sboulahtit/orion
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: email verification, merchant/store password reset, seed gap fix
Some checks failed
CI / ruff (push) Successful in 10s
Details
CI / validate (push) Has been cancelled
Details
CI / dependency-scanning (push) Has been cancelled
Details
CI / docs (push) Has been cancelled
Details
CI / deploy (push) Has been cancelled
Details
CI / pytest (push) Has been cancelled
Details

Browse Source 
- Add EmailVerificationToken and UserPasswordResetToken models with migration
- Add email verification flow: verify-email page route, resend-verification API
- Block login for unverified users (EmailNotVerifiedException in auth_service)
- Add forgot-password/reset-password endpoints for merchant and store auth
- Add "Forgot Password?" links to merchant and store login pages
- Send welcome email with verification link on merchant creation
- Seed email_verification and merchant_password_reset email templates
- Fix db-reset Makefile to run all init-prod seed scripts
- Add UserAuthService to satisfy architecture validation rules
- Add 52 new tests (unit + integration) with full coverage

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Samir Boulahtit
2026-02-18 23:22:46 +01:00
parent a8b29750a5
commit d9fc52d47a
30 changed files with 2574 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
app/modules/core/services/auth_service.py
View File

@@ -18,6 +18,7 @@ from typing import Any
from sqlalchemy.orm import Session
from app.modules.tenancy.exceptions import (
EmailNotVerifiedException,
InvalidCredentialsException,
UserNotActiveException,
)
@@ -59,6 +60,9 @@ class AuthService:
if not user.is_active:
raise UserNotActiveException("User account is not active")
if not user.is_email_verified:
raise EmailNotVerifiedException()
# Update last_login timestamp
user.last_login = datetime.now(UTC)
db.commit() # SVC-006 - Login must persist last_login timestamp
@@ -159,6 +163,9 @@ class AuthService:
if not user.is_active:
raise UserNotActiveException("User account is not active")
if not user.is_email_verified:
raise EmailNotVerifiedException()
# Verify user owns at least one active merchant
merchant_count = (
db.query(Merchant)

29
app/modules/core/static/merchant/js/login.js
View File

@@ -133,6 +133,35 @@ function merchantLogin() {
}
},
// Forgot password state
showForgotPassword: false,
forgotPasswordEmail: '',
forgotPasswordLoading: false,
async handleForgotPassword() {
loginLog.info('=== FORGOT PASSWORD ATTEMPT ===');
if (!this.forgotPasswordEmail.trim()) {
this.error = 'Email is required';
return;
}
this.forgotPasswordLoading = true;
this.clearErrors();
try {
await apiClient.post('/merchants/auth/forgot-password', {
email: this.forgotPasswordEmail.trim()
});
this.success = 'If an account exists with this email, a password reset link has been sent.';
this.forgotPasswordEmail = '';
} catch (error) {
window.LogConfig.logError(error, 'ForgotPassword');
this.error = error.message || 'Failed to send reset email. Please try again.';
} finally {
this.forgotPasswordLoading = false;
}
},
toggleDarkMode() {
this.dark = !this.dark;
localStorage.setItem('theme', this.dark ? 'dark' : 'light');