sboulahtit/orion
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: add comprehensive documentation for today's work

Browse Source 
Technical Documentation:
- docs/development/architecture-fixes-2026-01.md: Complete guide to
  all architecture validation fixes (62 -> 0 errors)

User Guides:
- docs/guides/email-templates.md: How-to guide for vendors and admins
  to use the email template customization system

Implementation Docs:
- docs/implementation/password-reset-implementation.md: Technical
  documentation for the password reset feature
- Updated email-templates-architecture.md with EmailTemplateService
  documentation and related links

Bugfix:
- Fixed TemplateListItem Pydantic model to match service output
  (languages vs available_languages field name)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Samir Boulahtit
2026-01-03 19:07:09 +01:00
parent 5155ef7445
commit daec462847
7 changed files with 1234 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
app/api/v1/admin/email_templates.py
View File

@@ -63,9 +63,11 @@ class TemplateListItem(BaseModel):
code: str
name: str
description: str
description: str | None = None
category: str
available_languages: list[str]
languages: list[str] # Matches service output field name
is_platform_only: bool = False
variables: list[str] = []
class Config:
from_attributes = True

476
docs/development/architecture-fixes-2026-01.md Normal file
View File

@@ -0,0 +1,476 @@
# Architecture Validation Fixes (January 2026)
## Overview
This document details the architecture validation fixes implemented to achieve **zero architecture errors** in the codebase. The fixes addressed violations across API endpoints, service layer, JavaScript files, and templates.
**Before:** 62 errors
**After:** 0 errors
---
## Summary of Changes
| Category | Files Changed | Violations Fixed |
|----------|---------------|------------------|
| API Layer | 3 files | 12 violations |
| Service Layer | 2 files | Business logic moved |
| Exceptions | 1 file | 2 new exceptions |
| JavaScript | 2 files | 8 violations |
| Templates | 2 files | 2 violations |
| Tooling | 1 file | 1 false positive fix |
---
## 1. API Layer Fixes
### 1.1 Vendor Settings API
**File:** `app/api/v1/vendor/settings.py`
**Problem:** 10 HTTPException raises directly in endpoint functions (API-003 violations).
**Solution:** Moved validation to Pydantic field validators.
#### Before (Inline Validation)
```python
@router.put("/letzshop")
def update_letzshop_settings(letzshop_config: LetzshopFeedSettingsUpdate, ...):
update_data = letzshop_config.model_dump(exclude_unset=True)
# Validate tax rate - VIOLATION: HTTPException in endpoint
if "letzshop_default_tax_rate" in update_data:
if update_data["letzshop_default_tax_rate"] not in VALID_TAX_RATES:
raise HTTPException(status_code=400, detail="Invalid tax rate")
# ... more inline validation
```
#### After (Pydantic Validators)
```python
# Constants moved above model
VALID_TAX_RATES = [0, 3, 8, 14, 17]
VALID_DELIVERY_METHODS = ["nationwide", "package_delivery", "self_collect"]
class LetzshopFeedSettingsUpdate(BaseModel):
letzshop_default_tax_rate: int | None = Field(None)
letzshop_boost_sort: str | None = Field(None)
letzshop_delivery_method: str | None = Field(None)
letzshop_preorder_days: int | None = Field(None, ge=0) # Built-in validation
@field_validator("letzshop_default_tax_rate")
@classmethod
def validate_tax_rate(cls, v: int | None) -> int | None:
if v is not None and v not in VALID_TAX_RATES:
raise ValueError(f"Invalid tax rate. Must be one of: {VALID_TAX_RATES}")
return v
@field_validator("letzshop_delivery_method")
@classmethod
def validate_delivery_method(cls, v: str | None) -> str | None:
if v is not None:
methods = v.split(",")
for method in methods:
if method.strip() not in VALID_DELIVERY_METHODS:
raise ValueError(f"Invalid delivery method")
return v
@field_validator("letzshop_boost_sort")
@classmethod
def validate_boost_sort(cls, v: str | None) -> str | None:
if v is not None:
try:
boost = float(v)
if boost < 0.0 or boost > 10.0:
raise ValueError("Boost sort must be between 0.0 and 10.0")
except ValueError as e:
if "could not convert" in str(e).lower():
raise ValueError("Boost sort must be a valid number")
raise
return v
# Endpoint now clean
@router.put("/letzshop")
def update_letzshop_settings(letzshop_config: LetzshopFeedSettingsUpdate, ...):
"""Validation is handled by Pydantic model validators."""
