feat: user management — admin create, password reset, archive/delete, quick invite

Phase 1: must_change_password enforcement + change password endpoint/page Phase 2: Admin user creation (M365-style) with temp password Phase 3: Password reset (self-service forgot + admin-triggered) Phase 4: User archive (soft delete) + hard delete with precheck Phase 5: Quick invite from admin Users page Also fixes: - Auto-create subscription for accounts missing one - Hard delete precheck ignores sole-member personal accounts - Seed script patches tree nodes for validation compliance Migrations: 031 (must_change_password), 032 (password_reset_tokens), 033 (user soft delete) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-13 01:42:51 -05:00
parent b8f25f19eb
commit ad59446332
32 changed files with 3064 additions and 38 deletions
--- a/frontend/src/api/auth.ts
+++ b/frontend/src/api/auth.ts
@@ -30,6 +30,29 @@ export const authApi = {
  async logout(): Promise<void> {
    await apiClient.post('/auth/logout')
  },
+
+  async changePassword(currentPassword: string, newPassword: string): Promise<void> {
+    await apiClient.post('/auth/password/change', {
+      current_password: currentPassword,
+      new_password: newPassword,
+    })
+  },
+
+  async forgotPassword(email: string): Promise<void> {
+    await apiClient.post('/auth/password/forgot', { email })
+  },
+
+  async verifyResetToken(token: string): Promise<{ valid: boolean; email: string | null }> {
+    const response = await apiClient.post<{ valid: boolean; email: string | null }>('/auth/password/verify-reset-token', { token })
+    return response.data
+  },
+
+  async resetPassword(token: string, newPassword: string): Promise<void> {
+    await apiClient.post('/auth/password/reset', {
+      token,
+      new_password: newPassword,
+    })
+  },
 }

 export default authApi