🔒 feat: password reset disable option; fix: account email error message (#2327)

* feat: password reset disable option; fix: account email leak * fix(LoginSpec): typo * test: fixed LoginForm test * fix: disable password reset when undefined * refactor: use a helper function * fix: tests * feat: Remove unused error message in password reset process * chore: Update password reset email message * refactor: only allow password reset if explicitly allowed * feat: Add password reset email service configuration check The code changes in `checks.js` add a new function `checkPasswordReset()` that checks if the email service is configured when password reset is enabled. If the email service is not configured, a warning message is logged. This change ensures secure password reset functionality by prompting the user to configure the email service. Co-authored-by: Berry-13 <root@Berry> Co-authored-by: Danny Avila <messagedaniel@protonmail.com> Co-authored-by: Danny Avila <danny@librechat.ai> * chore: remove import order rules * refactor: simplify password reset logic and align against Observable Response Discrepancy * chore: make password reset warning more prominent * chore(AuthService): better logging for password resets, refactor requestPasswordReset to use req object, fix sendEmail error when email config is not present * refactor: fix styling of password reset email message * chore: add missing type for passwordResetEnabled, TStartupConfig * fix(LoginForm): prevent login form flickering * fix(ci): Update login form to use mocked startupConfig for rendering correctly * refactor: Improve password reset UI, applies DRY * chore: Add logging to password reset validation middleware * chore(CONTRIBUTING): Update import order conventions --------- Co-authored-by: Danny Avila <danny@librechat.ai> Co-authored-by: Berry-13 <root@Berry> Co-authored-by: Danny Avila <messagedaniel@protonmail.com>
2025-12-19 09:50:15 +01:00 · 2024-06-06 17:39:36 +02:00 · 2024-06-06 17:39:36 +02:00 · 5452d4c20c
commit 5452d4c20c
parent a7f5b57272
20 changed files with 288 additions and 137 deletions
--- a/client/src/components/Auth/LoginForm.tsx
+++ b/client/src/components/Auth/LoginForm.tsx
@ -1,19 +1,23 @@
 import React from 'react';
 import { useForm } from 'react-hook-form';
+import type { TLoginUser, TStartupConfig } from 'librechat-data-provider';
 import { useLocalize } from '~/hooks';
-import { TLoginUser } from 'librechat-data-provider';

 type TLoginFormProps = {
  onSubmit: (data: TLoginUser) => void;
+  startupConfig: TStartupConfig;
 };

-const LoginForm: React.FC<TLoginFormProps> = ({ onSubmit }) => {
+const LoginForm: React.FC<TLoginFormProps> = ({ onSubmit, startupConfig }) => {
  const localize = useLocalize();
  const {
    register,
    handleSubmit,
    formState: { errors },
  } = useForm<TLoginUser>();
+  if (!startupConfig) {
+    return null;
+  }

  const renderError = (fieldName: string) => {
    const errorMessage = errors[fieldName]?.message;
@ -81,9 +85,11 @@ const LoginForm: React.FC<TLoginFormProps> = ({ onSubmit }) => {
        </div>
        {renderError('password')}
      </div>
-      <a href="/forgot-password" className="text-sm text-green-500">
-        {localize('com_auth_password_forgot')}
-      </a>
+      {startupConfig.passwordResetEnabled && (
+        <a href="/forgot-password" className="text-sm text-green-500">
+          {localize('com_auth_password_forgot')}
+        </a>
+      )}
      <div className="mt-6">
        <button
          aria-label="Sign in"