feat: implemented password reset#24
Merged
Merged
Conversation
omthorat2004
force-pushed
the
feat/password-reset
branch
6 times, most recently
from
93f11a1 to
a878a55
Compare
koldakov
requested changes
Apr 29, 2026
| class Settings(BaseSettings): | ||
| allow_origins: list[str] | ||
| backend_url: HttpUrl | ||
| scheme: str = "http" |
Comment on lines
+136
to
+164
| <script> | ||
| const BACKEND_URL = "{{ backend_url }}"; | ||
|
|
||
| let timerInterval = null; | ||
|
|
||
| function openForgotPasswordModal(event) { | ||
| event.preventDefault(); | ||
|
|
||
| const modal = document.getElementById('forgotPasswordModal'); | ||
| const messageDiv = document.getElementById('forgotPasswordMessage'); | ||
| const submitButton = document.querySelector('#forgotPasswordForm button[type="submit"]'); | ||
|
|
||
| modal.classList.add('show'); | ||
| document.getElementById('reset-email').focus(); | ||
|
|
||
| // Reset message | ||
| messageDiv.classList.add('hidden'); | ||
| messageDiv.textContent = ''; | ||
|
|
||
| const { allowed, timeRemaining } = canRequestPasswordReset(); | ||
|
|
||
| if (!allowed) { | ||
| messageDiv.classList.remove('hidden'); | ||
| messageDiv.className = 'auth-message error'; | ||
| startCountdown(messageDiv, timeRemaining, submitButton); | ||
| } else { | ||
| submitButton.disabled = false; | ||
| } | ||
| } |
Owner
There was a problem hiding this comment.
JS code looks good, however please move the code to the corresponding .js file
| @@ -1,7 +1,9 @@ | |||
| ALLOW_ORIGINS=* | |||
| BACKEND_URL=http://localhost:8080 | |||
Owner
There was a problem hiding this comment.
You don’t need multiple sources of truth for the same thing. Since BACKEND_URL already includes both the scheme and the host, TRUSTED_HOST and SCHEME are redundant and can be derived from it. Keeping them separately increases the risk of inconsistencies over time.
It’s better to rely on a single env var BACKEND_URL and compute the rest from it.
With Pydantic, you can use computed_field to calculate these values cleanly from the URL.
omthorat2004
force-pushed
the
feat/password-reset
branch
2 times, most recently
from
3811ba3 to
17d8196
Compare
omthorat2004
force-pushed
the
feat/password-reset
branch
from
30be589 to
a84311d
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #23
Summary
Add password reset functionality allowing users to request a reset link via email and securely update their password through a token-based flow.
Changes
templates/auth.htmlwith email inputlocalStorageto prevent repeated requests (cooldown timer)POST /api/users/passwords/request-changeto trigger password reset flowtemplates/password_change.html)GETroute to validate token and render password change formPOSTroute to update password after validationmessageType=password_changedafter successful resetValidation
Notes