirmPassword: z.string().min(1, "Please confirm your password"),
+	})
+	.refine((data) => data.password === data.confirmPassword, {
+		message: "Passwords do not match",
+		path: ["confirmPassword"],
+	});
+
+export default function Register() {
+	const navigate = useNavigate();
+	const [searchParams] = useSearchParams();
+	const [submitError, setSubmitError] = useState<string | null>(null);
+
+	const form = useAppForm({
+		defaultValues: { firstName: "", lastName: "", email: "", password: "", confirmPassword: "" },
+		validators: { onChange: registerSchema, onSubmit: registerSchema },
+		onSubmit: async ({ value }) => {
+			setSubmitError(null);
+			try {
+				// [Dev Note] Calls the custom Apex REST endpoint for user registration.
+				// Ensure your Apex logic handles duplicate checks and user creation (e.g., Site.createExternalUser).
+				const response = await baseClient.post("/services/apexrest/auth/register", {
+					firstName: value.firstName.trim(),
+					lastName: value.lastName.trim(),
+					email: value.email.trim().toLowerCase(),
+					password: value.password,
+				});
+				await handleApiResponse(response, "Registration failed");
+				navigate(getStartUrl(searchParams), { replace: true });
+			} catch (err) {
+				setSubmitError(getErrorMessage(err, "Registration failed"));
+			}
+		},
+		onSubmitInvalid: () => {},
+	});
+
+	return (
+		<CenteredPageLayout title={ROUTES.REGISTER.TITLE}>
+			<form.AppForm>
+				<AuthForm
+					title="Sign Up"
+					description="Enter your information to create an account"
+					error={submitError}
+					submit={{ text: "Create an account", loadingText: "Creating account…" }}
+					footer={{
+						text: "Already have an account?",
+						link: ROUTES.LOGIN.PATH,
+						linkText: "Sign in",
+					}}
+				>
+					<div className="grid grid-cols-1 gap-4 sm:grid-cols-2 items-start">
+						<form.AppField name="firstName">
+							{(field) => (
+								<field.TextField
+									label="First name"
+									placeholder={AUTH_PLACEHOLDERS.FIRST_NAME}
+									autoComplete="given-name"
+								/>
+							)}
+						</form.AppField>
+						<form.AppField name="lastName">
+							{(field) => (
+								<field.TextField
+									label="Last name"
+									placeholder={AUTH_PLACEHOLDERS.LAST_NAME}
+									autoComplete="family-name"
+								/>
+							)}
+						</form.AppField>
+					</div>
+					<form.AppField name="email">
+						{(field) => <field.EmailField label="Email" />}
+					</form.AppField>
+					<form.AppField name="password">
+						{(field) => (
+							<field.PasswordField
+								label="Password"
+								placeholder={AUTH_PLACEHOLDERS.PASSWORD_CREATE}
+								autoComplete="new-password"
+							/>
+						)}
+					</form.AppField>
+					<form.AppField name="confirmPassword">
+						{(field) => (
+							<field.PasswordField
+								label="Confirm Password"
+								placeholder={AUTH_PLACEHOLDERS.PASSWORD_CONFIRM}
+								autoComplete="new-password"
+							/>
+						)}
+					</form.AppField>
+				</AuthForm>
+			</form.AppForm>
+		</CenteredPageLayout>
+	);
+}

package/dist/force-app/main/default/webapplications/feature-react-authentication/src/pages/ResetPassword.tsx

@@ -0,0 +1,101 @@
+import { useState } from "react";
+import { Link, useSearchParams } from "react-router";
+import { baseClient } from "@salesforce/webapp-experimental/api";
+import { CardLayout } from "../components/layout/card-layout";
+import { CenteredPageLayout } from "../components/layout/centered-page-layout";
+import { AuthForm } from "../components/forms/auth-form";
+import { StatusAlert } from "../components/alerts/status-alert";
+import { useAppForm } from "../hooks/form";
+import { ROUTES, AUTH_PLACEHOLDERS } from "../utils/authenticationConfig";
+import { newPasswordSchema, handleApiResponse, getErrorMessage } from "../utils/helpers";
+
+export default function ResetPassword() {
+	const [searchParams] = useSearchParams();
+	const token = searchParams.get("token");
+	const [success, setSuccess] = useState(false);
+	const [submitError, setSubmitError] = useState<string | null>(null);
+
+	const form = useAppForm({
+		defaultValues: { newPassword: "", confirmPassword: "" },
+		validators: { onChange: newPasswordSchema, onSubmit: newPasswordSchema },
+		onSubmit: async ({ value }) => {
+			setSubmitError(null);
+			setSuccess(false);
+			try {
+				// [Dev Note] Custom Apex Endpoint: /auth/reset-password
+				// You must ensure this Apex class exists in your org
+				const response = await baseClient.post("/services/apexrest/auth/reset-password", {
+					token,
+					newPassword: value.newPassword,
+				});
+				await handleApiResponse(response, "Password reset failed");
+				setSuccess(true);
+				// Scroll to top of page after successful submission so user sees it
+				window.scrollTo({ top: 0, behavior: "smooth" });
+			} catch (err) {
+				setSubmitError(getErrorMessage(err, "Password reset failed"));
+			}
+		},
+		onSubmitInvalid: () => {},
+	});
+
+	if (!token) {
+		return (
+			<CenteredPageLayout title={ROUTES.RESET_PASSWORD.TITLE}>
+				<CardLayout title="Reset Password">
+					<StatusAlert>
+						Reset token is invalid or expired.{" "}
+						<Link to={ROUTES.FORGOT_PASSWORD.PATH} className="underline underline-offset-4">
+							Request a new password reset link.
+						</Link>
+					</StatusAlert>
+				</CardLayout>
+			</CenteredPageLayout>
+		);
+	}
+
+	return (
+		<CenteredPageLayout title={ROUTES.RESET_PASSWORD.TITLE}>
+			<form.AppForm>
+				<AuthForm
+					title="Reset Password"
+					description="Enter your new password below"
+					error={submitError}
+					success={
+						success && (
+							<>
+								Password reset successfully!{" "}
+								<Link to={ROUTES.LOGIN.PATH} className="underline">
+									Sign in
+								</Link>
+							</>
+						)
+					}
+					submit={{ text: "Reset Password", loadingText: "Resetting…" }}
+					footer={{ text: "Remember your password?", link: ROUTES.LOGIN.PATH, linkText: "Sign in" }}
+				>
+					<form.AppField name="newPassword">
+						{(field) => (
+							<field.PasswordField
+								label="New Password"
+								placeholder={AUTH_PLACEHOLDERS.PASSWORD_NEW}
+								autoComplete="new-password"
+								disabled={success}
+							/>
+						)}
+					</form.AppField>
+					<form.AppField name="confirmPassword">
+						{(field) => (
+							<field.PasswordField
+								label="Confirm Password"
+								placeholder={AUTH_PLACEHOLDERS.PASSWORD_NEW_CONFIRM}
+								autoComplete="new-password"
+								disabled={success}
+							/>
+						)}
+					</form.AppField>
+				</AuthForm>
+			</form.AppForm>
+		</CenteredPageLayout>
+	);
+}