feat: self-service password reset via email (Phase 4)
- email column on users (migration-safe ALTER TABLE) - email_reset_tokens table (1h TTL, single-use) - smtp.py: send via STARTTLS, config from CLI/env vars - POST /api/auth/request-reset — sends reset link, always 200 (no email leak) - POST /api/auth/reset-password-token — consumes email token - GET/POST /api/me/email — users can register/update their email - reset-password page: email form primary, admin code form as toggle, token form shown automatically when ?token= is in URL - CLI: --smtp-host/port/user/password/from (BINCIO_SMTP_* env vars)
This commit is contained in:
Davide Scaini
@@ -41,5 +41,18 @@ class CreateInviteRequest(BaseModel):
|
||||
grants_activity: bool = Field(default=False)
|
||||
|
||||
|
||||
class RequestResetRequest(BaseModel):
|
||||
email: str
|
||||
|
||||
|
||||
class ResetPasswordTokenRequest(BaseModel):
|
||||
token: str
|
||||
password: str = Field(..., min_length=8, description="New password (min 8 chars)")
|
||||
|
||||
|
||||
class SetEmailRequest(BaseModel):
|
||||
email: str
|
||||
|
||||
|
||||
class GenericResponse(BaseModel):
|
||||
ok: bool = True
|
||||
|
||||
Reference in New Issue
Block a user