vendor = vendor_service.get_vendor_by_id(db, current_user.token_vendor_id)
update_data = letzshop_config.model_dump(exclude_unset=True)
for key, value in update_data.items():
setattr(vendor, key, value)
# ...
```
**Same pattern applied to:**
- `LocalizationSettingsUpdate` - language and locale validation
---
### 1.2 Admin Email Templates API
**File:** `app/api/v1/admin/email_templates.py`
**Problem:** 2 endpoints returning raw dicts instead of Pydantic models (API-001 violations).
**Solution:** Added Pydantic response models.
#### Before
```python
@router.get("")
def list_templates(...):
return {"templates": service.list_platform_templates()}
@router.get("/categories")
def get_categories(...):
return {"categories": service.get_template_categories()}
```
#### After
```python
class TemplateListItem(BaseModel):
code: str
name: str
description: str | None = None
category: str
languages: list[str] # Matches service output
is_platform_only: bool = False
variables: list[str] = []
class Config:
from_attributes = True
class TemplateListResponse(BaseModel):
templates: list[TemplateListItem]
class CategoriesResponse(BaseModel):
categories: list[str]
@router.get("", response_model=TemplateListResponse)
def list_templates(...):
return TemplateListResponse(templates=service.list_platform_templates())
@router.get("/categories", response_model=CategoriesResponse)
def get_categories(...):
return CategoriesResponse(categories=service.get_template_categories())
```
---
### 1.3 Shop Auth API (Password Reset)
**File:** `app/api/v1/shop/auth.py`
**Problem:** Business logic in `forgot_password()` and `reset_password()` endpoints.
**Solution:** Moved business logic to `CustomerService`.
#### Before (Business Logic in Endpoint)
```python
@router.post("/auth/reset-password")
def reset_password(request: Request, reset_token: str, new_password: str, db: Session = Depends(get_db)):
# Validate password length - BUSINESS LOGIC
if len(new_password) < 8:
raise HTTPException(status_code=400, detail="Password too short")
# Find valid token - BUSINESS LOGIC
token_record = PasswordResetToken.find_valid_token(db, reset_token)
if not token_record:
raise HTTPException(status_code=400, detail="Invalid token")
# ... more business logic
```
#### After (Delegated to Service)
```python
@router.post("/auth/reset-password", response_model=PasswordResetResponse)
def reset_password(request: Request, reset_token: str, new_password: str, db: Session = Depends(get_db)):
vendor = getattr(request.state, "vendor", None)
if not vendor:
raise VendorNotFoundException("context", identifier_type="subdomain")
# All business logic in service
customer = customer_service.validate_and_reset_password(
db=db,
vendor_id=vendor.id,
reset_token=reset_token,
new_password=new_password,
)
db.commit()
return PasswordResetResponse(message="Password reset successfully.")
```
---
## 2. Service Layer Changes
### 2.1 CustomerService Enhancements
**File:** `app/services/customer_service.py`
Added two new methods for password reset:
```python
def get_customer_for_password_reset(
self, db: Session, vendor_id: int, email: str
) -> Customer | None:
"""Get active customer by email for password reset."""
return (
db.query(Customer)
.filter(
Customer.vendor_id == vendor_id,
Customer.email == email.lower(),
Customer.is_active == True,
)
.first()
)
def validate_and_reset_password(
self,
db: Session,
vendor_id: int,
reset_token: str,
new_password: str,
) -> Customer:
"""Validate reset token and update customer password.
