web: fix reset password token flow and auth interceptor

web/src/app/App.tsx

@@ -76,8 +76,11 @@ export function App() {
       return;
     }
     window.localStorage.setItem(PENDING_RESET_PASSWORD_TOKEN_KEY, resetToken);
+    if (accessToken) {
+      logout();
+    }
     window.history.replaceState(null, "", "/");
-  }, []);
+  }, [accessToken, logout]);
 
   useEffect(() => {
     const nav = extractNotificationNavigationFromLocation();
@@ -221,10 +224,28 @@ function extractPasswordResetTokenFromLocation(): string | null {
     return null;
   }
   const url = new URL(window.location.href);
-  if (!/^\/reset-password\/?$/i.test(url.pathname)) {
+  if (!/^\/reset-password(?:\/[^/]+)?\/?$/i.test(url.pathname)) {
     return null;
   }
-  return url.searchParams.get("token")?.trim() || null;
+  const tokenFromQuery =
+    url.searchParams.get("token")?.trim() ||
+    url.searchParams.get("reset_token")?.trim();
+  if (tokenFromQuery) {
+    return tokenFromQuery;
+  }
+  const pathMatch = url.pathname.match(/^\/reset-password\/([^/]+)\/?$/i);
+  if (pathMatch?.[1]?.trim()) {
+    return pathMatch[1].trim();
+  }
+  if (url.hash) {
+    const hash = url.hash.replace(/^#/, "");
+    const hashParams = new URLSearchParams(hash);
+    const tokenFromHash = hashParams.get("token")?.trim() || hashParams.get("reset_token")?.trim();
+    if (tokenFromHash) {
+      return tokenFromHash;
+    }
+  }
+  return null;
 }
 
 function inviteJoinErrorMessage(error: unknown): string {