feat(auth): non-destructive password resets and admin reset endpoint

Password resets no longer destroy user data: the DEK is system-wrapped, so
forgot-password and admin resets are just a hash update plus session revoke.
The wipe branch survives only for accounts that never logged in since the
encryption upgrade and now requires explicit confirmDataWipe (surfaced as a
409 DATA_WIPE_REQUIRED; the reset UI asks for confirmation). Adds
POST /users/admin/reset-password and removes the dead re-encryption paths.
This commit is contained in:
LukeGus
2026-07-16 00:36:14 -05:00
parent 1032a31e25
commit a2f6c90eae
8 changed files with 361 additions and 288 deletions
+2 -1
View File
@@ -1950,7 +1950,8 @@
"passwordLoginDisabledDesc": "Password login is disabled. Use a passkey or an external authentication provider.",
"signInWithPasskey": "Sign in with passkey",
"passkeyLoginFailed": "Passkey login failed",
"attemptsRemaining": "{{count}} attempts remaining"
"attemptsRemaining": "{{count}} attempts remaining",
"confirmResetDataWipe": "This account has not logged in since the encryption upgrade, so its stored data cannot be recovered without the old password. Resetting will permanently delete its hosts, credentials and snippets. Continue?"
},
"hostKey": {
"verifyNewHost": "Verify SSH Host Key",