simple-module-users 0.0.14__tar.gz → 0.0.16__tar.gz

{simple_module_users-0.0.14 → simple_module_users-0.0.16}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: simple_module_users
-Version: 0.0.14
+Version: 0.0.16
 Summary: Email + password user management, admin invites, RBAC-ready — replaces Keycloak for simple_module apps
 Project-URL: Homepage, https://github.com/antosubash/simple_module_python
 Project-URL: Repository, https://github.com/antosubash/simple_module_python
@@ -24,11 +24,11 @@ Requires-Python: >=3.12
 Requires-Dist: aiosmtplib>=3.0
 Requires-Dist: cachetools>=5.3
 Requires-Dist: fastapi-users[oauth,sqlalchemy]<16,>=15
-Requires-Dist: simple-module-auth==0.0.14
-Requires-Dist: simple-module-core==0.0.14
-Requires-Dist: simple-module-db==0.0.14
-Requires-Dist: simple-module-hosting==0.0.14
-Requires-Dist: simple-module-settings==0.0.14
+Requires-Dist: simple-module-auth==0.0.16
+Requires-Dist: simple-module-core==0.0.16
+Requires-Dist: simple-module-db==0.0.16
+Requires-Dist: simple-module-hosting==0.0.16
+Requires-Dist: simple-module-settings==0.0.16
 Requires-Dist: typer>=0.12
 Description-Content-Type: text/markdown
 

{simple_module_users-0.0.14 → simple_module_users-0.0.16}/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "simple_module_users"
-version = "0.0.14"
+version = "0.0.16"
 description = "Email + password user management, admin invites, RBAC-ready — replaces Keycloak for simple_module apps"
 readme = "README.md"
 license = "MIT"
@@ -21,11 +21,11 @@ classifiers = [
     "Typing :: Typed",
 ]
 dependencies = [
-    "simple_module_core==0.0.14",
-    "simple_module_db==0.0.14",
-    "simple_module_hosting==0.0.14",
-    "simple_module_settings==0.0.14",
-    "simple_module_auth==0.0.14",
+    "simple_module_core==0.0.16",
+    "simple_module_db==0.0.16",
+    "simple_module_hosting==0.0.16",
+    "simple_module_settings==0.0.16",
+    "simple_module_auth==0.0.16",
     # Pinned to a narrow range: `deps.py` relies on mutating CookieTransport
     # fields after construction (see reconfigure_cookie_transport in backend.py).
     # Bumping the major version requires re-checking those field names.

{simple_module_users-0.0.14 → simple_module_users-0.0.16}/tests/_middleware_support.py

@@ -9,15 +9,13 @@ parameters.
 
 from __future__ import annotations
 
-import json
 import uuid
-from base64 import b64encode
 from types import SimpleNamespace
 from typing import Any
 
 import pytest
 from fastapi import FastAPI, Request
-from itsdangerous import TimestampSigner
+from simple_module_test import forge_session_cookie
 from starlette.middleware.sessions import SessionMiddleware
 from starlette.responses import JSONResponse
 from users.constants import ADMIN_ROLE_ID, USER_ROLE_ID
@@ -26,18 +24,19 @@ from users.middleware import AuthMiddleware
 SECRET_KEY = "test-secret-key-for-session-middleware"
 
 
-def _sign_session(data: dict[str, Any], secret: str = SECRET_KEY) -> str:
-    """Encode and sign a session dict exactly as Starlette's SessionMiddleware does."""
-    raw = b64encode(json.dumps(data).encode()).decode()
-    return TimestampSigner(secret).sign(raw).decode("utf-8")
-
-
 def _session_cookie(data: dict[str, Any]) -> dict[str, str]:
-    return {"session": _sign_session(data)}
+    return {"session": forge_session_cookie(SECRET_KEY, data)}
 
 
-async def _build_app(db_state, inner_handler=None):
-    """Build a minimal ASGI app with AuthMiddleware + SessionMiddleware."""
+async def _build_app(db_state, inner_handler=None, *, principal_resolvers=None):
+    """Build a minimal ASGI app with AuthMiddleware + SessionMiddleware.
+
+    ``principal_resolvers`` (optional) is a list of resolvers seeded onto
+    ``app.state.auth.principal_resolvers`` before the middleware runs.
+    Defaults to an empty registry — matches a production app where no
+    downstream module has registered anything.
+    """
+    from auth.state import AuthState
 
     async def _default_handler(request: Request):
         user = getattr(request.state, "user", None)
@@ -62,6 +61,9 @@ async def _build_app(db_state, inner_handler=None):
 
     app = FastAPI()
     app.state.sm = SimpleNamespace(db=db_state)
+    app.state.auth = AuthState(
+        principal_resolvers=list(principal_resolvers or []),
+    )
 
