Added Reset Password screen, fixed Forgot Password flow and App routes

Uttam Singh · Uttam Singh · commit 56066598c291 · 2025-11-11T20:09:42.000+05:30
diff --git a/backend/app/routers/forgot_password.py b/backend/app/routers/forgot_password.py
@@ -1,71 +1,30 @@
-from fastapi import APIRouter, Form, HTTPException, Depends
-from sqlalchemy.orm import Session
-from app.database import get_db
-from app.models.user import User
-import random
-import smtplib
-from email.mime.text import MIMEText
-from email.mime.multipart import MIMEMultipart
-import os
-
-router = APIRouter()
-
-# ✅ Generate random 6-digit OTP
-def generate_otp():
-    return str(random.randint(100000, 999999))
-
-# ✅ Send email via company mail (SMTP)
-def send_otp_email(recipient_email: str, otp: str):
-    sender_email = os.getenv("SMTP_SENDER_EMAIL", "support@edmeinsurance.com")
-    sender_password = os.getenv("SMTP_PASSWORD", "your-app-password")
-    smtp_server = os.getenv("SMTP_SERVER", "smtp.office365.com")
-    smtp_port = int(os.getenv("SMTP_PORT", 587))
-
-    subject = "FAT-EIBL Password Reset OTP"
-    body = f"""
-    <html>
-        <body>
-            <p>Dear User,</p>
-            <p>Your OTP for password reset is: <b>{otp}</b></p>
-            <p>This OTP will expire in 10 minutes.</p>
-            <p>Regards,<br>Finance Audit Tracker - Edme Insurance Brokers Ltd</p>
-        </body>
-    </html>
-    """
-
-    msg = MIMEMultipart()
-    msg["From"] = sender_email
-    msg["To"] = recipient_email
-    msg["Subject"] = subject
-    msg.attach(MIMEText(body, "html"))
-
-    try:
-        with smtplib.SMTP(smtp_server, smtp_port) as server:
-            server.starttls()
-            server.login(sender_email, sender_password)
-            server.send_message(msg)
-        print(f"✅ OTP sent to {recipient_email}")
-    except Exception as e:
-        print(f"❌ Error sending OTP: {e}")
-        raise HTTPException(status_code=500, detail="Failed to send OTP email")
-
-# ✅ Store OTP temporarily (in memory)
-otp_storage = {}
-
-@router.post("/forgot-password")
-def forgot_password(email: str = Form(...), db: Session = Depends(get_db)):
-    # Check if user exists
+from passlib.hash import bcrypt
+from datetime import datetime
+from app.models.otp import OtpModel
+
+@router.post("/reset-password")
+def reset_password(
+    email: str = Form(...),
+    otp: str = Form(...),
+    new_password: str = Form(...),
+    db: Session = Depends(get_db),
+):
+    # Check user exists
     user = db.query(User).filter(User.email == email).first()
     if not user:
         raise HTTPException(status_code=404, detail="Email not registered")
 
-    # Generate OTP
-    otp = generate_otp()
+    # Verify OTP
+    otp_entry = db.query(OtpModel).filter(OtpModel.email == email, OtpModel.otp == otp).first()
+    if not otp_entry:
+        raise HTTPException(status_code=400, detail="Invalid OTP")
 
-    # Save OTP temporarily (could use Redis or DB for production)
-    otp_storage[email] = otp
+    if datetime.utcnow() > otp_entry.expires_at:
+        raise HTTPException(status_code=400, detail="OTP expired")
 
-    # Send email
-    send_otp_email(email, otp)
+    # Update password
+    user.hashed_password = bcrypt.hash(new_password)
+    db.delete(otp_entry)  # Remove OTP after successful use
+    db.commit()
 
-    return {"ok": True, "message": f"OTP sent to {email}. Please check your inbox."}
+    return {"ok": True, "message": "Password reset successfully"}
diff --git a/frontend/src/pages/App.jsx b/frontend/src/pages/App.jsx
@@ -3,7 +3,7 @@ import { BrowserRouter, Routes, Route } from "react-router-dom";
 import Login from "./Login.jsx";
 import Dashboard from "./Dashboard.jsx";
 import AdminDashboard from "./AdminDashboard.jsx";
-import ForgotPassword from "./ForgotPassword.jsx"; // ✅ added
+import ResetPassword from "./ResetPassword.jsx"; // ✅ import added
 
 export default function App() {
   return (
@@ -12,9 +12,8 @@ export default function App() {
         <Route path="/" element={<Login />} />
         <Route path="/dashboard" element={<Dashboard />} />
         <Route path="/admin-dashboard" element={<AdminDashboard />} />
-        <Route path="/forgot-password" element={<ForgotPassword />} /> {/* ✅ added */}
+        <Route path="/reset-password" element={<ResetPassword />} /> {/* ✅ added */}
       </Routes>
     </BrowserRouter>
   );
 }
-
diff --git a/frontend/src/pages/ForgotPassword.jsx b/frontend/src/pages/ForgotPassword.jsx
@@ -1,44 +1,144 @@
 import React, { useState } from "react";
+import logo from "../assets/logo.png";
 
 export default function ForgotPassword() {
   const [email, setEmail] = useState("");
   const [message, setMessage] = useState("");
+  const [loading, setLoading] = useState(false);
 
