ryan/lunarfront-app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: password reset flow with welcome emails #9

Merged
ryan merged 1 commits from feature/password-reset into main 2026-04-05 17:12:07 +00:00
Conversation 0 Commits 1 Files Changed 10 +491 -59
ryan commented 2026-04-05 17:10:03 +00:00
Owner
Copy Link

Summary

  • POST /auth/forgot-password with welcome/reset email templates (?type=welcome)
  • Per-email rate limiting (3/hr via Valkey), no user enumeration on any auth endpoint
  • Login page "Forgot password?" inline form
  • /reset-password page for setting password from email link
  • Initial user seed now sends welcome email (no password in env vars)
  • CLI script src/scripts/reset-password.ts for force-reset via kubectl exec
  • APP_URL env var added to chart, INITIAL_USER_PASSWORD removed
  • 4-hour token expiry for all reset links

Test plan

  • Forgot password from login page sends email, always shows generic success
  • Reset password page sets new password and redirects to login
  • Expired/invalid tokens show error
  • Rate limit: >3 resets per email per hour silently drops
  • Initial user seed on fresh deploy sends welcome email
  • Manager resend-welcome sends welcome template via kebab menu

🤖 Generated with Claude Code

## Summary - `POST /auth/forgot-password` with welcome/reset email templates (`?type=welcome`) - Per-email rate limiting (3/hr via Valkey), no user enumeration on any auth endpoint - Login page "Forgot password?" inline form - `/reset-password` page for setting password from email link - Initial user seed now sends welcome email (no password in env vars) - CLI script `src/scripts/reset-password.ts` for force-reset via kubectl exec - `APP_URL` env var added to chart, `INITIAL_USER_PASSWORD` removed - 4-hour token expiry for all reset links ## Test plan - [ ] Forgot password from login page sends email, always shows generic success - [ ] Reset password page sets new password and redirects to login - [ ] Expired/invalid tokens show error - [ ] Rate limit: >3 resets per email per hour silently drops - [ ] Initial user seed on fresh deploy sends welcome email - [ ] Manager resend-welcome sends welcome template via kebab menu 🤖 Generated with [Claude Code](https://claude.com/claude-code)
ryan added 1 commit 2026-04-05 17:10:04 +00:00
feat: password reset flow with welcome emails
All checks were successful
CI / ci (pull_request) Successful in 27s
Details
CI / e2e (pull_request) Successful in 1m0s
Details
bc8613bbbc 
- POST /auth/forgot-password with welcome/reset email templates
- POST /auth/reset-password with Zod validation, 4-hour tokens
- Per-email rate limiting (3/hr) via Valkey, no user enumeration
- Login page "Forgot password?" toggle with inline form
- /reset-password page for setting new password from email link
- Initial user seed sends welcome email instead of requiring password
- CLI script for force-resetting passwords via kubectl exec
- APP_URL env var in chart, removed INITIAL_USER_PASSWORD

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
ryan merged commit ea9aceec46 into main 2026-04-05 17:12:07 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
lunarfront-bot ryan
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: ryan/lunarfront-app#9
Delete Branch "feature/password-reset"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?