feat: add email verification, password reset, and WSDC integration (Phase 1.5)

Backend features: - AWS SES email service with HTML templates - Email verification with dual method (link + 6-digit PIN code) - Password reset workflow with secure tokens - WSDC API proxy for dancer lookup and auto-fill registration - Extended User model with verification and WSDC fields - Email verification middleware for protected routes Frontend features: - Two-step registration with WSDC ID lookup - Password strength indicator component - Email verification page with code input - Password reset flow (request + reset pages) - Verification banner for unverified users - Updated authentication context and API service Testing: - 65 unit tests with 100% coverage of new features - Tests for auth utils, email service, WSDC controller, and middleware - Integration tests for full authentication flows - Comprehensive mocking of AWS SES and external APIs Database: - Migration: add WSDC fields (firstName, lastName, wsdcId) - Migration: add email verification fields (token, code, expiry) - Migration: add password reset fields (token, expiry) Documentation: - Complete Phase 1.5 documentation - Test suite documentation and best practices - Updated session context with new features
2025-11-13 15:47:54 +01:00
parent 4d7f814538
commit 7a2f6d07ec
31 changed files with 5586 additions and 87 deletions
--- a/backend/src/routes/auth.js
+++ b/backend/src/routes/auth.js
@@ -1,5 +1,13 @@
 const express = require('express');
-const { register, login } = require('../controllers/auth');
+const {
+  register,
+  login,
+  verifyEmailByToken,
+  verifyEmailByCode,
+  resendVerification,
+  requestPasswordReset,
+  resetPassword
+} = require('../controllers/auth');
 const { registerValidation, loginValidation } = require('../middleware/validators');

 const router = express.Router();
@@ -10,4 +18,19 @@ router.post('/register', registerValidation, register);
 // POST /api/auth/login - Login user
 router.post('/login', loginValidation, login);

+// GET /api/auth/verify-email?token=xxx - Verify email by token (link)
+router.get('/verify-email', verifyEmailByToken);
+
+// POST /api/auth/verify-code - Verify email by code (PIN)
+router.post('/verify-code', verifyEmailByCode);
+
+// POST /api/auth/resend-verification - Resend verification email
+router.post('/resend-verification', resendVerification);
+
+// POST /api/auth/request-password-reset - Request password reset
+router.post('/request-password-reset', requestPasswordReset);
+
+// POST /api/auth/reset-password - Reset password with token
+router.post('/reset-password', resetPassword);
+
 module.exports = router;
--- a/backend/src/routes/wsdc.js
+++ b/backend/src/routes/wsdc.js
@@ -0,0 +1,16 @@
+/**
+ * WSDC API Routes
+ * Endpoints for World Swing Dance Council dancer lookup
+ */
+
+const express = require('express');
+const router = express.Router();
+const wsdcController = require('../controllers/wsdc');
+
+/**
+ * GET /api/wsdc/lookup?id=26997
+ * Lookup dancer by WSDC ID
+ */
+router.get('/lookup', wsdcController.lookupDancer);
+
+module.exports = router;