password
This commit is contained in:
@@ -25,7 +25,7 @@ Single-page user portal for **derez.ai** — lets customers sign up, log in, and
|
||||
index.html ← all markup — auth card + app shell + confirm dialog
|
||||
styles.css ← all styles — design tokens, layout, components
|
||||
app.js ← all logic — auth, agents, keys, password, restart, backups, contract
|
||||
password-reset.html ← standalone page — receives ?token=XXX, sets new password, redirects to app
|
||||
password.html ← standalone page — receives ?token=XXX, sets new password, redirects to app
|
||||
start ← dev server launcher (live-server)
|
||||
AGENTS.md ← this file
|
||||
style_guide.md ← visual design spec (tokens, typography, components)
|
||||
@@ -93,7 +93,7 @@ Password Reset — step 1 (auth screen)
|
||||
always → hide signin-error → show #reset-pw-sent confirmation
|
||||
(response not checked — never reveal whether address exists)
|
||||
|
||||
Password Reset — step 2 (password-reset.html?token=XXX)
|
||||
Password Reset — step 2 (password.html?token=XXX)
|
||||
└── token missing or < 8 chars → show invalid-state
|
||||
token valid → show password form
|
||||
POST PW_RESET_URL {token, password}
|
||||
@@ -335,15 +335,18 @@ The agent info GET response (webhook 6) drives wizard visibility: if the respons
|
||||
|
||||
### 10 · Password Reset
|
||||
```
|
||||
Step 1 — request reset email
|
||||
POST https://n8n.derez.ai/webhook/c2ce0eba-eb26-405d-8a90-8d982ec30698
|
||||
Body (step 1 — request email): { email }
|
||||
Body (step 2 — save new password): { token, password }
|
||||
Body: { email }
|
||||
|
||||
Step 2 — save new password
|
||||
POST https://n8n.derez.ai/webhook/c2ce0eba-eb26-405d-8a90-8d982ec30698/update
|
||||
Body: { token, password }
|
||||
```
|
||||
The same endpoint handles both steps — the presence of `token` distinguishes them.
|
||||
|
||||
**Step 1** is triggered from `index.html` when the user clicks **Send reset email** inside `#reset-pw-wrap` (visible only after a failed sign-in). The response is intentionally ignored and the sent-confirmation is always shown — this avoids revealing whether the email address exists.
|
||||
|
||||
**Step 2** is handled entirely by `password-reset.html`, which:
|
||||
**Step 2** is handled entirely by `password.html`, which:
|
||||
- Reads `?token=XXX` from the URL on load; shows an invalid-state if absent.
|
||||
- Requires both password fields to match and be ≥ 8 characters before enabling Save.
|
||||
- On 200 response shows a success state with a 2 s animated progress bar then redirects to `https://app.derez.ai`.
|
||||
|
||||
Reference in New Issue
Block a user