feat: SMTP full ENV override, password reset flow, and E2E email testing

- SMTP: SMTP_HOST/PORT/USER/FROM/TLS now all have ENV override support (previously only SMTP_PASSWORD was env-aware). ENV takes priority over DB. - docker-compose.yml: forward all SMTP_* env vars to app container + add Mailhog service (ports 1025 SMTP / 8025 HTTP, always available in dev) - Password reset: PasswordResetToken Prisma model + authRouter with requestPasswordReset (timing-safe, no email enumeration) + resetPassword - UI: /auth/forgot-password, /auth/reset-password/[token] pages + "Forgot password?" link on sign-in page - E2E: Mailhog helpers (getLatestEmailTo, clearMailhog, extractUrlFromEmail) + invite-flow.spec.ts + password-reset.spec.ts Co-Authored-By: claude-flow <ruv@ruv.net>
2026-04-02 08:55:39 +02:00
parent e5ecea81c5
commit fceceeee4b
14 changed files with 1030 additions and 11 deletions
@@ -1688,3 +1688,33 @@ model Webhook {

  @@map("webhooks")
 }
+
+// ─── Invite Token ─────────────────────────────────────────────────────────────
+
+model InviteToken {
+  id          String     @id @default(cuid())
+  email       String
+  role        SystemRole @default(USER)
+  token       String     @unique
+  expiresAt   DateTime
+  usedAt      DateTime?
+  createdById String     // userId of the inviting admin
+  createdAt   DateTime   @default(now())
+
+  @@index([token])
+  @@index([email])
+  @@map("invite_tokens")
+}
+
+model PasswordResetToken {
+  id        String    @id @default(cuid())
+  email     String
+  token     String    @unique
+  expiresAt DateTime
+  usedAt    DateTime?
+  createdAt DateTime  @default(now())
+
+  @@index([token])
+  @@index([email])
+  @@map("password_reset_tokens")
+}