feat: user management — admin create, password reset, archive/delete, quick invite

Phase 1: must_change_password enforcement + change password endpoint/page Phase 2: Admin user creation (M365-style) with temp password Phase 3: Password reset (self-service forgot + admin-triggered) Phase 4: User archive (soft delete) + hard delete with precheck Phase 5: Quick invite from admin Users page Also fixes: - Auto-create subscription for accounts missing one - Hard delete precheck ignores sole-member personal accounts - Seed script patches tree nodes for validation compliance Migrations: 031 (must_change_password), 032 (password_reset_tokens), 033 (user soft delete) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-13 01:42:51 -05:00
parent b8f25f19eb
commit ad59446332
32 changed files with 3064 additions and 38 deletions
--- a/frontend/src/pages/LoginPage.tsx
+++ b/frontend/src/pages/LoginPage.tsx
@@ -27,7 +27,12 @@ export function LoginPage() {

    try {
      await login({ email, password })
-      navigate(from, { replace: true })
+      const user = useAuthStore.getState().user
+      if (user?.must_change_password) {
+        navigate('/change-password', { replace: true })
+      } else {
+        navigate(from, { replace: true })
+      }
    } catch {
      // Error is set in the store
    }
@@ -108,6 +113,12 @@ export function LoginPage() {
              />
            </div>

+            <div className="text-right">
+              <Link to="/forgot-password" className="text-xs text-white/40 hover:text-white/60 transition-colors">
+                Forgot password?
+              </Link>
+            </div>
+
            <button
              type="submit"
              disabled={isLoading}