feat: Réinitialisation de mot de passe avec tokens sécurisés

Implémentation complète du flux de réinitialisation de mot de passe (Story 1.5): Backend: - Aggregate PasswordResetToken avec TTL 1h, UUID v7, usage unique - Endpoint POST /api/password/forgot avec rate limiting (3/h par email, 10/h par IP) - Endpoint POST /api/password/reset avec validation token - Templates email (demande + confirmation) - Repository Redis avec TTL 2h pour distinguer expiré/invalide Frontend: - Page /mot-de-passe-oublie avec message générique (anti-énumération) - Page /reset-password/[token] avec validation temps réel des critères - Gestion erreurs: token invalide, expiré, déjà utilisé Tests: - 14 tests unitaires PasswordResetToken - 7 tests unitaires RequestPasswordResetHandler - 7 tests unitaires ResetPasswordHandler - Tests E2E Playwright pour le flux complet
2026-02-01 23:15:01 +01:00
parent b7354b8448
commit affad287f9
71 changed files with 4829 additions and 222 deletions
--- a/frontend/src/routes/mot-de-passe-oublie/+page.svelte
+++ b/frontend/src/routes/mot-de-passe-oublie/+page.svelte
@@ -0,0 +1,416 @@
+<script lang="ts">
+	import { getApiBaseUrl } from '$lib/api/config';
+
+	// Form state
+	let email = $state('');
+	let isSubmitting = $state(false);
+	let isSubmitted = $state(false);
+	let error = $state<string | null>(null);
+
+	async function handleSubmit(event: SubmitEvent) {
+		event.preventDefault();
+
+		if (isSubmitting) return;
+
+		error = null;
+		isSubmitting = true;
+
+		try {
+			const response = await fetch(`${getApiBaseUrl()}/password/forgot`, {
+				method: 'POST',
+				headers: {
+					'Content-Type': 'application/json'
+				},
+				body: JSON.stringify({ email: email.trim().toLowerCase() })
+			});
+
+			if (response.status === 429) {
+				error = 'Trop de demandes. Veuillez patienter avant de réessayer.';
+				return;
+			}
+
+			// Always show success message (no email enumeration)
+			isSubmitted = true;
+		} catch {
+			error = 'Une erreur est survenue. Veuillez réessayer.';
+		} finally {
+			isSubmitting = false;
+		}
+	}
+</script>
+
+<svelte:head>
+	<title>Mot de passe oublié | Classeo</title>
+	<link rel="preconnect" href="https://fonts.googleapis.com" />
+	<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin="anonymous" />
+	<link
+		href="https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&display=swap"
+		rel="stylesheet"
+	/>
+</svelte:head>
+
+<div class="page">
+	<div class="container">
+		<!-- Logo -->
+		<div class="logo">
+			<span class="logo-icon">📚</span>
+			<span class="logo-text">Classeo</span>
+		</div>
+
+		<div class="card">
+			{#if isSubmitted}
+				<!-- Success State -->
+				<div class="success-state">
+					<div class="success-icon">
+						<span>✉</span>
+					</div>
+					<h1>Vérifiez votre boîte mail</h1>
+					<p>
+						Si un compte existe avec l'adresse <strong>{email}</strong>, vous recevrez
+						un email avec les instructions pour réinitialiser votre mot de passe.
+					</p>
+					<p class="hint">
+						Le lien sera valide pendant <strong>1 heure</strong>.
+					</p>
+					<div class="actions">
+						<a href="/login" class="link-button">Retour à la connexion</a>
+					</div>
+				</div>
+			{:else}
+				<!-- Form State -->
+				<h1>Mot de passe oublié</h1>
+				<p class="description">
+					Entrez votre adresse email et nous vous enverrons un lien pour réinitialiser
+					votre mot de passe.