     @app.get("/{path:path}")
     async def _catch_all(request: Request, path: str = ""):

{simple_module_users-0.0.14 → simple_module_users-0.0.16}/tests/test_api_admin.py

@@ -46,11 +46,10 @@ class TestAdminList:
     @pytest.mark.anyio
     async def test_list_without_auth_is_rejected(self, anon_client):
         resp = await anon_client.get("/api/users/admin", follow_redirects=False)
-        # AuthMiddleware redirects unauthenticated non-public API paths to
-        # /users/login. Preserving the 302 here so a regression to 401 or
-        # pass-through is caught.
-        assert resp.status_code == 302
-        assert resp.headers["location"].endswith("/users/login")
+        # AuthMiddleware returns 401 JSON for unauthenticated /api/* paths
+        # (view routes still get a 302 redirect to /users/login).
+        assert resp.status_code == 401
+        assert resp.json() == {"detail": "Not authenticated"}
 
     @pytest.mark.anyio
     async def test_list_as_admin_returns_200(self, admin_client, users_db):
@@ -128,8 +127,8 @@ class TestAdminInvite:
             json={"email": "hacker@example.com"},
             follow_redirects=False,
         )
-        assert resp.status_code == 302
-        assert resp.headers["location"].endswith("/users/login")
+        assert resp.status_code == 401
+        assert resp.json() == {"detail": "Not authenticated"}
 
 
 # ---------------------------------------------------------------------------
@@ -205,8 +204,8 @@ class TestAdminSetRoles:
             json={"role_names": ["admin"]},
             follow_redirects=False,
         )
-        assert resp.status_code == 302
-        assert resp.headers["location"].endswith("/users/login")
+        assert resp.status_code == 401
+        assert resp.json() == {"detail": "Not authenticated"}
 
     @pytest.mark.anyio
     async def test_set_roles_nonexistent_returns_404(self, admin_client):