Raises:
PasswordTooShortException: If password too short
InvalidPasswordResetTokenException: If token invalid/expired
CustomerNotActiveException: If customer not active
"""
if len(new_password) < 8:
raise PasswordTooShortException(min_length=8)
token_record = PasswordResetToken.find_valid_token(db, reset_token)
if not token_record:
raise InvalidPasswordResetTokenException()
customer = db.query(Customer).filter(Customer.id == token_record.customer_id).first()
if not customer or customer.vendor_id != vendor_id:
raise InvalidPasswordResetTokenException()
if not customer.is_active:
raise CustomerNotActiveException(customer.email)
hashed_password = self.auth_service.hash_password(new_password)
customer.hashed_password = hashed_password
token_record.mark_used(db)
return customer
```
---
## 3. Exception Layer
### 3.1 New Customer Exceptions
**File:** `app/exceptions/customer.py`
Added two new exceptions for password reset:
```python
class InvalidPasswordResetTokenException(ValidationException):
"""Raised when password reset token is invalid or expired."""
def __init__(self):
super().__init__(
message="Invalid or expired password reset link. Please request a new one.",
field="reset_token",
)
self.error_code = "INVALID_RESET_TOKEN"
class PasswordTooShortException(ValidationException):
"""Raised when password doesn't meet minimum length requirement."""
def __init__(self, min_length: int = 8):
super().__init__(
message=f"Password must be at least {min_length} characters long",
field="password",
details={"min_length": min_length},
)
self.error_code = "PASSWORD_TOO_SHORT"
```
---
## 4. JavaScript Fixes
### 4.1 Admin Email Templates
**File:** `static/admin/js/email-templates.js`
**Problems:**
- Used raw `fetch()` instead of `apiClient`
- Used `showNotification()` instead of `Utils.showToast()`
#### Before
```javascript
async loadData() {
this.loading = true;
try {
const response = await fetch('/api/v1/admin/email-templates');
const data = await response.json();
this.templates = data.templates || [];
} catch (error) {
showNotification('Failed to load templates', 'error');
}
}
```
#### After
```javascript
async loadData() {
this.loading = true;
try {
const [templatesData, categoriesData] = await Promise.all([
apiClient.get('/admin/email-templates'),
apiClient.get('/admin/email-templates/categories')
]);
this.templates = templatesData.templates || [];
this.categories = categoriesData.categories || [];
} catch (error) {
Utils.showToast('Failed to load templates', 'error');
}
}
```
---
### 4.2 Vendor Email Templates
**File:** `static/vendor/js/email-templates.js`
**Problems:**
- Used raw `fetch()` instead of `apiClient`
- Missing parent init call pattern
- Used `showNotification()` instead of `Utils.showToast()`
#### Before
```javascript
async init() {
await this.loadData();
}
```
#### After
```javascript
async init() {
vendorEmailTemplatesLog.info('Email templates init() called');
// Call parent init to set vendorCode and other base state
const parentInit = data().init;
if (parentInit) {
await parentInit.call(this);
}
await this.loadData();
}
```
---
## 5. Template Fixes
### 5.1 Admin Email Templates Template
**File:** `app/templates/admin/email-templates.html`
**Problem:** Wrong block name (TPL-015 violation).
```html
<!-- Before -->
{% block scripts %}
<!-- After -->
{% block extra_scripts %}
```
---
### 5.2 Shop Base Template
**File:** `app/templates/shop/base.html`
**Problem:** `request.state.language` used without default (LANG-009 violation).
```html
<!-- Before -->
language: '{{ request.state.language }}'
<!-- After -->
language: '{{ request.state.language|default("fr") }}'
```
---
## 6. Architecture Validator Fix
### 6.1 LANG-001 False Positive
**File:** `scripts/validate_architecture.py`
**Problem:** Validator flagged "English" as invalid language code in `SUPPORTED_LANGUAGES` dict (where it's a display name, not a code).
**Solution:** Extended pattern to skip `SUPPORTED_LANGUAGES` and `SUPPORTED_LOCALES` blocks.
```python
# Before: Only skipped LANGUAGE_NAMES blocks
if ("LANGUAGE_NAMES" in line or "LANGUAGE_NAMES_EN" in line) and "=" in line:
in_language_names_dict = True
# After: Also skips SUPPORTED_LANGUAGES and SUPPORTED_LOCALES
if any(
name in line
for name in [
"LANGUAGE_NAMES",
"LANGUAGE_NAMES_EN",
"SUPPORTED_LANGUAGES",
"SUPPORTED_LOCALES",
]
) and "=" in line:
in_language_names_block = True
if in_language_names_block and stripped in ("}", "]"):
in_language_names_block = False
```
---
## Architecture Rules Reference
| Rule ID | Description | Fixed Files |
|---------|-------------|-------------|
| API-001 | Endpoint must use Pydantic models | admin/email_templates.py |
| API-003 | Endpoint must NOT contain business logic | vendor/settings.py, shop/auth.py |
| JS-001 | Must use apiClient for API calls | email-templates.js (admin & vendor) |
| JS-002 | Must use Utils.showToast() for notifications | email-templates.js (admin & vendor) |
| JS-003 | Must call parent init for Alpine components | vendor/email-templates.js |
| TPL-015 | Must use correct block names | admin/email-templates.html |
| LANG-009 | Must provide language default | shop/base.html |
---
## Testing
After these changes:
```bash
$ python scripts/validate_architecture.py
Files checked: 439
Findings: 0 errors, 141 warnings, 2 info
```
The remaining warnings are acceptable patterns (mostly `db.commit()` in services which is allowed for complex operations).