+				</p>
+
+				{#if error}
+					<div class="error-banner">
+						<span class="error-icon">⚠</span>
+						<span class="error-message">{error}</span>
+					</div>
+				{/if}
+
+				<form onsubmit={handleSubmit}>
+					<div class="form-group">
+						<label for="email">Adresse email</label>
+						<div class="input-wrapper">
+							<input
+								id="email"
+								type="email"
+								required
+								placeholder="votre@email.com"
+								bind:value={email}
+								disabled={isSubmitting}
+								autocomplete="email"
+							/>
+						</div>
+					</div>
+
+					<button type="submit" class="submit-button" disabled={isSubmitting || !email}>
+						{#if isSubmitting}
+							<span class="spinner"></span>
+							Envoi en cours...
+						{:else}
+							Envoyer le lien de réinitialisation
+						{/if}
+					</button>
+				</form>
+
+				<div class="links">
+					<a href="/login" class="back-link">← Retour à la connexion</a>
+				</div>
+			{/if}
+		</div>
+
+		<p class="footer">Un problème ? Contactez votre établissement.</p>
+	</div>
+</div>
+
+<style>
+	/* Design Tokens - Calm Productivity */
+	:root {
+		--color-calm: hsl(142, 76%, 36%);
+		--color-attention: hsl(38, 92%, 50%);
+		--color-alert: hsl(0, 72%, 51%);
+		--surface-primary: hsl(210, 20%, 98%);
+		--surface-elevated: hsl(0, 0%, 100%);
+		--text-primary: hsl(222, 47%, 11%);
+		--text-secondary: hsl(215, 16%, 47%);
+		--text-muted: hsl(215, 13%, 65%);
+		--accent-primary: hsl(199, 89%, 48%);
+		--border-subtle: hsl(214, 32%, 91%);
+		--radius-sm: 8px;
+		--radius-md: 12px;
+		--radius-lg: 16px;
+		--shadow-card: 0 1px 3px rgba(0, 0, 0, 0.08), 0 1px 2px rgba(0, 0, 0, 0.06);
+		--shadow-elevated: 0 4px 6px rgba(0, 0, 0, 0.07), 0 2px 4px rgba(0, 0, 0, 0.06);
+	}
+
+	.page {
+		min-height: 100vh;
+		background: var(--surface-primary);
+		display: flex;
+		align-items: center;
+		justify-content: center;
+		padding: 24px;
+		font-family: 'Inter', ui-sans-serif, system-ui, sans-serif;
+	}
+
+	.container {
+		width: 100%;
+		max-width: 420px;
+	}
+
+	/* Logo */
+	.logo {
+		display: flex;
+		align-items: center;
+		justify-content: center;
+		gap: 12px;
+		margin-bottom: 32px;
+	}
+
+	.logo-icon {
+		font-size: 32px;
+	}
+
+	.logo-text {
+		font-size: 28px;
+		font-weight: 700;
+		color: var(--text-primary);
+	}
+
+	/* Card */
+	.card {
+		background: var(--surface-elevated);
+		border-radius: var(--radius-lg);
+		box-shadow: var(--shadow-elevated);
+		padding: 32px;
+	}
+
+	.card h1 {
+		font-size: 22px;
+		font-weight: 600;
+		color: var(--text-primary);
+		margin-bottom: 12px;
+		text-align: center;
+	}
+
+	.description {
+		font-size: 14px;
+		color: var(--text-secondary);
+		text-align: center;
+		margin-bottom: 24px;
+		line-height: 1.5;
+	}
+
+	/* Success State */
+	.success-state {
+		text-align: center;
+	}
+
+	.success-state .success-icon {
+		width: 64px;
+		height: 64px;
+		background: linear-gradient(135deg, hsl(142, 76%, 95%) 0%, hsl(142, 76%, 90%) 100%);
+		border-radius: 50%;
+		display: flex;
+		align-items: center;
+		justify-content: center;
+		margin: 0 auto 24px;
+		font-size: 28px;
+	}
+
+	.success-state h1 {
+		margin-bottom: 16px;
+	}
+