simple_module_users-0.0.16/tests/test_users_middleware_resolvers.py

@@ -0,0 +1,190 @@
+"""AuthMiddleware tests for the principal-resolver chain.
+
+Covers ``app.state.auth.principal_resolvers`` consultation order, error
+isolation, the session-short-circuit precedence, and the /api/* vs view-path
+unauthenticated split (401 JSON vs 302 redirect).
+
+Helpers + fixtures live in ``_middleware_support`` alongside the broader
+middleware tests in ``test_users_middleware`` and the PUBLIC_PATHS suite in
+``test_users_middleware_public_paths``.
+"""
+
+from __future__ import annotations
+
+import httpx
+import pytest
+from _middleware_support import _build_app, _session_cookie
+from fastapi import Request
+from starlette.responses import JSONResponse
+
+
+def _ctx(uid: str = "11111111-1111-1111-1111-111111111111", **overrides):
+    """Build a UserContext for resolver tests."""
+    from auth.contracts.schemas import UserContext
+
+    fields = {
+        "id": uid,
+        "email": "pat@example.com",
+        "name": "PAT User",
+        "roles": ["user"],
+        "tenant_id": None,
+    }
+    fields.update(overrides)
+    return UserContext(**fields)
+
+
+@pytest.mark.anyio
+async def test_resolver_returning_context_authenticates_request(db_state):
+    """A registered resolver that returns a UserContext authenticates the request."""
+
+    async def stub_resolver(request):
+        return _ctx()
+
+    app = await _build_app(db_state, principal_resolvers=[stub_resolver])
+    transport = httpx.ASGITransport(app=app)
+    async with httpx.AsyncClient(transport=transport, base_url="http://testserver") as client:
+        resp = await client.get("/dashboard")
+
+    assert resp.status_code == 200
+    data = resp.json()
+    assert data["user"]["email"] == "pat@example.com"
+
+
+@pytest.mark.anyio
+async def test_resolver_first_non_none_wins(db_state):
+    """The first resolver returning a context wins; later resolvers are not consulted."""
+    second_called = False
+
+    async def first_none(request):
+        return None
+
+    async def second_returns(request):
+        nonlocal second_called
+        second_called = True
+        return _ctx(email="second@example.com")
+
+    async def third_should_not_run(request):
+        raise AssertionError("third resolver should not run after a match")
+
+    app = await _build_app(
+        db_state,
+        principal_resolvers=[first_none, second_returns, third_should_not_run],
+    )
+    transport = httpx.ASGITransport(app=app)
+    async with httpx.AsyncClient(transport=transport, base_url="http://testserver") as client:
+        resp = await client.get("/dashboard")
+
+    assert resp.status_code == 200
+    assert resp.json()["user"]["email"] == "second@example.com"
+    assert second_called
+
+
+@pytest.mark.anyio
+async def test_all_resolvers_return_none_falls_through_to_redirect(db_state):
+    """When every resolver returns None for a view route → 302 to /users/login."""
+
+    async def none_resolver(request):
+        return None
+
+    app = await _build_app(db_state, principal_resolvers=[none_resolver])
+    transport = httpx.ASGITransport(app=app)
+    async with httpx.AsyncClient(transport=transport, base_url="http://testserver") as client:
+        resp = await client.get("/dashboard", follow_redirects=False)
+
+    assert resp.status_code == 302
+    assert resp.headers["location"] == "/users/login"
+
+
+@pytest.mark.anyio
+async def test_resolver_raising_does_not_crash_middleware(db_state, caplog):
+    """A resolver that raises is logged and the chain continues to the next."""
+    import logging
+
+    async def boom(request):
+        raise RuntimeError("resolver kaboom")
+
+    async def fallback(request):
+        return _ctx(email="fallback@example.com")
+
+    app = await _build_app(db_state, principal_resolvers=[boom, fallback])
+    transport = httpx.ASGITransport(app=app)
+    with caplog.at_level(logging.ERROR, logger="users.middleware"):
+        async with httpx.AsyncClient(transport=transport, base_url="http://testserver") as client:
+            resp = await client.get("/dashboard")
+
+    assert resp.status_code == 200
+    assert resp.json()["user"]["email"] == "fallback@example.com"
+    assert any("resolver" in rec.message.lower() for rec in caplog.records)
+
+
+@pytest.mark.anyio
+async def test_api_path_unauthenticated_returns_401_json(db_state):
+    """Unauthenticated /api/private should return 401 JSON, not a 302 redirect."""
+    app = await _build_app(db_state)
+    transport = httpx.ASGITransport(app=app)
+    async with httpx.AsyncClient(transport=transport, base_url="http://testserver") as client:
+        resp = await client.get("/api/private-thing", follow_redirects=False)
+
+    assert resp.status_code == 401
+    assert resp.headers["content-type"].startswith("application/json")
+    assert resp.json() == {"detail": "Not authenticated"}
+
+
+@pytest.mark.anyio
+async def test_view_path_unauthenticated_still_redirects(db_state):
+    """View routes (non-/api/*) keep the existing 302-to-login behavior."""
+    app = await _build_app(db_state)
+    transport = httpx.ASGITransport(app=app)
+    async with httpx.AsyncClient(transport=transport, base_url="http://testserver") as client:
+        resp = await client.get("/dashboard", follow_redirects=False)
+
+    assert resp.status_code == 302
+    assert resp.headers["location"] == "/users/login"
+
+
+@pytest.mark.anyio
+async def test_session_wins_over_resolver(db_state, mw_active_user):
+    """A valid session cookie short-circuits — the resolver chain is not consulted."""
+    resolver_called = False
+
+    async def should_not_run(request):
+        nonlocal resolver_called
+        resolver_called = True
+        return _ctx(email="should-not-win@example.com")
+
+    app = await _build_app(db_state, principal_resolvers=[should_not_run])
+    transport = httpx.ASGITransport(app=app)
+    cookies = _session_cookie({"user_id": str(mw_active_user.id)})
+    async with httpx.AsyncClient(
+        transport=transport, base_url="http://testserver", cookies=cookies
+    ) as client:
+        resp = await client.get("/dashboard")
+
+    assert resp.status_code == 200
+    assert resp.json()["user"]["email"] == "middleware-test@example.com"
+    assert resolver_called is False
+
+
+@pytest.mark.anyio
+async def test_resolver_does_not_write_session(db_state):
+    """Resolver-authenticated requests must not persist anything to the session."""
+    captured = {}
+
+    async def capture(request: Request):
+        captured["session"] = dict(request.session)
+        user = getattr(request.state, "user", None)
+        return JSONResponse({"authenticated": user is not None})
+
+    async def stub_resolver(request):
+        return _ctx()
+
+    app = await _build_app(db_state, capture, principal_resolvers=[stub_resolver])
+    transport = httpx.ASGITransport(app=app)
+    async with httpx.AsyncClient(transport=transport, base_url="http://testserver") as client:
+        resp = await client.get("/dashboard")
+
+    assert resp.status_code == 200
+    assert resp.json() == {"authenticated": True}
+    # Session must not contain a user_id, user_ctx, or anything resolver-added.
+    assert "user_id" not in captured["session"]
+    assert "user_ctx" not in captured["session"]

