benya/Messenger
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

web: fix reset password token flow and auth interceptor
Some checks failed
Android CI / android (push) Has started running
Details
Android Release / release (push) Has been cancelled
Details
CI / test (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Codex
2026-03-09 21:52:24 +03:00
parent cbd326ee12
commit 776a7634d2
4 changed files with 90 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
web/src/api/auth.ts
View File

@@ -14,7 +14,7 @@ export async function requestPasswordResetRequest(email: string): Promise<void>
}
export async function resetPasswordRequest(token: string, password: string): Promise<void> {
await http.post("/auth/reset-password", { token, password });
await http.post("/auth/reset-password", { token, new_password: password });
}
export async function loginRequest(email: string, password: string, otpCode?: string, recoveryCode?: string): Promise<TokenPair> {

11
web/src/api/http.ts
View File

@@ -21,7 +21,16 @@ let refreshInFlight: Promise<void> | null = null;
function shouldSkipRefresh(config?: InternalAxiosRequestConfig): boolean {
const url = config?.url ?? "";
return url.includes("/auth/login") || url.includes("/auth/refresh");
return (
url.includes("/auth/login") ||
url.includes("/auth/refresh") ||
url.includes("/auth/register") ||
url.includes("/auth/check-email") ||
url.includes("/auth/verify-email") ||
url.includes("/auth/resend-verification") ||
url.includes("/auth/request-password-reset") ||
url.includes("/auth/reset-password")
);
}
http.interceptors.response.use(

27
web/src/app/App.tsx
View File

@@ -76,8 +76,11 @@ export function App() {
return;
}
window.localStorage.setItem(PENDING_RESET_PASSWORD_TOKEN_KEY, resetToken);
if (accessToken) {
logout();
}
window.history.replaceState(null, "", "/");
}, []);
}, [accessToken, logout]);
useEffect(() => {
const nav = extractNotificationNavigationFromLocation();
@@ -221,10 +224,28 @@ function extractPasswordResetTokenFromLocation(): string | null {
return null;
}
const url = new URL(window.location.href);
if (!/^\/reset-password\/?$/i.test(url.pathname)) {
if (!/^\/reset-password(?:\/[^/]+)?\/?$/i.test(url.pathname)) {
return null;
}
return url.searchParams.get("token")?.trim() || null;
const tokenFromQuery =
url.searchParams.get("token")?.trim() ||
url.searchParams.get("reset_token")?.trim();
if (tokenFromQuery) {
return tokenFromQuery;
}
const pathMatch = url.pathname.match(/^\/reset-password\/([^/]+)\/?$/i);
if (pathMatch?.[1]?.trim()) {
return pathMatch[1].trim();
}
if (url.hash) {
const hash = url.hash.replace(/^#/, "");
const hashParams = new URLSearchParams(hash);
const tokenFromHash = hashParams.get("token")?.trim() || hashParams.get("reset_token")?.trim();
if (tokenFromHash) {
return tokenFromHash;
}
}
return null;
}
function inviteJoinErrorMessage(error: unknown): string {