feat: Add password reset functionality#958
Conversation
- Add password reset token model and Pydantic schemas (server) - Add forgot-password, reset-password, verify-reset-token API endpoints (server + backend) - Add database migration for password_reset_token table - Add ForgotPassword.tsx and ResetPassword.tsx frontend pages - Add 'Forgot Password?' link to Login page - Add routes for /forgot-password and /reset-password - Add i18n translations for en-us and zh-Hans Note: Email sending integration pending - requires email service configuration. Currently returns token in API response for development/testing. Closes eigent-ai#884
|
@4pmtong @Douglasymlai please check the implementation and let me know your opinions |
|
@a7m-1st any update for me? |
|
Hi, @bitloi ,thank you very much for your contribution! I have just discussed this with @Douglasymlai . As you can see in https://github.com/eigent-ai/eigent/blob/main/server/README_EN.md, the server module under eigent is currently designed for Full Local Deployment. Therefore, we need to distinguish between two behaviors:
|
…loyment - Login.tsx: Forgot Password button now redirects to Eigent website when VITE_USE_LOCAL_PROXY=false, navigates to /forgot-password when true - ForgotPassword.tsx: Redesigned for local deployment - direct password reset with email + new password fields (no email verification needed) - Added /reset-password-direct endpoint to both server and Electron backends for direct password update in Docker database Behavior: - Full Local Deployment (VITE_USE_LOCAL_PROXY=true): Direct password reset without email verification, updates password in local Docker database - End Users (VITE_USE_LOCAL_PROXY=false): Redirects to https://www.eigent.ai/forgot-password
@LuoPengcheng12138 Done! I've updated the PR based on the feedback. |
…odels - Create backend/app/model/password_reset.py with Pydantic models: - DirectResetPasswordRequest with field_validator and model_validator - ForgotPasswordRequest with email validation - ResetPasswordRequest with token and password validation - Update server/app/model/user/password_reset.py: - Add Pydantic validators to ResetPasswordRequest - Add DirectResetPasswordRequest model with validators - Update controllers to use models from model folder - Remove manual validation from controllers (now handled by Pydantic) Password validation rules: - Minimum 8 characters - Must contain at least one letter - Must contain at least one number - Passwords must match
|
All right cool, let me take over tonight. We also need to port your updates the deployed instance. |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Security fix: Remove email addresses from log output to prevent clear-text logging of sensitive information. - backend/app/controller/password_reset_controller.py - server/app/controller/user/password_reset_controller.py
|
@a7m-1st Can you please check the pr again? |
|
HI there @LuoPengcheng12138 , do you need help with the backend integrations? |
|
Sure, as I mentioned in my earlier comment, we need to write separate logic for the Full Local Deployment and endpoint users respectively. For the |
…only reset_password_direct - Remove token-based functions (forgot_password, verify_reset_token, reset_password) - Remove traceroot_wrapper dependency (deleted upstream) - Use standard logging
|
@LuoPengcheng12138 Can you review the pr once more? |
# Conflicts: # backend/app/controller/password_reset_controller.py
hi, @bitloi Thank you for your contribution! I have made some minor modifications based on your work. You can merge #1097 into your current branch. Once the merge is completed, this PR will be ready and waiting to be merged into the main branch. |
Done! Can you review it? |
|
hi, @bitloi We may hold off on merging for now, as the development of the cloud server (non-local deployment) and website is still in progress. We will take the initiative to merge this PR once the related work is completed. |
|
@LuoPengcheng12138 Do I still need to wait for the merge? |
We'll take over the merging of this PR. Since the server-side development is still in progress, this may keep you waiting for a while. |
… in src/routers/index.tsx
|
Yes thanks for the clarification @LuoPengcheng12138 , |
3 participants
Description
This PR adds a password reset feature to the application. Users can now click "Forgot Password?" on the login page, enter their email, and receive a reset link. The reset password page validates the token and allows users to set a new password.
What's included:
Note: Email sending is not yet implemented - tokens are returned in the API response for testing. Email integration will require configuring an email service (SMTP/SendGrid/etc).
What is the purpose of this pull request?
Screenshots
Testing
/reset-password?token=YOUR_TOKENCloses #884