---
## Commit Reference
```
commit 5155ef7
fix: resolve all architecture validation errors (62 -> 0)
10 files changed, 394 insertions(+), 380 deletions(-)
```

2
docs/development/synology-github-repo.md
View File

@@ -56,7 +56,7 @@ Git is an open-source, distributed version control system that helps you manage
Adding new repository on NAS DS223J
```bash
> ssh boulaht1@DS223J
> ssh boulaht1@DS223J -p 22
> sudo -i
> cd /volume1/git-repos/
> git --bare init my-repo.git

287
docs/guides/email-templates.md Normal file
View File

@@ -0,0 +1,287 @@
# Email Templates Guide
## Overview
The Wizamart platform provides a comprehensive email template system that allows:
- **Platform Administrators**: Manage all email templates across the platform
- **Vendors**: Customize customer-facing emails with their own branding
This guide covers how to use the email template system from both perspectives.
---
## For Vendors
### Accessing Email Templates
1. Log in to your vendor dashboard
2. Navigate to **Settings** > **Email Templates** in the sidebar
3. You'll see a list of all customizable email templates
### Understanding Template Status
Each template shows its customization status:
| Status | Description |
|--------|-------------|
| **Platform Default** | Using the standard Wizamart template |
| **Customized** | You have created a custom version |
| Language badges (green) | Languages where you have customizations |
### Customizing a Template
1. Click on any template to open the edit modal
2. Select the language tab you want to customize (EN, FR, DE, LB)
3. Edit the following fields:
- **Subject**: The email subject line
- **HTML Body**: The rich HTML content
- **Plain Text Body**: Fallback for email clients that don't support HTML
4. Click **Save** to save your customization
### Template Variables
Templates use special variables that are automatically replaced with actual values. Common variables include:
| Variable | Description |
|----------|-------------|
| `{{ customer_name }}` | Customer's first name |
| `{{ order_number }}` | Order reference number |
| `{{ vendor_name }}` | Your store name |
| `{{ platform_name }}` | Platform name (Wizamart or your whitelabel name) |
Each template shows its available variables in the reference panel.
### Previewing Templates
Before saving, you can preview your template:
1. Click **Preview** in the edit modal
2. A preview window shows how the email will look
3. Sample data is used for all variables
### Testing Templates
To send a test email:
1. Click **Send Test Email** in the edit modal
2. Enter your email address
3. Click **Send**
4. Check your inbox to see the actual email
### Reverting to Platform Default
If you want to remove your customization and use the platform default:
1. Open the template edit modal
2. Click **Revert to Default**
3. Confirm the action
Your customization will be deleted and the platform template will be used.