{simple_module_users-0.0.14 → simple_module_users-0.0.16}/tests/test_views.py

@@ -112,6 +112,15 @@ class TestLoginPage:
             {"label": "User", "email": "user@example.com", "password": "UserPass1!"},
         ]
 
+    @pytest.mark.anyio
+    async def test_login_redirect_url_is_dashboard_when_installed(self, anon_client):
+        """Regression for #173: with Dashboard installed, prop stays /dashboard/."""
+        resp = await anon_client.get(
+            "/users/login",
+            headers={"X-Inertia": "true", "X-Inertia-Version": "1.0"},
+        )
+        assert resp.json()["props"]["login_redirect_url"] == "/dashboard/"
+
 
 class TestRegisterPage:
     @pytest.mark.anyio
@@ -241,3 +250,28 @@ async def test_roles_payload_returns_id_name_dicts(users_app):
     names = [item["name"] for item in payload]
     assert "admin" in names
     assert "user" in names
+
+
+@pytest.mark.anyio
+async def test_login_redirect_fallback_without_dashboard(users_app):
+    """Regression for #173: without Dashboard, redirect falls back to
+    the first sibling module view_prefix, not ``/`` (which may 404)."""
+    sm = users_app.state.sm
+    original = sm.modules
+    no_dash = tuple(m for m in original if m.meta.name != "Dashboard")
+    assert len(no_dash) < len(original), "test setup: Dashboard should exist"
+
+    settings = users_app.state.users.settings
+    settings.login_redirect_url = "/dashboard/"
+    object.__setattr__(sm, "modules", no_dash)
+    try:
+        from users.module import UsersModule
+
+        mod = UsersModule()
+        await mod.on_startup(users_app)
+        url = settings.login_redirect_url
+        assert url != "/", "must not fall back to / (may 404)"
+        assert url.startswith("/"), "must be an absolute path"
+        assert url.endswith("/"), "must have trailing slash"
+    finally:
+        object.__setattr__(sm, "modules", original)

{simple_module_users-0.0.14 → simple_module_users-0.0.16}/users/middleware.py

@@ -24,7 +24,7 @@ from simple_module_db.listeners import current_user_id
 from sqlalchemy import select
 from sqlalchemy.orm import selectinload
 from starlette.requests import Request
-from starlette.responses import RedirectResponse
+from starlette.responses import JSONResponse, RedirectResponse
 from starlette.types import ASGIApp, Receive, Scope, Send
 
 from users.constants import SESSION_USER_ID_KEY
@@ -37,6 +37,8 @@ _SESSION_USER_ID_KEY = SESSION_USER_ID_KEY
 _SESSION_NEXT_KEY = "next"
 _SCOPE_HTTP = "http"
 _LOGIN_REDIRECT = "/users/login"
+_API_PATH_PREFIX = "/api/"
+_UNAUTH_DETAIL = "Not authenticated"
 
 # Paths that don't require authentication.
 PUBLIC_PATHS = (
@@ -102,10 +104,33 @@ class AuthMiddleware:
                     else:
                         session[SESSION_USER_CTX_KEY] = user_ctx.to_session_dict()
 
