From 2a8c4c4515d7609c454f4c2b78d8411692aa719e Mon Sep 17 00:00:00 2001 From: oliver Date: Mon, 8 Jun 2026 10:31:31 -0300 Subject: [PATCH] added email --- AGENTS.md | 2 +- password.html | 7 ++++--- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/AGENTS.md b/AGENTS.md index c5cbcca..af88fa5 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -341,7 +341,7 @@ Body: { email } Step 2 — save new password POST https://n8n.derez.ai/webhook/c2ce0eba-eb26-405d-8a90-8d982ec30698/update -Body: { token, password } +Body: { token, password, email } ``` **Step 1** is triggered from `index.html` when the user clicks **Send reset email** inside `#reset-pw-wrap` (visible only after a failed sign-in). The response is intentionally ignored and the sent-confirmation is always shown — this avoids revealing whether the email address exists. diff --git a/password.html b/password.html index f790395..ee01161 100644 --- a/password.html +++ b/password.html @@ -813,11 +813,12 @@ "https://n8n.derez.ai/webhook/c2ce0eba-eb26-405d-8a90-8d982ec30698/update"; const APP_URL = "https://app.derez.ai"; - /* ─── Extract token from URL ─────────────────────── */ + /* ─── Extract token + email from URL ──────────────── */ const params = new URLSearchParams(window.location.search); const token = params.get("token"); + const email = params.get("email") || ""; - /* ─── Init ───────────────────────────────────────── */ + /* ─── Init ───────────────────────────────────── */ if (!token || token.length < 8) { document.getElementById("invalid-state").style.display = "flex"; } else { @@ -910,7 +911,7 @@ const res = await fetch(RESET_URL, { method: "POST", headers: { "Content-Type": "application/json" }, - body: JSON.stringify({ token, password }), + body: JSON.stringify({ token, password, email }), }); if (!res.ok)