475b051e29
The client portal no longer uses passwordless / magic-link sign-in. Each
client now has a `portal_users` row with a scrypt-hashed password,
created by an admin from the client detail page; the admin's invite
mails an activation link that the client uses to set their own password.
Forgot-password is wired through the same token mechanism.
Schema (migration `0009_outgoing_rumiko_fujikawa.sql`):
- `portal_users` — one per client account, separate from the CRM
`users` table (better-auth) so the auth realms stay isolated. Email
is globally unique, password is null until activation.
- `portal_auth_tokens` — single-use activation / reset tokens. Stores
only the SHA-256 hash so a DB compromise never leaks live tokens.
Services:
- `src/lib/portal/passwords.ts` — scrypt hash/verify (no new deps;
uses node:crypto), token mint+hash helpers.
- `src/lib/services/portal-auth.service.ts` — createPortalUser,
resendActivation, activateAccount, signIn (timing-safe),
requestPasswordReset, resetPassword. Auth failures throw the new
UnauthorizedError (401); enumeration-safe behaviour everywhere.
Routes:
- POST /api/portal/auth/sign-in — sets the existing portal JWT cookie.
- POST /api/portal/auth/forgot-password — always 200.
- POST /api/portal/auth/reset-password — token + new password.
- POST /api/portal/auth/activate — token + initial password.
- POST /api/v1/clients/:id/portal-user — admin invite (and `?action=resend`).
- Removed: /api/portal/auth/request, /api/portal/auth/verify (magic link).
UI:
- /portal/login — replaced email-only magic-link form with email +
password + "forgot password" link.
- /portal/forgot-password, /portal/reset-password, /portal/activate — new.
- New shared `PasswordSetForm` component used by activate + reset.
- New `PortalInviteButton` rendered on the client detail header.
Email send:
- `createTransporter` now wires SMTP auth when SMTP_USER+SMTP_PASS are
set (gmail app-password or marina-server creds, configured via env).
- `SMTP_FROM` env var lets the sender address be overridden without
pinning it to `noreply@${SMTP_HOST}`.
Tests:
- Smoke spec 17 (client-portal) updated to the new flow: 7/7 green.
- Smoke specs 02-crud-spine, 05-invoices, 20-critical-path updated to
match the post-refactor client + invoice forms (drop companyName,
use OwnerPicker + billingEmail).
- Vitest 652/652 still green; type-check clean.
Drops the dead `requestMagicLink` from portal.service.ts.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
182 lines
5.8 KiB
TypeScript
182 lines
5.8 KiB
TypeScript
'use client';
|
|
|
|
import Link from 'next/link';
|
|
import { useSearchParams } from 'next/navigation';
|
|
import { useState } from 'react';
|
|
import { CheckCircle2, Loader2 } from 'lucide-react';
|
|
|
|
import { Button } from '@/components/ui/button';
|
|
import { Input } from '@/components/ui/input';
|
|
import { Label } from '@/components/ui/label';
|
|
|
|
interface PasswordSetFormProps {
|
|
/** API endpoint that accepts `{ token, password }` and sets / resets the password. */
|
|
endpoint: string;
|
|
title: string;
|
|
description: string;
|
|
successTitle: string;
|
|
successDescription: string;
|
|
submitLabel: string;
|
|
}
|
|
|
|
const MIN_LENGTH = 12;
|
|
|
|
/**
|
|
* Shared form used by both the activation and password-reset flows. The
|
|
* activation token is read from the `?token=` query string. Empty / missing
|
|
* tokens land the user in an explicit error state instead of submitting a
|
|
* doomed request.
