letsbe/pn-new-crm
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
cd829583076686fbe0fbaf40b293498453012ec0
pn-new-crm/src/app/(auth)/set-password/page.tsx
Matt 7476eabec6 feat(form-error-ux): adopt useFormScrollToError + FormErrorSummary across remaining 10 forms 
Completes the form-error rollout the prior session shipped on the 6
highest-impact forms (client/interest/yacht/company/berth/expense). Adds
the scroll-to-first-error wrapper + the top-of-form summary banner to:

- src/app/(auth)/login/page.tsx
- src/app/(auth)/reset-password/page.tsx
- src/app/(auth)/set-password/page.tsx
- src/app/(auth)/setup/page.tsx
- src/app/(dashboard)/[portSlug]/invoices/new/page.tsx
- src/components/berths/berth-detail-header.tsx (status-change dialog)
- src/components/companies/add-membership-dialog.tsx
- src/components/invoices/invoice-detail.tsx (record-payment form)
- src/components/reservations/berth-reserve-dialog.tsx
- src/components/yachts/yacht-transfer-dialog.tsx

Each call site: hook wraps handleSubmit, FormErrorSummary renders only
when 2+ errors fire (no visual change otherwise), and per-form `labels`
prop translates field names to human-readable strings. invoice-line-items
is a sub-form via useFormContext, so it inherits from the parent.

1471/1471 vitest, tsc clean.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-25 13:26:04 +02:00

202 lines
6.6 KiB
TypeScript
Raw Blame History

'use client';
import { Suspense, useState, useSyncExternalStore } from 'react';
import Link from 'next/link';
import { useRouter } from 'next/navigation';
import { useForm } from 'react-hook-form';
import { zodResolver } from '@hookform/resolvers/zod';
import { z } from 'zod';
import { toast } from 'sonner';
import { cn } from '@/lib/utils';
import { Button } from '@/components/ui/button';
import { Input } from '@/components/ui/input';
import { Label } from '@/components/ui/label';
import { BrandedAuthShell } from '@/components/shared/branded-auth-shell';
import { FormErrorSummary } from '@/components/forms/form-error-summary';
import { useFormScrollToError } from '@/hooks/use-form-scroll-to-error';
const MIN_LENGTH = 9;
const passwordSchema = z
.object({
password: z.string().min(MIN_LENGTH, `Must be at least ${MIN_LENGTH} characters`),
confirmPassword: z.string().min(1, 'Please confirm your password'),
})
.refine((data) => data.password === data.confirmPassword, {
message: 'Passwords do not match',
path: ['confirmPassword'],
});
type SetPasswordFormData = z.infer<typeof passwordSchema>;
/**
* H-03: tokens travel in the URL fragment (`#token=…`) so they never land
* in HTTP access logs or HTTP-Referer headers. Pre-fragment links still
* carry `?token=…` and stay functional until every outstanding invite
* expires - drop the `?token=` fallback after that grace period.
*/
function readTokenFromUrl(): string {
if (typeof window === 'undefined') return '';
const hash = window.location.hash.replace(/^#/, '');
if (hash) {
const params = new URLSearchParams(hash);
const fromFragment = params.get('token');
if (fromFragment) return fromFragment;
}
const search = new URLSearchParams(window.location.search);
return search.get('token') ?? '';
}
const subscribeNoop = () => () => undefined;
function SetPasswordInner() {
const router = useRouter();
// useSyncExternalStore so the fragment-only token is read post-hydration
// (server snapshot returns null; client returns the actual value).
const token = useSyncExternalStore<string | null>(
subscribeNoop,
() => readTokenFromUrl(),
() => null,
);
const [isLoading, setIsLoading] = useState(false);
const {
register,
handleSubmit,
formState: { errors },
} = useForm<SetPasswordFormData>({
resolver: zodResolver(passwordSchema),
});
const submitWithScroll = useFormScrollToError(handleSubmit, errors);
async function onSubmit(data: SetPasswordFormData) {
if (!token) {
toast.error('Invalid or missing reset token. Please request a new link.');
return;
}
setIsLoading(true);
try {
const response = await fetch('/api/auth/set-password', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ token, password: data.password }),
});
if (!response.ok) {
const body = (await response.json().catch(() => ({}))) as {
message?: string;
error?: string;
};
toast.error(body.message ?? body.error ?? 'Failed to set password. Please try again.');
return;
}
toast.success('Password set successfully. You can now sign in.');
router.push('/login');
} catch {
toast.error('Something went wrong. Please try again.');
} finally {
setIsLoading(false);
}
}
// Pre-hydration: token is null. Show a loading placeholder so the user
// doesn't see a flash of "Link is missing" while the fragment is being
// read on the client.
if (token === null) {
return (
<BrandedAuthShell>
<div role="status" aria-live="polite" className="text-center text-sm text-gray-500">
Loading
</div>
</BrandedAuthShell>
);
}
if (!token) {
return (
<BrandedAuthShell>
<div className="text-center space-y-3">
<h1 className="text-xl font-semibold text-gray-900">Link is missing or invalid</h1>
<p className="text-sm text-gray-500">
Please use the link from the email we sent you. If the link is broken, ask your
administrator for a new one.
</p>
<Link
href="/login"
className="inline-block text-sm text-[#0058b3] underline-offset-2 underline hover:no-underline"
>
Back to sign in
</Link>
</div>
</BrandedAuthShell>
);
}
return (
<BrandedAuthShell>
<div className="text-center mb-6">
<h1 className="text-xl font-semibold text-gray-900">Set your password</h1>
<p className="text-sm text-gray-500 mt-1">Choose a password for your CRM account</p>
</div>
<form onSubmit={submitWithScroll(onSubmit)} className="space-y-4" noValidate>
<FormErrorSummary
errors={errors}
labels={{ password: 'Password', confirmPassword: 'Confirm password' }}
/>
<div className="space-y-1.5">
<Label htmlFor="password">New password</Label>
<Input
id="password"
type="password"
autoComplete="new-password"
disabled={isLoading}
aria-describedby="password-hint"
className={cn(errors.password && 'border-destructive focus-visible:ring-destructive')}
{...register('password')}
/>
<p id="password-hint" className="text-xs text-gray-500">
At least {MIN_LENGTH} characters.
</p>
{errors.password && <p className="text-sm text-destructive">{errors.password.message}</p>}
</div>
<div className="space-y-1.5">
<Label htmlFor="confirmPassword">Confirm password</Label>
<Input
id="confirmPassword"
type="password"
autoComplete="new-password"
disabled={isLoading}
className={cn(
errors.confirmPassword && 'border-destructive focus-visible:ring-destructive',
)}
{...register('confirmPassword')}
/>
{errors.confirmPassword && (
<p className="text-sm text-destructive">{errors.confirmPassword.message}</p>
)}
</div>
<Button
type="submit"
className="w-full bg-[#007bff] hover:bg-[#0069d9] text-white"
disabled={isLoading}
>
{isLoading ? 'Setting password…' : 'Set password'}
</Button>
</form>
</BrandedAuthShell>
);
}
export default function SetPasswordPage() {
return (
<Suspense fallback={<BrandedAuthShell>{null}</BrandedAuthShell>}>
<SetPasswordInner />
</Suspense>
);
}
Reference in New Issue View Git Blame Copy Permalink