feat: Add password reset functionality#958
Conversation
- Add password reset token model and Pydantic schemas (server) - Add forgot-password, reset-password, verify-reset-token API endpoints (server + backend) - Add database migration for password_reset_token table - Add ForgotPassword.tsx and ResetPassword.tsx frontend pages - Add 'Forgot Password?' link to Login page - Add routes for /forgot-password and /reset-password - Add i18n translations for en-us and zh-Hans Note: Email sending integration pending - requires email service configuration. Currently returns token in API response for development/testing. Closes eigent-ai#884
|
@4pmtong @Douglasymlai please check the implementation and let me know your opinions |
|
@a7m-1st any update for me? |
|
Hi, @bitloi ,thank you very much for your contribution! I have just discussed this with @Douglasymlai . As you can see in https://github.com/eigent-ai/eigent/blob/main/server/README_EN.md, the server module under eigent is currently designed for Full Local Deployment. Therefore, we need to distinguish between two behaviors:
|
…loyment - Login.tsx: Forgot Password button now redirects to Eigent website when VITE_USE_LOCAL_PROXY=false, navigates to /forgot-password when true - ForgotPassword.tsx: Redesigned for local deployment - direct password reset with email + new password fields (no email verification needed) - Added /reset-password-direct endpoint to both server and Electron backends for direct password update in Docker database Behavior: - Full Local Deployment (VITE_USE_LOCAL_PROXY=true): Direct password reset without email verification, updates password in local Docker database - End Users (VITE_USE_LOCAL_PROXY=false): Redirects to https://www.eigent.ai/forgot-password
@LuoPengcheng12138 Done! I've updated the PR based on the feedback. |
…odels - Create backend/app/model/password_reset.py with Pydantic models: - DirectResetPasswordRequest with field_validator and model_validator - ForgotPasswordRequest with email validation - ResetPasswordRequest with token and password validation - Update server/app/model/user/password_reset.py: - Add Pydantic validators to ResetPasswordRequest - Add DirectResetPasswordRequest model with validators - Update controllers to use models from model folder - Remove manual validation from controllers (now handled by Pydantic) Password validation rules: - Minimum 8 characters - Must contain at least one letter - Must contain at least one number - Passwords must match
|
All right cool, let me take over tonight. We also need to port your updates the deployed instance. |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Security fix: Remove email addresses from log output to prevent clear-text logging of sensitive information. - backend/app/controller/password_reset_controller.py - server/app/controller/user/password_reset_controller.py
|
@a7m-1st Can you please check the pr again? |
|
HI there @LuoPengcheng12138 , do you need help with the backend integrations? |
|
Sure, as I mentioned in my earlier comment, we need to write separate logic for the Full Local Deployment and endpoint users respectively. For the |
…only reset_password_direct - Remove token-based functions (forgot_password, verify_reset_token, reset_password) - Remove traceroot_wrapper dependency (deleted upstream) - Use standard logging
|
@LuoPengcheng12138 Can you review the pr once more? |
|
@LuoPengcheng12138 Do I still need to wait? |
|
@Wendong-Fan Can we merge this PR? |
|
could @4pmtong help tracking this PR? |
|
Hi @bitloi , really sorry for the long wait on this — your patience and responsiveness throughout this process is truly appreciated. PasswordResetToken model, ForgotPasswordRequest, ResetPasswordRequest Only DirectResetPasswordRequest and /reset-password-direct are needed for local deployment. |
- Update end-user forgot-password redirect from /forgot-password to /signin - Remove PasswordResetToken model, ForgotPasswordRequest, ResetPasswordRequest - Neutralize password_reset_token alembic migration to no-op - Remove ResetPassword.tsx content and its route - Keep DirectResetPasswordRequest and /reset-password-direct for local deployment
bitloi
force-pushed
the
feature/password-reset-884
branch
from
7fee345 to
a7fd245
Compare
|
@Wendong-Fan @4pmtong Sorry for tagging you. Would you mind reviewing the changes? |
6 participants
Description
This PR adds a password reset feature to the application. Users can now click "Forgot Password?" on the login page, enter their email, and receive a reset link. The reset password page validates the token and allows users to set a new password.
What's included:
Note: Email sending is not yet implemented - tokens are returned in the API response for testing. Email integration will require configuring an email service (SMTP/SendGrid/etc).
What is the purpose of this pull request?
Screenshots
Testing
/reset-password?token=YOUR_TOKENCloses #884