This commit is contained in:
oliver
2026-06-08 10:17:16 -03:00
parent 3ab1498e0d
commit 88d4a2d87f
2 changed files with 437 additions and 157 deletions
+9 -6
View File
@@ -25,7 +25,7 @@ Single-page user portal for **derez.ai** — lets customers sign up, log in, and
index.html ← all markup — auth card + app shell + confirm dialog
styles.css ← all styles — design tokens, layout, components
app.js ← all logic — auth, agents, keys, password, restart, backups, contract
password-reset.html ← standalone page — receives ?token=XXX, sets new password, redirects to app
password.html ← standalone page — receives ?token=XXX, sets new password, redirects to app
start ← dev server launcher (live-server)
AGENTS.md ← this file
style_guide.md ← visual design spec (tokens, typography, components)
@@ -93,7 +93,7 @@ Password Reset — step 1 (auth screen)
always → hide signin-error → show #reset-pw-sent confirmation
(response not checked — never reveal whether address exists)
Password Reset — step 2 (password-reset.html?token=XXX)
Password Reset — step 2 (password.html?token=XXX)
└── token missing or < 8 chars → show invalid-state
token valid → show password form
POST PW_RESET_URL {token, password}
@@ -335,15 +335,18 @@ The agent info GET response (webhook 6) drives wizard visibility: if the respons
### 10 · Password Reset
```
Step 1 — request reset email
POST https://n8n.derez.ai/webhook/c2ce0eba-eb26-405d-8a90-8d982ec30698
Body (step 1 — request email): { email }
Body (step 2 — save new password): { token, password }
Body: { email }
Step 2 — save new password
POST https://n8n.derez.ai/webhook/c2ce0eba-eb26-405d-8a90-8d982ec30698/update
Body: { token, password }
```
The same endpoint handles both steps — the presence of `token` distinguishes them.
**Step 1** is triggered from `index.html` when the user clicks **Send reset email** inside `#reset-pw-wrap` (visible only after a failed sign-in). The response is intentionally ignored and the sent-confirmation is always shown — this avoids revealing whether the email address exists.
**Step 2** is handled entirely by `password-reset.html`, which:
**Step 2** is handled entirely by `password.html`, which:
- Reads `?token=XXX` from the URL on load; shows an invalid-state if absent.
- Requires both password fields to match and be ≥ 8 characters before enabling Save.
- On 200 response shows a success state with a 2 s animated progress bar then redirects to `https://app.derez.ai`.