Commit Graph

1 Commits

Author SHA1 Message Date
LukeGus a2f6c90eae feat(auth): non-destructive password resets and admin reset endpoint
Password resets no longer destroy user data: the DEK is system-wrapped, so
forgot-password and admin resets are just a hash update plus session revoke.
The wipe branch survives only for accounts that never logged in since the
encryption upgrade and now requires explicit confirmDataWipe (surfaced as a
409 DATA_WIPE_REQUIRED; the reset UI asks for confirmation). Adds
POST /users/admin/reset-password and removes the dead re-encryption paths.
2026-07-16 00:36:14 -05:00