+        # Fall-through: registered principal resolvers (PAT, API key, ...).
+        # The session-cookie path above is authoritative; resolvers only run
+        # when no session-authenticated user was resolved.
+        if user_ctx is None:
+            auth_state = getattr(scope["app"].state, "auth", None)
+            resolvers = getattr(auth_state, "principal_resolvers", ()) if auth_state else ()
+            if resolvers:
+                request = Request(scope)
+                for resolver in resolvers:
+                    try:
+                        user_ctx = await resolver(request)
+                    except Exception:
+                        logger.exception(
+                            "Principal resolver %r raised; treating as no-match",
+                            resolver,
+                        )
+                        continue
+                    if user_ctx is not None:
+                        break
+
         if user_ctx is None and not is_public:
-            request = Request(scope)
-            session[_SESSION_NEXT_KEY] = str(request.url)
-            response = RedirectResponse(_LOGIN_REDIRECT, status_code=302)
+            if path.startswith(_API_PATH_PREFIX):
+                response = JSONResponse({"detail": _UNAUTH_DETAIL}, status_code=401)
+            else:
+                request = Request(scope)
+                session[_SESSION_NEXT_KEY] = str(request.url)
+                response = RedirectResponse(_LOGIN_REDIRECT, status_code=302)
             await response(scope, receive, send)
             return
 

{simple_module_users-0.0.14 → simple_module_users-0.0.16}/users/module.py

@@ -187,13 +187,24 @@ class UsersModule(ModuleBase):
         )
         state.oauth_providers = enabled_provider_names(s)
 
-        # Auto-fall-back from the default ``/dashboard/`` to ``/`` when the
-        # Dashboard module isn't installed, so ``--preset minimal`` doesn't
-        # 404 on login. Operator-set overrides are preserved.
+        # Auto-fall-back when the default ``/dashboard/`` target is
+        # unreachable because the Dashboard module isn't installed (e.g.
+        # ``--preset minimal`` or apps like smpy_gis that omit it).
+        # Pick the first sibling module that exposes view routes instead
+        # of hard-coding ``/`` which may itself 404 (#173). Operator-set
+        # overrides are always preserved.
         if s.login_redirect_url == "/dashboard/" and not any(
             m.meta.name == "Dashboard" for m in app.state.sm.modules
         ):
-            s.login_redirect_url = "/"
+            first_view = next(
+                (
+                    m.meta.view_prefix
+                    for m in app.state.sm.modules
+                    if m.meta.view_prefix and m.meta.name != self.meta.name
+                ),
+                None,
+            )
+            s.login_redirect_url = f"{first_view}/" if first_view else "/"
 
         reconfigure_cookie_transport(auth_backend, s)
 

{simple_module_users-0.0.14 → simple_module_users-0.0.16}/users/pages/AcceptInvite.tsx

@@ -1,4 +1,4 @@
-import { router, usePage } from '@inertiajs/react';
+import { Head, router, usePage } from '@inertiajs/react';
 import { Button } from '@simple-module-py/ui/components/ui/button';
 import { Input } from '@simple-module-py/ui/components/ui/input';
 import { Label } from '@simple-module-py/ui/components/ui/label';
@@ -55,6 +55,7 @@ function AcceptInvite() {
 
   return (
     <AuthCardShell>
+      <Head title="Accept Invite" />
       <div className="flex items-start gap-3 rounded-xl border border-primary-200 bg-primary-50 p-3 text-sm text-primary-800">
         <CheckCircle2 className="mt-0.5 h-4 w-4 shrink-0" aria-hidden="true" />
         <div>

{simple_module_users-0.0.14 → simple_module_users-0.0.16}/users/pages/ForgotPassword.tsx

@@ -1,3 +1,4 @@
+import { Head } from '@inertiajs/react';
 import { Button } from '@simple-module-py/ui/components/ui/button';
 import { Input } from '@simple-module-py/ui/components/ui/input';
 import { Label } from '@simple-module-py/ui/components/ui/label';
@@ -50,6 +51,7 @@ function ForgotPassword() {
 
   return (
     <AuthCardShell>
+      <Head title="Forgot Password" />
       <h1 className="mb-1.5 text-[22px] font-bold tracking-tight font-[var(--font-display)] text-foreground">
         Forgot password
       </h1>