### Available Templates for Vendors
| Template | Category | Description |
|----------|----------|-------------|
| Welcome Email | AUTH | Sent when a customer registers |
| Password Reset | AUTH | Password reset link |
| Order Confirmation | ORDERS | Sent after order placement |
| Shipping Notification | ORDERS | Sent when order is shipped |
**Note:** Billing and subscription emails are platform-only and cannot be customized.
---
## For Platform Administrators
### Accessing Email Templates
1. Log in to the admin dashboard
2. Navigate to **System** > **Email Templates** in the sidebar
3. You'll see all platform templates grouped by category
### Template Categories
| Category | Description | Vendor Override |
|----------|-------------|-----------------|
| AUTH | Authentication emails | Allowed |
| ORDERS | Order-related emails | Allowed |
| BILLING | Subscription/payment emails | **Not Allowed** |
| SYSTEM | System notifications | Allowed |
| MARKETING | Promotional emails | Allowed |
### Editing Platform Templates
1. Click on any template to open the edit modal
2. Select the language tab (EN, FR, DE, LB)
3. Edit the subject and body content
4. Click **Save**
**Important:** Changes to platform templates affect:
- All vendors who haven't customized the template
- New vendors automatically
### Creating New Templates
To add a new template:
1. Use the database seed script or migration
2. Define the template code, category, and languages
3. Set `is_platform_only` if vendors shouldn't override it
### Viewing Email Logs
To see email delivery history:
1. Open a template
2. Click **View Logs**
3. See recent emails sent using this template
Logs show:
- Recipient email
- Send date/time
- Delivery status
- Vendor (if applicable)
### Template Best Practices
1. **Use all 4 languages**: Provide content in EN, FR, DE, and LB
2. **Test before publishing**: Always send test emails
3. **Include plain text**: Not all email clients support HTML
4. **Use consistent branding**: Follow Wizamart brand guidelines
5. **Keep subjects short**: Under 60 characters for mobile
---
## Language Resolution
When sending an email, the system determines the language in this order:
1. **Customer's preferred language** (if set in their profile)
2. **Vendor's storefront language** (if customer doesn't have preference)
3. **Platform default** (French - "fr")
### Template Resolution for Vendors
1. System checks if vendor has a custom override
2. If yes, uses vendor's template
3. If no, falls back to platform template
4. If requested language unavailable, falls back to English
---
## Branding
### Standard Vendors
Standard vendors' emails include Wizamart branding:
- Wizamart logo in header
- "Powered by Wizamart" footer
### Whitelabel Vendors
Enterprise-tier vendors with whitelabel enabled:
- No Wizamart branding
- Vendor's logo in header
- Custom footer (if configured)
---
## Email Template Variables Reference
### Authentication Templates
#### signup_welcome
```
{{ first_name }} - Customer's first name
{{ company_name }} - Vendor company name
{{ email }} - Customer's email
{{ login_url }} - Link to login page
{{ trial_days }} - Trial period length
{{ tier_name }} - Subscription tier
```
#### password_reset
```
{{ customer_name }} - Customer's name
{{ reset_link }} - Password reset URL
{{ expiry_hours }} - Link expiration time
```
### Order Templates
#### order_confirmation
```
{{ customer_name }} - Customer's name
{{ order_number }} - Order reference
{{ order_total }} - Order total amount
{{ order_items_count }} - Number of items
{{ order_date }} - Order date
{{ shipping_address }} - Delivery address
```
### Common Variables (All Templates)
```
{{ platform_name }} - "Wizamart" or whitelabel name
{{ platform_logo_url }} - Platform logo URL
{{ support_email }} - Support email address
{{ vendor_name }} - Vendor's business name
{{ vendor_logo_url }} - Vendor's logo URL
```
---
## Troubleshooting
### Email Not Received
1. Check spam/junk folder
2. Verify email address is correct
3. Check email logs in admin dashboard
4. Verify SMTP configuration
### Template Not Applying
1. Clear browser cache
2. Verify the correct language is selected
3. Check if vendor override exists
4. Verify template is not platform-only
### Variables Not Replaced
1. Check variable spelling (case-sensitive)
2. Ensure variable is available for this template
3. Wrap variables in `{{ }}` syntax
4. Check for typos in variable names
---
## API Reference
For developers integrating with the email system:
### Sending a Template Email
```python
from app.services.email_service import EmailService
email_service = EmailService(db)
email_service.send_template(
template_code="order_confirmation",
to_email="customer@example.com",
to_name="John Doe",
language="fr",
variables={
"customer_name": "John",
"order_number": "ORD-12345",
"order_total": "99.99",
},
vendor_id=vendor.id,
related_type="order",
related_id=order.id,
)
```
See [Email Templates Architecture](../implementation/email-templates-architecture.md) for full technical documentation.

64
docs/implementation/email-templates-architecture.md
View File

@@ -69,6 +69,59 @@ UNIQUE (vendor_id, template_code, language)
---
## Email Template Service
**File:** `app/services/email_template_service.py`
The `EmailTemplateService` encapsulates all email template business logic, keeping API endpoints clean and focused on request/response handling.
