Skip to content

fix(auth): improve reset password flow and consolidate brand detection #2924

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
waleedlatif1 merged 4 commits into from
Jan 21, 2026
Merged

fix(auth): improve reset password flow and consolidate brand detection #2924

waleedlatif1 merged 4 commits into from
Jan 21, 2026
+46 −163

Conversation

@waleedlatif1
Copy link
Collaborator

@waleedlatif1 waleedlatif1 commented Jan 21, 2026

Summary

  • Add password reset success message on login page
  • Consolidate duplicated brand detection logic into useBrandedButtonClass hook across all auth forms
  • Add special character requirement to backend password validation
  • Improve login error handling with errorHandled flag pattern

Type of Change

  • Bug fix

Testing

Tested manually

Checklist

  • Code follows project style guidelines
  • Self-reviewed my changes
  • Tests added/updated and passing
  • No new warnings introduced
  • I confirm that I have read and agree to the terms outlined in the Contributor License Agreement (CLA)

@vercel
Copy link

vercel bot commented Jan 21, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment
Project Deployment Review Updated (UTC)
docs Skipped Skipped Jan 21, 2026 10:18pm

Request Review

@greptile-apps
Copy link
Contributor

greptile-apps bot commented Jan 21, 2026
edited
Loading

Greptile Summary

Improved the password reset user experience by adding a success message on the login page after password reset, and consolidated duplicated brand detection logic across all auth forms into a reusable useBrandedButtonClass hook.

Key Changes:

  • Added resetSuccessMessage state to display password reset success on login page, cleared on login errors or successful authentication
  • Improved login error handling with errorHandled flag to prevent duplicate error messages from fallback handler
  • Extracted brand detection logic (checking --brand-accent-hex CSS variable) into useBrandedButtonClass hook, removing ~30 lines of duplicate code from each of 5 auth forms
  • Added special character requirement to backend password validation schema to match frontend validation
  • Added explicit redirect fallback after successful login

Issues Found:

  • Uncaught errors in the login catch block don't display user-facing error messages

Confidence Score: 4/5

  • This PR is safe to merge with one minor issue to address
  • The changes successfully consolidate duplicate code and improve UX with proper password reset feedback. The hook extraction follows React best practices. However, there's one logical issue where uncaught errors in the login catch block don't show user-facing messages, leaving users without feedback on unexpected errors.
  • Pay attention to apps/sim/app/(auth)/login/login-form.tsx for the uncaught error handling fix

Important Files Changed

Filename Overview
apps/sim/app/(auth)/login/login-form.tsx Added reset success message display and improved error handling with errorHandled flag pattern; consolidated brand detection into hook
apps/sim/app/api/auth/reset-password/route.ts Added special character requirement to password validation schema

Sequence Diagram

sequenceDiagram
    participant User
    participant ResetPage as Reset Password Page
    participant API as /api/auth/reset-password
    participant LoginPage as Login Page
    
    User->>ResetPage: Enter new password + token
    ResetPage->>ResetPage: Validate password (8-100 chars, uppercase, lowercase, number, special char)
    ResetPage->>API: POST with token + newPassword
    API->>API: Validate password schema (same rules + special char)
    API-->>ResetPage: Success
    ResetPage->>LoginPage: Redirect with ?resetSuccess=true
    LoginPage->>LoginPage: Display success message
    User->>LoginPage: Sign in with new password
    LoginPage->>LoginPage: Clear success message on error
    LoginPage->>LoginPage: Clear success message on successful login
Loading

greptile-apps[bot]
greptile-apps bot reviewed Jan 21, 2026
View reviewed changes
Copy link
Contributor

@greptile-apps greptile-apps bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

6 files reviewed, 1 comment

Edit Code Review Agent Settings | Greptile

cursor[bot]
cursor bot reviewed Jan 21, 2026
View reviewed changes
Copy link

@cursor cursor bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 2 potential issues.

Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.