-  const handleSubmit = async (e) => {
+  const handleSendOTP = async (e) => {
     e.preventDefault();
+    setMessage("");
+    setLoading(true);
+
     try {
-      const res = await fetch("https://fat-eibl-backend-x1sp.onrender.com/users/forgot-password", {
-        method: "POST",
-        headers: { "Content-Type": "application/json" },
-        body: JSON.stringify({ email }),
-      });
-      const data = await res.json();
-      setMessage(data.message || "If the email exists, OTP has been sent.");
-    } catch (error) {
-      setMessage("Something went wrong. Please try again.");
+      const response = await fetch(
+        "https://fat-eibl-backend-x1sp.onrender.com/users/forgot-password",
+        {
+          method: "POST",
+          body: new URLSearchParams({ email }),
+        }
+      );
+
+      const data = await response.json();
+      if (response.ok && data.ok) {
+        setMessage(`✅ OTP sent to ${email}. Please check your inbox.`);
+      } else {
+        setMessage(`❌ ${data.detail || data.error || "Email not registered."}`);
+      }
+    } catch {
+      setMessage("⚠️ Unable to reach the server. Please try again later.");
+    } finally {
+      setLoading(false);
     }
   };
 
   return (
-    <div className="flex flex-col items-center justify-center min-h-screen bg-gray-50">
-      <h1 className="text-2xl font-semibold mb-4">Forgot Password</h1>
-      <form onSubmit={handleSubmit} className="bg-white p-6 rounded shadow w-80">
-        <input
-          type="email"
-          placeholder="Enter registered email"
-          value={email}
-          onChange={(e) => setEmail(e.target.value)}
-          required
-          className="border w-full p-2 mb-4 rounded"
+    <div
+      style={{
+        height: "100vh",
+        background: "linear-gradient(180deg, #f6f9ff 0%, #e7efff 100%)",
+        display: "flex",
+        justifyContent: "center",
+        alignItems: "center",
+        fontFamily: "Segoe UI, sans-serif",
+      }}
+    >
+      <div
+        style={{
+          background: "#fff",
+          padding: "40px",
+          borderRadius: "16px",
+          boxShadow: "0 6px 16px rgba(0, 0, 0, 0.1)",
+          width: "380px",
+          textAlign: "center",
+        }}
+      >
+        <img
+          src={logo}
+          alt="Edme Logo"
+          style={{ width: "120px", marginBottom: "20px" }}
         />
-        <button
-          type="submit"
-          className="bg-blue-600 text-white px-4 py-2 rounded w-full hover:bg-blue-700"
+        <h2 style={{ color: "#004aad", marginBottom: "10px" }}>
+          Forgot Password
+        </h2>
+        <p
+          style={{
+            fontSize: "14px",
+            color: "#555",
+            marginBottom: "25px",
+          }}
+        >
+          Enter your registered email and we’ll send an OTP to reset your
+          password.
+        </p>
+
+        <form onSubmit={handleSendOTP}>
+          <input
+            type="email"
+            placeholder="Enter registered email"
+            value={email}
+            onChange={(e) => setEmail(e.target.value)}
+            required
+            style={{
+              width: "100%",
+              padding: "12px",
+              borderRadius: "8px",
+              border: "1px solid #ccc",
+              outlineColor: "#004aad",
+              marginBottom: "15px",
+              fontSize: "14px",
+            }}
+          />
+          <button
+            type="submit"
+            disabled={loading}
+            style={{
+              width: "100%",
+              padding: "12px",
+              borderRadius: "8px",
+              backgroundColor: loading ? "#7a9be6" : "#004aad",
+              color: "white",
+              fontWeight: 500,
+              border: "none",
+              cursor: "pointer",
+              fontSize: "15px",
+            }}
+          >
+            {loading ? "Sending..." : "Send OTP"}
+          </button>
+        </form>
+
+        {message && (
+          <p
+            style={{
+              color: message.includes("✅")
+                ? "green"
+                : message.includes("⚠️")
+                ? "#e67e22"
+                : "red",
+              fontSize: "14px",
+              marginTop: "15px",
+              lineHeight: "1.5",
+            }}
+          >
+            {message}
+          </p>
+        )}
+
+        <p
+          onClick={() => (window.location.href = "/")}
+          style={{
+            color: "#004aad",
+            marginTop: "25px",
+            fontSize: "14px",
+            textDecoration: "underline",
+            cursor: "pointer",
+          }}
         >
-          Send OTP
-        </button>
-      </form>
-      {message && <p className="mt-4 text-green-600">{message}</p>}
+          ← Back to Login
+        </p>
+      </div>
     </div>
   );
 }
diff --git a/frontend/src/pages/ResetPassword.jsx b/frontend/src/pages/ResetPassword.jsx