### Admin Methods
| Method | Description |
|--------|-------------|
| `list_platform_templates()` | List all platform templates grouped by code |
| `get_template_categories()` | Get list of template categories |
| `get_platform_template(code)` | Get template with all language versions |
| `update_platform_template(code, language, data)` | Update platform template content |
| `preview_template(code, language, variables)` | Generate preview with sample data |
| `get_template_logs(code, limit)` | Get email logs for template |
### Vendor Methods
| Method | Description |
|--------|-------------|
| `list_overridable_templates(vendor_id)` | List templates vendor can customize |
| `get_vendor_template(vendor_id, code, language)` | Get template (override or platform default) |
| `create_or_update_vendor_override(vendor_id, code, language, data)` | Save vendor customization |
| `delete_vendor_override(vendor_id, code, language)` | Revert to platform default |
| `preview_vendor_template(vendor_id, code, language, variables)` | Preview with vendor branding |
### Usage Example
```python
from app.services.email_template_service import EmailTemplateService
service = EmailTemplateService(db)
# List templates for admin
templates = service.list_platform_templates()
# Get vendor's view of a template
template_data = service.get_vendor_template(vendor_id, "order_confirmation", "fr")
# Create vendor override
service.create_or_update_vendor_override(
vendor_id=vendor.id,
code="order_confirmation",
language="fr",
subject="Votre commande {{ order_number }}",
body_html="<html>...</html>",
body_text="Plain text...",
)
```
---
## Email Service
**File:** `app/services/email_service.py`
@@ -372,7 +425,8 @@ db.commit()
│ │ ├── admin_pages.py (route added)
│ │ └── vendor_pages.py (route added)
│ ├── services/
│ │ ── email_service.py (enhanced)
│ │ ── email_service.py (enhanced)
│ │ └── email_template_service.py (new - business logic)
│ └── templates/
│ ├── admin/
│ │ ├── email-templates.html
@@ -394,3 +448,11 @@ db.commit()
└── vendor/js/
└── email-templates.js
```
---
## Related Documentation
- [Email Templates User Guide](../guides/email-templates.md) - How to use the email template system
- [Password Reset Implementation](./password-reset-implementation.md) - Password reset feature using email templates
- [Architecture Fixes (January 2026)](../development/architecture-fixes-2026-01.md) - Architecture validation fixes

400
docs/implementation/password-reset-implementation.md Normal file
View File

@@ -0,0 +1,400 @@
# Password Reset Implementation
## Overview
This document describes the password reset feature for shop customers, allowing them to securely reset their password via email.
---
## Architecture
### Flow Diagram
```
┌──────────────┐ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐
│ Customer │───▶│ Forgot Page │───▶│ API: POST │───▶│ Email Sent │
│ Clicks │ │ Enter Email │ │ /forgot-pwd │ │ with Link │
└──────────────┘ └──────────────┘ └──────────────┘ └──────────────┘
┌──────────────┐ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐
│ Success │◀───│ API: POST │◀───│ Reset Page │◀───│ Customer │
│ Redirect │ │ /reset-pwd │ │ New Password │ │ Clicks Link │
└──────────────┘ └──────────────┘ └──────────────┘ └──────────────┘
```
---
## Components
### Database Model
**File:** `models/database/password_reset_token.py`
```python
class PasswordResetToken(Base):
__tablename__ = "password_reset_tokens"
id: int # Primary key
customer_id: int # FK to customers.id
token_hash: str # SHA256 hash of token
expires_at: datetime # Expiration timestamp
used_at: datetime | None # When token was used
created_at: datetime # Creation timestamp
TOKEN_EXPIRY_HOURS = 1 # Token valid for 1 hour
```
**Key Methods:**
| Method | Description |
|--------|-------------|
| `create_for_customer(db, customer_id)` | Creates new token, returns plaintext |
| `find_valid_token(db, plaintext_token)` | Finds unexpired, unused token |
| `mark_used(db)` | Marks token as used |
**Security:**
- Tokens are hashed with SHA256 before storage
- Only one active token per customer (old tokens invalidated)
- Tokens expire after 1 hour
- Tokens can only be used once
---
### API Endpoints
**File:** `app/api/v1/shop/auth.py`
#### POST /api/v1/shop/auth/forgot-password
Request a password reset link.
