Files
Termix/src/backend
LukeGus a2f6c90eae feat(auth): non-destructive password resets and admin reset endpoint
Password resets no longer destroy user data: the DEK is system-wrapped, so
forgot-password and admin resets are just a hash update plus session revoke.
The wipe branch survives only for accounts that never logged in since the
encryption upgrade and now requires explicit confirmDataWipe (surfaced as a
409 DATA_WIPE_REQUIRED; the reset UI asks for confirmation). Adds
POST /users/admin/reset-password and removes the dead re-encryption paths.
2026-07-16 00:36:14 -05:00
..
2026-03-08 18:02:14 -05:00
2026-06-29 13:28:26 -05:00
2026-05-28 22:29:20 -05:00
2026-06-29 13:28:26 -05:00