{simple_module_users-0.0.14 → simple_module_users-0.0.16}/users/pages/Login.tsx

@@ -1,4 +1,4 @@
-import { router, usePage } from '@inertiajs/react';
+import { Head, router, usePage } from '@inertiajs/react';
 import { Button } from '@simple-module-py/ui/components/ui/button';
 import { Input } from '@simple-module-py/ui/components/ui/input';
 import { Label } from '@simple-module-py/ui/components/ui/label';
@@ -87,6 +87,7 @@ function Login() {
 
   return (
     <AuthCardShell>
+      <Head title="Login" />
       <h1 className="mb-1.5 text-[22px] font-bold tracking-tight font-[var(--font-display)] text-foreground">
         Welcome back
       </h1>
@@ -194,7 +195,6 @@ function Login() {
                 onClick={() => {
                   setEmail(acct.email);
                   setPassword(acct.password);
-                  submitLogin(acct.email, acct.password);
                 }}
               >
                 {acct.label}

simple_module_users-0.0.16/users/pages/Profile.tsx

@@ -0,0 +1,154 @@
+import { Head, usePage } from '@inertiajs/react';
+import { PageShell } from '@simple-module-py/ui/components/PageShell';
+import { SectionTitle } from '@simple-module-py/ui/components/SectionTitle';
+import { Badge } from '@simple-module-py/ui/components/ui/badge';
+import { Button } from '@simple-module-py/ui/components/ui/button';
+import { Card, CardContent } from '@simple-module-py/ui/components/ui/card';
+import { Input } from '@simple-module-py/ui/components/ui/input';
+import { Label } from '@simple-module-py/ui/components/ui/label';
+import { AuthenticatedLayout } from '@simple-module-py/ui/layouts/AuthenticatedLayout';
+import { useState } from 'react';
+import { toast } from 'sonner';
+
+interface AuthUser {
+  id: string;
+  email: string;
+  full_name: string | null;
+  is_verified: boolean;
+  roles: string[];
+}
+
+interface SharedProps {
+  auth: {
+    user: AuthUser | null;
+  };
+}
+
+function Profile() {
+  const { auth } = usePage<{ props: SharedProps }>().props as unknown as SharedProps;
+  const user = auth?.user;
+
+  const [fullName, setFullName] = useState(user?.full_name ?? '');
+  const [saving, setSaving] = useState(false);
+
+  const handleSubmit = (e: React.FormEvent) => {
+    e.preventDefault();
+    setSaving(true);
+    fetch('/api/users/me', {
+      method: 'PATCH',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({ full_name: fullName }),
+    })
+      .then(async (res) => {
+        if (res.ok) {
+          toast.success('Profile updated');
+        } else {
+          const data = await res.json().catch(() => ({}));
+          toast.error(typeof data?.detail === 'string' ? data.detail : 'Failed to update profile');
+        }
+      })
+      .catch(() => toast.error('An error occurred'))
+      .finally(() => setSaving(false));
+  };
+
+  if (!user) {
+    return null;
+  }
+
+  const initial = (user.full_name || user.email).charAt(0).toUpperCase();
+
+  return (
+    <>
+      <Head title="Profile" />
+      <PageShell title="Your profile" description="Shown to teammates in audit logs and dropdowns.">
+        <Card className="max-w-2xl border-border">
+          <CardContent className="pt-6">
+            <SectionTitle>Account</SectionTitle>
+            <div className="mb-5 flex items-center gap-4">
+              <span className="inline-flex h-16 w-16 items-center justify-center rounded-full bg-gradient-to-br from-primary-600 to-primary-800 text-2xl font-bold text-white shadow-md font-[var(--font-display)]">
+                {initial}
+              </span>
+              <div>
+                <Button type="button" size="sm" variant="outline">
+                  Upload avatar
+                </Button>
+                <div className="mt-1.5 text-xs text-muted-foreground">PNG or JPG, up to 2MB.</div>
+              </div>
+            </div>
+            <form onSubmit={handleSubmit} className="grid gap-4 sm:grid-cols-2">
+              <div className="space-y-1.5 sm:col-span-2">
+                <Label htmlFor="email" className="text-sm font-medium text-muted-foreground">
+                  Email
+                </Label>
+                <div className="flex items-center gap-2">
+                  <Input
+                    id="email"
+                    type="email"
+                    value={user.email}
+                    readOnly
+                    className="bg-muted flex-1"
+                  />
+                  {user.is_verified ? (
+                    <Badge
+                      variant="outline"
+                      className="border-primary-200 bg-primary-50 text-primary-700"
+                    >
+                      verified
+                    </Badge>
+                  ) : (
+                    <Badge
+                      variant="outline"
+                      className="border-amber-200 bg-amber-50 text-amber-700"
+                    >
+                      unverified
+                    </Badge>
+                  )}
+                </div>
+              </div>
+
+              <div className="space-y-1.5 sm:col-span-2">
+                <Label htmlFor="full_name" className="text-sm font-medium text-muted-foreground">
+                  Display name
+                </Label>
+                <Input
+                  id="full_name"
+                  type="text"
+                  value={fullName}
+                  onChange={(e) => setFullName(e.target.value)}
+                  placeholder="Your name"
+                  maxLength={200}
+                />
+              </div>
+
+              {user.roles.length > 0 && (
+                <div className="space-y-1.5 sm:col-span-2">
+                  <Label className="text-sm font-medium text-muted-foreground">Roles</Label>
+                  <div className="flex flex-wrap gap-1.5">
+                    {user.roles.map((role) => (
+                      <Badge
+                        key={role}
+                        variant="outline"
+                        className="border-primary-200 bg-primary-50 text-primary-700"
+                      >
+                        {role}
+                      </Badge>
+                    ))}
+                  </div>
+                </div>
+              )}
+
+              <div className="sm:col-span-2 flex justify-end">
+                <Button type="submit" disabled={saving}>
+                  {saving ? 'Saving…' : 'Save changes'}
+                </Button>
+              </div>
+            </form>
+          </CardContent>
+        </Card>
+      </PageShell>
+    </>
+  );
+}
+
+Profile.layout = (page: React.ReactNode) => <AuthenticatedLayout>{page}</AuthenticatedLayout>;
+export default Profile;