|
|
*/
|
|
export function PasswordSetForm({
|
|
endpoint,
|
|
title,
|
|
description,
|
|
successTitle,
|
|
successDescription,
|
|
submitLabel,
|
|
}: PasswordSetFormProps) {
|
|
const search = useSearchParams();
|
|
const token = search.get('token') ?? '';
|
|
|
|
const [password, setPassword] = useState('');
|
|
const [confirm, setConfirm] = useState('');
|
|
const [loading, setLoading] = useState(false);
|
|
const [error, setError] = useState('');
|
|
const [done, setDone] = useState(false);
|
|
|
|
const tooShort = password.length > 0 && password.length < MIN_LENGTH;
|
|
const mismatch = confirm.length > 0 && password !== confirm;
|
|
const canSubmit = !!token && password.length >= MIN_LENGTH && password === confirm && !loading;
|
|
|
|
async function handleSubmit(e: React.FormEvent) {
|
|
e.preventDefault();
|
|
if (!canSubmit) return;
|
|
setLoading(true);
|
|
setError('');
|
|
try {
|
|
const res = await fetch(endpoint, {
|
|
method: 'POST',
|
|
headers: { 'Content-Type': 'application/json' },
|
|
body: JSON.stringify({ token, password }),
|
|
});
|
|
if (!res.ok) {
|
|
const data = await res.json().catch(() => ({}));
|
|
setError((data as { error?: string }).error ?? 'Something went wrong. Please try again.');
|
|
return;
|
|
}
|
|
setDone(true);
|
|
} catch {
|
|
setError('Unable to connect. Please try again.');
|
|
} finally {
|
|
setLoading(false);
|
|
}
|
|
}
|
|
|
|
if (!token) {
|
|
return (
|
|
<div className="min-h-screen flex items-center justify-center bg-gray-50 px-4">
|
|
<div className="w-full max-w-md text-center space-y-3">
|
|
<h1 className="text-xl font-semibold text-gray-900">Link is missing or invalid</h1>
|
|
<p className="text-sm text-gray-500">
|
|
Please use the link from the email we sent you. If the link is broken, request a new
|
|
one.
|
|
</p>
|
|
<Link
|
|
href="/portal/forgot-password"
|
|
className="inline-block text-sm text-[#1e2844] hover:underline"
|
|
>
|
|
Request a new link
|
|
</Link>
|
|
</div>
|
|
</div>
|
|
);
|
|
}
|
|
|
|
if (done) {
|
|
return (
|
|
<div className="min-h-screen flex items-center justify-center bg-gray-50 px-4">
|
|
<div className="w-full max-w-md text-center">
|
|
<div className="inline-flex items-center justify-center w-14 h-14 rounded-full bg-green-50 mb-4">
|
|
<CheckCircle2 className="h-7 w-7 text-green-600" />
|
|
</div>
|
|
<h1 className="text-xl font-semibold text-gray-900 mb-2">{successTitle}</h1>
|
|
<p className="text-gray-500 text-sm">{successDescription}</p>
|
|
<Link
|
|
href="/portal/login"
|
|
className="mt-6 inline-block text-sm text-[#1e2844] hover:underline"
|
|
>
|
|
Sign in
|
|
</Link>
|
|
</div>
|
|
</div>
|
|
);
|
|
}
|
|
|
|
return (
|
|
<div className="min-h-screen flex items-center justify-center bg-gray-50 px-4">
|
|
<div className="w-full max-w-sm">
|
|
<div className="bg-white rounded-lg border p-8 shadow-sm">
|
|
<div className="mb-6">
|
|
<h1 className="text-xl font-semibold text-gray-900">{title}</h1>
|
|
<p className="text-sm text-gray-500 mt-1">{description}</p>
|
|
</div>
|
|
|
|
<form onSubmit={handleSubmit} className="space-y-4">
|
|
<div className="space-y-1.5">
|
|
<Label htmlFor="password">New password</Label>
|
|
<Input
|
|
id="password"
|
|
type="password"
|
|
value={password}
|
|
onChange={(e) => setPassword(e.target.value)}
|
|
required
|
|
autoFocus
|
|
autoComplete="new-password"
|
|
minLength={MIN_LENGTH}
|
|
disabled={loading}
|
|
/>
|
|
<p className="text-xs text-gray-500">At least {MIN_LENGTH} characters.</p>
|
|
{tooShort && (
|
|
<p className="text-xs text-red-600">
|
|
Password must be at least {MIN_LENGTH} characters.
|
|
</p>
|
|
)}
|
|
</div>
|
|
|
|
<div className="space-y-1.5">
|
|
<Label htmlFor="confirm">Confirm password</Label>
|
|
<Input
|
|
id="confirm"
|
|
type="password"
|
|
value={confirm}
|
|
onChange={(e) => setConfirm(e.target.value)}
|
|
required
|
|
autoComplete="new-password"
|
|
disabled={loading}
|
|
/>
|
|
{mismatch && <p className="text-xs text-red-600">Passwords don't match.</p>}
|
|
</div>
|
|
|
|
{error && <p className="text-sm text-red-600">{error}</p>}
|
|
|
|
<Button
|
|
type="submit"
|
|
className="w-full bg-[#1e2844] hover:bg-[#1e2844]/90 text-white"
|
|
disabled={!canSubmit}
|
|
>
|
|
{loading ? (
|
|
<>
|
|
<Loader2 className="h-4 w-4 mr-2 animate-spin" />
|
|
Saving…
|
|
</>
|
|
) : (
|
|
submitLabel
|
|
)}
|
|
</Button>
|
|
</form>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
);
|
|
}
|