feat: user management — admin create, password reset, archive/delete, quick invite

Phase 1: must_change_password enforcement + change password endpoint/page Phase 2: Admin user creation (M365-style) with temp password Phase 3: Password reset (self-service forgot + admin-triggered) Phase 4: User archive (soft delete) + hard delete with precheck Phase 5: Quick invite from admin Users page Also fixes: - Auto-create subscription for accounts missing one - Hard delete precheck ignores sole-member personal accounts - Seed script patches tree nodes for validation compliance Migrations: 031 (must_change_password), 032 (password_reset_tokens), 033 (user soft delete) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-13 01:42:51 -05:00
parent b8f25f19eb
commit ad59446332
32 changed files with 3064 additions and 38 deletions
--- a/frontend/src/router.tsx
+++ b/frontend/src/router.tsx
@@ -8,6 +8,11 @@ import {
  RegisterPage,
 } from '@/pages'

+// Standalone auth pages
+const ChangePasswordPage = lazy(() => import('@/pages/ChangePasswordPage'))
+const ForgotPasswordPage = lazy(() => import('@/pages/ForgotPasswordPage'))
+const ResetPasswordPage = lazy(() => import('@/pages/ResetPasswordPage'))
+
 // Lazy load heavy pages for code splitting
 const QuickStartPage = lazy(() => import('@/pages/QuickStartPage'))
 const TreeLibraryPage = lazy(() => import('@/pages/TreeLibraryPage'))
@@ -44,6 +49,35 @@ export const router = createBrowserRouter([
    element: <RegisterPage />,
    errorElement: <RouteError />,
  },
+  {
+    path: '/forgot-password',
+    element: (
+      <Suspense fallback={<PageLoader />}>
+        <ForgotPasswordPage />
+      </Suspense>
+    ),
+    errorElement: <RouteError />,
+  },
+  {
+    path: '/reset-password',
+    element: (
+      <Suspense fallback={<PageLoader />}>
+        <ResetPasswordPage />
+      </Suspense>
+    ),
+    errorElement: <RouteError />,
+  },
+  {
+    path: '/change-password',
+    element: (
+      <ProtectedRoute>
+        <Suspense fallback={<PageLoader />}>
+          <ChangePasswordPage />
+        </Suspense>
+      </ProtectedRoute>
+    ),
+    errorElement: <RouteError />,
+  },
  {
    path: '/',
    element: (