**Request:**
```json
{
"email": "customer@example.com"
}
```
**Response:** (Always returns success to prevent email enumeration)
```json
{
"message": "If an account exists with this email, a password reset link has been sent."
}
```
**Implementation:**
```python
@router.post("/auth/forgot-password", response_model=PasswordResetRequestResponse)
def forgot_password(request: Request, email: str, db: Session = Depends(get_db)):
vendor = getattr(request.state, "vendor", None)
if not vendor:
raise VendorNotFoundException("context", identifier_type="subdomain")
# Look up customer (vendor-scoped)
customer = customer_service.get_customer_for_password_reset(db, vendor.id, email)
if customer:
# Generate token and send email
plaintext_token = PasswordResetToken.create_for_customer(db, customer.id)
reset_link = f"{scheme}://{host}/shop/account/reset-password?token={plaintext_token}"
email_service.send_template(
template_code="password_reset",
to_email=customer.email,
variables={
"customer_name": customer.first_name,
"reset_link": reset_link,
"expiry_hours": str(PasswordResetToken.TOKEN_EXPIRY_HOURS),
},
vendor_id=vendor.id,
)
db.commit()
# Always return success (security: don't reveal if email exists)
return PasswordResetRequestResponse(
message="If an account exists with this email, a password reset link has been sent."
)
```
---
#### POST /api/v1/shop/auth/reset-password
Reset password using token from email.
**Request:**
```json
{
"reset_token": "abc123...",
"new_password": "newSecurePassword123"
}
```
**Response:**
```json
{
"message": "Password reset successfully. You can now log in with your new password."
}
```
**Implementation:**
```python
@router.post("/auth/reset-password", response_model=PasswordResetResponse)
def reset_password(
request: Request, reset_token: str, new_password: str, db: Session = Depends(get_db)
):
vendor = getattr(request.state, "vendor", None)
if not vendor:
raise VendorNotFoundException("context", identifier_type="subdomain")
# Service handles all validation and password update
customer = customer_service.validate_and_reset_password(
db=db,
vendor_id=vendor.id,
reset_token=reset_token,
new_password=new_password,
)
db.commit()
return PasswordResetResponse(
message="Password reset successfully. You can now log in with your new password."
)
```
---
### Service Layer
**File:** `app/services/customer_service.py`
#### get_customer_for_password_reset
```python
def get_customer_for_password_reset(
self, db: Session, vendor_id: int, email: str
) -> Customer | None:
"""Get active customer by email for password reset.
Returns None if customer doesn't exist or is inactive.
This method is designed to not reveal whether an email exists.
"""
return (
db.query(Customer)
.filter(
Customer.vendor_id == vendor_id,
Customer.email == email.lower(),
Customer.is_active == True,
)
.first()
)
```
#### validate_and_reset_password
```python
def validate_and_reset_password(
self,
db: Session,
vendor_id: int,
reset_token: str,
new_password: str,
) -> Customer:
"""Validate reset token and update customer password.
Args:
db: Database session
vendor_id: Vendor ID (for security verification)
reset_token: Password reset token from email
new_password: New password
Returns:
Customer: Updated customer
Raises:
PasswordTooShortException: If password < 8 characters
InvalidPasswordResetTokenException: If token invalid/expired
CustomerNotActiveException: If customer account is inactive
"""
# Validate password length
if len(new_password) < 8:
raise PasswordTooShortException(min_length=8)
# Find valid token
token_record = PasswordResetToken.find_valid_token(db, reset_token)
if not token_record:
raise InvalidPasswordResetTokenException()
# Get customer and verify vendor ownership
customer = db.query(Customer).filter(Customer.id == token_record.customer_id).first()
if not customer or customer.vendor_id != vendor_id:
raise InvalidPasswordResetTokenException()
if not customer.is_active:
raise CustomerNotActiveException(customer.email)
# Update password
hashed_password = self.auth_service.hash_password(new_password)
customer.hashed_password = hashed_password
# Mark token as used
token_record.mark_used(db)
return customer
```
---
### Exceptions
**File:** `app/exceptions/customer.py`
```python
class InvalidPasswordResetTokenException(ValidationException):
"""Raised when password reset token is invalid or expired."""
def __init__(self):
super().__init__(
message="Invalid or expired password reset link. Please request a new one.",
field="reset_token",
)
self.error_code = "INVALID_RESET_TOKEN"
class PasswordTooShortException(ValidationException):
"""Raised when password doesn't meet minimum length requirement."""