{simple_module_users-0.0.14 → simple_module_users-0.0.16}/users/pages/Register.tsx

@@ -1,3 +1,4 @@
+import { Head } from '@inertiajs/react';
 import { Button } from '@simple-module-py/ui/components/ui/button';
 import { Input } from '@simple-module-py/ui/components/ui/input';
 import { Label } from '@simple-module-py/ui/components/ui/label';
@@ -72,6 +73,7 @@ function Register() {
 
   return (
     <AuthCardShell>
+      <Head title="Register" />
       <h1 className="mb-1.5 text-[22px] font-bold tracking-tight font-[var(--font-display)] text-foreground">
         Create your account
       </h1>

{simple_module_users-0.0.14 → simple_module_users-0.0.16}/users/pages/ResetPassword.tsx

@@ -1,4 +1,4 @@
-import { router, usePage } from '@inertiajs/react';
+import { Head, router, usePage } from '@inertiajs/react';
 import { Button } from '@simple-module-py/ui/components/ui/button';
 import { Input } from '@simple-module-py/ui/components/ui/input';
 import { Label } from '@simple-module-py/ui/components/ui/label';
@@ -54,6 +54,7 @@ function ResetPassword() {
 
   return (
     <AuthCardShell>
+      <Head title="Reset Password" />
       <h1 className="mb-1.5 text-[22px] font-bold tracking-tight font-[var(--font-display)] text-foreground">
         Reset password
       </h1>

{simple_module_users-0.0.14 → simple_module_users-0.0.16}/users/pages/VerifyEmail.tsx

@@ -1,4 +1,4 @@
-import { usePage } from '@inertiajs/react';
+import { Head, usePage } from '@inertiajs/react';
 import { Button } from '@simple-module-py/ui/components/ui/button';
 import { AuthCardShell } from '@simple-module-py/ui/layouts/AuthCardShell';
 import { CheckCircle2, Loader2, XCircle } from 'lucide-react';
@@ -103,6 +103,7 @@ function VerifyEmail() {
 
   return (
     <AuthCardShell>
+      <Head title="Verify Email" />
       <div className="flex flex-col items-center gap-3 text-center">
         <span className="inline-flex h-12 w-12 items-center justify-center rounded-full bg-secondary">
           <Icon className={`h-6 w-6 ${content.iconClass}`} aria-hidden="true" />

