é""r
Browse files- backend/api/auth.py +15 -0
backend/api/auth.py
CHANGED
|
@@ -240,6 +240,21 @@ def handle_reset_password_options():
|
|
| 240 |
"""Handle OPTIONS requests for preflight CORS checks for reset password route."""
|
| 241 |
return '', 200
|
| 242 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 243 |
|
| 244 |
@auth_bp.route('/reset-password', methods=['POST'])
|
| 245 |
def reset_password():
|
|
|
|
| 240 |
"""Handle OPTIONS requests for preflight CORS checks for reset password route."""
|
| 241 |
return '', 200
|
| 242 |
|
| 243 |
+
@auth_bp.route('/reset-password', methods=['GET'])
|
| 244 |
+
def show_reset_password_form():
|
| 245 |
+
"""
|
| 246 |
+
Serve the password reset form.
|
| 247 |
+
This endpoint is accessed via the link sent in the password reset email.
|
| 248 |
+
The token will be available as a query parameter (e.g., ?token=abc123).
|
| 249 |
+
The SPA frontend should read this token and display the form accordingly.
|
| 250 |
+
"""
|
| 251 |
+
# Log the access for monitoring
|
| 252 |
+
current_app.logger.info("Password reset form page accessed.")
|
| 253 |
+
# For an SPA, serving index.html allows the frontend router to take over.
|
| 254 |
+
# The frontend can access query parameters like 'token' using its router or window.location.
|
| 255 |
+
# No specific action is needed here other than ensuring the route is recognized.
|
| 256 |
+
# The main app.py serve_frontend will ultimately serve the SPA's index.html.
|
| 257 |
+
return '', 200 # Let the main SPA handler take over
|
| 258 |
|
| 259 |
@auth_bp.route('/reset-password', methods=['POST'])
|
| 260 |
def reset_password():
|