@waleedlatif1
Copy link
Collaborator Author

waleedlatif1 commented Jan 21, 2026

@greptile

greptile-apps[bot]
greptile-apps bot reviewed Jan 21, 2026
View reviewed changes
Copy link
Contributor

@greptile-apps greptile-apps bot left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Additional Comments (1)

  1. apps/sim/app/(auth)/login/login-form.tsx, line 295 (link)

    logic: uncaught errors in the catch block should show error messages to the user

    Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!

6 files reviewed, 1 comment

Edit Code Review Agent Settings | Greptile

@waleedlatif1 waleedlatif1 merged commit 9e81431 into staging Jan 21, 2026
12 checks passed
@waleedlatif1 waleedlatif1 mentioned this pull request Jan 22, 2026
Merged
@waleedlatif1 waleedlatif1 deleted the feat/reset-flow branch January 22, 2026 01:20
waleedlatif1 added a commit that referenced this pull request Jan 22, 2026
@waleedlatif1 @icecrasher321 @emir-karabeg
v0.5.67: loading, password reset, ui improvements, helm updates (#2928)
cc2be33 
* fix(zustand): updated to useShallow from deprecated createWithEqualityFn (#2919)

* fix(logger): use direct env access for webpack inlining (#2920)

* fix(notifications): text overflow with line-clamp (#2921)

* chore(helm): add env vars for Vertex AI, orgs, and telemetry (#2922)

* fix(auth): improve reset password flow and consolidate brand detection (#2924)

* fix(auth): improve reset password flow and consolidate brand detection

* fix(auth): set errorHandled for EMAIL_NOT_VERIFIED to prevent duplicate error

* fix(auth): clear success message on login errors

* chore(auth): fix import order per lint

* fix(action-bar): duplicate subflows with children (#2923)

* fix(action-bar): duplicate subflows with children

* fix(action-bar): add validateTriggerPaste for subflow duplicate

* fix(resolver): agent response format, input formats, root level (#2925)

* fix(resolvers): agent response format, input formats, root level

* fix response block initial seeding

* fix tests

* fix(messages-input): fix cursor alignment and auto-resize with overlay (#2926)

* fix(messages-input): fix cursor alignment and auto-resize with overlay

* fixed remaining zustand warnings

* fix(stores): remove dead code causing log spam on startup (#2927)

* fix(stores): remove dead code causing log spam on startup

* fix(stores): replace custom tools zustand store with react query cache

* improvement(ui): use BrandedButton and BrandedLink components (#2930)

- Refactor auth forms to use BrandedButton component
- Add BrandedLink component for changelog page
- Reduce code duplication in login, signup, reset-password forms
- Update star count default value

* fix(custom-tools): remove unsafe title fallback in getCustomTool (#2929)

* fix(custom-tools): remove unsafe title fallback in getCustomTool

* fix(custom-tools): restore title fallback in getCustomTool lookup

Custom tools are referenced by title (custom_${title}), not database ID.
The title fallback is required for client-side tool resolution to work.

* fix(null-bodies): empty bodies handling (#2931)

* fix(null-statuses): empty bodies handling

* address bugbot comment

* fix(token-refresh): microsoft, notion, x, linear (#2933)

* fix(microsoft): proactive refresh needed

* fix(x): missing token refresh flag

* notion and linear missing flag too

* address bugbot comment

* fix(auth): handle EMAIL_NOT_VERIFIED in onError callback (#2932)

* fix(auth): handle EMAIL_NOT_VERIFIED in onError callback

* refactor(auth): extract redirectToVerify helper to reduce duplication

* fix(workflow-selector): use dedicated selector for workflow dropdown (#2934)

* feat(workflow-block): preview (#2935)

* improvement(copilot): tool configs to show nested props (#2936)

* fix(auth): add genericOAuth providers to trustedProviders (#2937)

---------

Co-authored-by: Vikhyath Mondreti <vikhyathvikku@gmail.com>
Co-authored-by: Emir Karabeg <78010029+emir-karabeg@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

+1 more reviewer

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@waleedlatif1