simple_module_users-0.0.14/users/pages/Profile.tsx

@@ -1,148 +0,0 @@
-import { usePage } from '@inertiajs/react';
-import { PageShell } from '@simple-module-py/ui/components/PageShell';
-import { SectionTitle } from '@simple-module-py/ui/components/SectionTitle';
-import { Badge } from '@simple-module-py/ui/components/ui/badge';
-import { Button } from '@simple-module-py/ui/components/ui/button';
-import { Card, CardContent } from '@simple-module-py/ui/components/ui/card';
-import { Input } from '@simple-module-py/ui/components/ui/input';
-import { Label } from '@simple-module-py/ui/components/ui/label';
-import { AuthenticatedLayout } from '@simple-module-py/ui/layouts/AuthenticatedLayout';
-import { useState } from 'react';
-import { toast } from 'sonner';
-
-interface AuthUser {
-  id: string;
-  email: string;
-  full_name: string | null;
-  is_verified: boolean;
-  roles: string[];
-}
-
-interface SharedProps {
-  auth: {
-    user: AuthUser | null;
-  };
-}
-
-function Profile() {
-  const { auth } = usePage<{ props: SharedProps }>().props as unknown as SharedProps;
-  const user = auth?.user;
-
-  const [fullName, setFullName] = useState(user?.full_name ?? '');
-  const [saving, setSaving] = useState(false);
-
-  const handleSubmit = (e: React.FormEvent) => {
-    e.preventDefault();
-    setSaving(true);
-    fetch('/api/users/me', {
-      method: 'PATCH',
-      headers: { 'Content-Type': 'application/json' },
-      body: JSON.stringify({ full_name: fullName }),
-    })
-      .then(async (res) => {
-        if (res.ok) {
-          toast.success('Profile updated');
-        } else {
-          const data = await res.json().catch(() => ({}));
-          toast.error(typeof data?.detail === 'string' ? data.detail : 'Failed to update profile');
-        }
-      })
-      .catch(() => toast.error('An error occurred'))
-      .finally(() => setSaving(false));
-  };
-
-  if (!user) {
-    return null;
-  }
-
-  const initial = (user.full_name || user.email).charAt(0).toUpperCase();
-
-  return (
-    <PageShell title="Your profile" description="Shown to teammates in audit logs and dropdowns.">
-      <Card className="max-w-2xl border-border">
-        <CardContent className="pt-6">
-          <SectionTitle>Account</SectionTitle>
-          <div className="mb-5 flex items-center gap-4">
-            <span className="inline-flex h-16 w-16 items-center justify-center rounded-full bg-gradient-to-br from-primary-600 to-primary-800 text-2xl font-bold text-white shadow-md font-[var(--font-display)]">
-              {initial}
-            </span>
-            <div>
-              <Button type="button" size="sm" variant="outline">
-                Upload avatar
-              </Button>
-              <div className="mt-1.5 text-xs text-muted-foreground">PNG or JPG, up to 2MB.</div>
-            </div>
-          </div>
-          <form onSubmit={handleSubmit} className="grid gap-4 sm:grid-cols-2">
-            <div className="space-y-1.5 sm:col-span-2">
-              <Label htmlFor="email" className="text-sm font-medium text-muted-foreground">
-                Email
-              </Label>
-              <div className="flex items-center gap-2">
-                <Input
-                  id="email"
-                  type="email"
-                  value={user.email}
-                  readOnly
-                  className="bg-muted flex-1"
-                />
-                {user.is_verified ? (
-                  <Badge
-                    variant="outline"
-                    className="border-primary-200 bg-primary-50 text-primary-700"
-                  >
-                    verified
-                  </Badge>
-                ) : (
-                  <Badge variant="outline" className="border-amber-200 bg-amber-50 text-amber-700">
-                    unverified
-                  </Badge>
-                )}
-              </div>
-            </div>
-
-            <div className="space-y-1.5 sm:col-span-2">
-              <Label htmlFor="full_name" className="text-sm font-medium text-muted-foreground">
-                Display name
-              </Label>
-              <Input
-                id="full_name"
-                type="text"
-                value={fullName}
-                onChange={(e) => setFullName(e.target.value)}
-                placeholder="Your name"
-                maxLength={200}
-              />
-            </div>
-
-            {user.roles.length > 0 && (
-              <div className="space-y-1.5 sm:col-span-2">
-                <Label className="text-sm font-medium text-muted-foreground">Roles</Label>
-                <div className="flex flex-wrap gap-1.5">
-                  {user.roles.map((role) => (
-                    <Badge
-                      key={role}
-                      variant="outline"
-                      className="border-primary-200 bg-primary-50 text-primary-700"
-                    >
-                      {role}
-                    </Badge>
-                  ))}
-                </div>
-              </div>
-            )}
-
-            <div className="sm:col-span-2 flex justify-end">
-              <Button type="submit" disabled={saving}>
-                {saving ? 'Saving…' : 'Save changes'}
-              </Button>
-            </div>
-          </form>
-        </CardContent>
-      </Card>
-    </PageShell>
-  );
-}
-
-Profile.layout = (page: React.ReactNode) => <AuthenticatedLayout>{page}</AuthenticatedLayout>;
-export default Profile;