From 88d4a2d87f66698339d45cf6ad213a72b2b1b864 Mon Sep 17 00:00:00 2001 From: oliver Date: Mon, 8 Jun 2026 10:17:16 -0300 Subject: [PATCH] password --- AGENTS.md | 15 +- password.html | 579 +++++++++++++++++++++++++++++++++++++------------- 2 files changed, 437 insertions(+), 157 deletions(-) diff --git a/AGENTS.md b/AGENTS.md index e5dc0c6..c5cbcca 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -25,7 +25,7 @@ Single-page user portal for **derez.ai** — lets customers sign up, log in, and index.html ← all markup — auth card + app shell + confirm dialog styles.css ← all styles — design tokens, layout, components app.js ← all logic — auth, agents, keys, password, restart, backups, contract -password-reset.html ← standalone page — receives ?token=XXX, sets new password, redirects to app +password.html ← standalone page — receives ?token=XXX, sets new password, redirects to app start ← dev server launcher (live-server) AGENTS.md ← this file style_guide.md ← visual design spec (tokens, typography, components) @@ -93,7 +93,7 @@ Password Reset — step 1 (auth screen) always → hide signin-error → show #reset-pw-sent confirmation (response not checked — never reveal whether address exists) -Password Reset — step 2 (password-reset.html?token=XXX) +Password Reset — step 2 (password.html?token=XXX) └── token missing or < 8 chars → show invalid-state token valid → show password form POST PW_RESET_URL {token, password} @@ -335,15 +335,18 @@ The agent info GET response (webhook 6) drives wizard visibility: if the respons ### 10 · Password Reset ``` +Step 1 — request reset email POST https://n8n.derez.ai/webhook/c2ce0eba-eb26-405d-8a90-8d982ec30698 -Body (step 1 — request email): { email } -Body (step 2 — save new password): { token, password } +Body: { email } + +Step 2 — save new password +POST https://n8n.derez.ai/webhook/c2ce0eba-eb26-405d-8a90-8d982ec30698/update +Body: { token, password } ``` -The same endpoint handles both steps — the presence of `token` distinguishes them. **Step 1** is triggered from `index.html` when the user clicks **Send reset email** inside `#reset-pw-wrap` (visible only after a failed sign-in). The response is intentionally ignored and the sent-confirmation is always shown — this avoids revealing whether the email address exists. -**Step 2** is handled entirely by `password-reset.html`, which: +**Step 2** is handled entirely by `password.html`, which: - Reads `?token=XXX` from the URL on load; shows an invalid-state if absent. - Requires both password fields to match and be ≥ 8 characters before enabling Save. - On 200 response shows a success state with a 2 s animated progress bar then redirects to `https://app.derez.ai`. diff --git a/password.html b/password.html index a5adec4..f790395 100644 --- a/password.html +++ b/password.html @@ -6,25 +6,31 @@ derez.ai — Reset Password
-