def __init__(self, min_length: int = 8):
super().__init__(
message=f"Password must be at least {min_length} characters long",
field="password",
details={"min_length": min_length},
)
self.error_code = "PASSWORD_TOO_SHORT"
```
---
### Frontend Pages
#### Forgot Password Page
**Template:** `app/templates/shop/account/forgot-password.html`
**Route:** `/shop/account/forgot-password`
Features:
- Email input form
- Form validation
- Success message display
- Link back to login
#### Reset Password Page
**Template:** `app/templates/shop/account/reset-password.html`
**Route:** `/shop/account/reset-password?token=...`
Features:
- New password input
- Confirm password input
- Password strength indicator
- Password match validation
- Success redirect to login
---
### Email Template
**Code:** `password_reset`
**Category:** AUTH
**Languages:** en, fr, de, lb
**Variables:**
| Variable | Description |
|----------|-------------|
| `customer_name` | Customer's first name |
| `reset_link` | Full URL to reset password page |
| `expiry_hours` | Hours until link expires |
**Example Email:**
```
Subject: Reset Your Password
Hi {{ customer_name }},
We received a request to reset your password.
Click here to reset your password:
{{ reset_link }}
This link will expire in {{ expiry_hours }} hour(s).
If you didn't request this, you can safely ignore this email.
```
---
## Security Considerations
### Token Security
1. **Hashed Storage**: Tokens stored as SHA256 hashes
2. **Short Expiry**: 1 hour expiration
3. **Single Use**: Tokens invalidated after use
4. **One Active Token**: Creating new token invalidates previous
### Email Enumeration Prevention
- Same response whether email exists or not
- Same response timing regardless of email existence
### Vendor Isolation
- Tokens are verified against the requesting vendor
- Prevents cross-vendor token reuse
### Password Requirements
- Minimum 8 characters
- Enforced by service layer exception
---
## Testing Checklist
- [ ] Request reset for existing email (email received)
- [ ] Request reset for non-existent email (same response)
- [ ] Click reset link within expiry (success)
- [ ] Click reset link after expiry (error)
- [ ] Click reset link twice (second fails)
- [ ] Password too short (validation error)
- [ ] Password mismatch on form (client validation)
- [ ] Multi-language email templates
- [ ] Token works only for correct vendor
---
## File Structure
```
├── alembic/versions/
│ └── t8b9c0d1e2f3_add_password_reset_tokens.py
├── app/
│ ├── api/v1/shop/
│ │ └── auth.py
│ ├── exceptions/
│ │ └── customer.py
│ ├── routes/
│ │ └── shop_pages.py
│ ├── services/
│ │ └── customer_service.py
│ └── templates/shop/account/
│ ├── forgot-password.html
│ └── reset-password.html
├── models/
│ ├── database/
│ │ └── password_reset_token.py
│ └── schema/
│ └── auth.py
└── scripts/
└── seed_email_templates.py
```

3
mkdocs.yml
View File

@@ -135,6 +135,7 @@ nav:
- Init Guide: development/database-seeder/database-init-guide.md
- Quick Reference: development/database-seeder/database-quick-reference-guide.md
- Seed Scripts Audit: development/seed-scripts-audit.md
- Architecture Fixes (Jan 2026): development/architecture-fixes-2026-01.md
- PyCharm Setup:
- Make Configuration: development/pycharm-configuration-make.md
- Troubleshooting: development/troubleshooting.md
@@ -169,6 +170,7 @@ nav:
- Vendor Frontend Parity: implementation/vendor-frontend-parity-plan.md
- Stock Management Integration: implementation/stock-management-integration.md
- Email Templates Architecture: implementation/email-templates-architecture.md
- Password Reset: implementation/password-reset-implementation.md
# --- Testing ---
- Testing:
@@ -216,6 +218,7 @@ nav:
- Product Management: guides/product-management.md
- Inventory Management: guides/inventory-management.md
- Subscription Tier Management: guides/subscription-tier-management.md
- Email Templates: guides/email-templates.md
- Shop Setup: guides/shop-setup.md
- CSV Import: guides/csv-import.md
- Marketplace Integration: guides/marketplace-integration.md