Update Portal auth flow state
This commit is contained in:
parent
1fccec5753
commit
d151c654ab
@ -48,7 +48,18 @@ This file records what is implemented now.
|
||||
|
||||
## Billing / auth / onboarding
|
||||
- billing UI alignment exists with the newer billing state model.
|
||||
- forgot/reset password flow exists.
|
||||
- forgot/reset password flow exists:
|
||||
- login includes a `Forgot password?` link to `/forgot-password`
|
||||
- `/forgot-password` posts `{ email }` to `POST /api/auth/password-reset/request`
|
||||
- the Portal always shows `If the account exists, a reset link has been sent.` for account-lookup-style responses
|
||||
- `/reset-password?token=...` reads `token`, validates 8+ character password and confirmation match, then posts `{ token, password }` to `POST /api/auth/password-reset/confirm`
|
||||
- missing, invalid, or expired reset tokens show `This reset link is invalid or has expired.`
|
||||
- successful reset does not auto-login; Portal leaves the user with login navigation
|
||||
- profile change-password UI exists:
|
||||
- profile includes current password, new password, and confirm new password fields
|
||||
- client validation requires an 8+ character new password and matching confirmation
|
||||
- submit uses authenticated `POST /api/auth/change-password` with `{ currentPassword, newPassword }`
|
||||
- successful change clears the password fields and reports success without changing login/session state
|
||||
- first-login onboarding flow exists.
|
||||
- Next 16 / current TypeScript cleanup included fixes around nullable normalization and search-param/Suspense usage in affected pages/components.
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user