+	.success-state p {
+		font-size: 14px;
+		color: var(--text-secondary);
+		line-height: 1.6;
+		margin-bottom: 16px;
+	}
+
+	.success-state .hint {
+		font-size: 13px;
+		color: var(--text-muted);
+		padding: 12px;
+		background: var(--surface-primary);
+		border-radius: var(--radius-sm);
+		margin-bottom: 24px;
+	}
+
+	.actions {
+		margin-top: 24px;
+	}
+
+	.link-button {
+		display: inline-block;
+		padding: 12px 24px;
+		background: var(--accent-primary);
+		color: white;
+		text-decoration: none;
+		border-radius: var(--radius-sm);
+		font-weight: 500;
+		font-size: 15px;
+		transition: background 0.2s;
+	}
+
+	.link-button:hover {
+		background: hsl(199, 89%, 42%);
+	}
+
+	/* Error Banner */
+	.error-banner {
+		display: flex;
+		align-items: center;
+		gap: 12px;
+		padding: 14px 16px;
+		background: linear-gradient(135deg, hsl(0, 76%, 95%) 0%, hsl(0, 76%, 97%) 100%);
+		border: 1px solid hsl(0, 76%, 85%);
+		border-radius: var(--radius-md);
+		margin-bottom: 24px;
+		font-size: 14px;
+		color: var(--color-alert);
+	}
+
+	.error-icon {
+		flex-shrink: 0;
+		font-size: 18px;
+	}
+
+	.error-message {
+		font-weight: 500;
+	}
+
+	/* Form */
+	form {
+		display: flex;
+		flex-direction: column;
+		gap: 20px;
+	}
+
+	.form-group {
+		display: flex;
+		flex-direction: column;
+		gap: 8px;
+	}
+
+	.form-group label {
+		font-size: 14px;
+		font-weight: 500;
+		color: var(--text-primary);
+	}
+
+	.input-wrapper {
+		position: relative;
+	}
+
+	.input-wrapper input {
+		width: 100%;
+		padding: 12px 16px;
+		font-size: 15px;
+		border: 1px solid var(--border-subtle);
+		border-radius: var(--radius-sm);
+		background: var(--surface-elevated);
+		color: var(--text-primary);
+		transition:
+			border-color 0.2s,
+			box-shadow 0.2s;
+	}
+
+	.input-wrapper input:focus {
+		outline: none;
+		border-color: var(--accent-primary);
+		box-shadow: 0 0 0 3px hsla(199, 89%, 48%, 0.15);
+	}
+
+	.input-wrapper input::placeholder {
+		color: var(--text-muted);
+	}
+
+	.input-wrapper input:disabled {
+		background: var(--surface-primary);
+		color: var(--text-muted);
+		cursor: not-allowed;
+	}
+
+	/* Submit Button */
+	.submit-button {
+		width: 100%;
+		padding: 14px 24px;
+		font-size: 15px;
+		font-weight: 600;
+		color: white;
+		background: var(--accent-primary);
+		border: none;
+		border-radius: var(--radius-sm);
+		cursor: pointer;
+		transition:
+			background 0.2s,
+			transform 0.1s,
+			box-shadow 0.2s;
+		display: flex;
+		align-items: center;
+		justify-content: center;
+		gap: 8px;
+	}
+
+	.submit-button:hover:not(:disabled) {
+		background: hsl(199, 89%, 42%);
+		box-shadow: var(--shadow-card);
+	}
+
+	.submit-button:active:not(:disabled) {
+		transform: scale(0.98);
+	}
+
+	.submit-button:disabled {
+		background: var(--text-muted);
+		cursor: not-allowed;
+	}
+
+	/* Spinner */
+	.spinner {
+		width: 18px;
+		height: 18px;
+		border: 2px solid rgba(255, 255, 255, 0.3);
+		border-top-color: white;
+		border-radius: 50%;
+		animation: spin 0.8s linear infinite;
+	}
+
+	@keyframes spin {
+		to {
+			transform: rotate(360deg);
+		}
+	}
+
+	/* Links */
+	.links {
+		text-align: center;
+		margin-top: 20px;
+		padding-top: 20px;
+		border-top: 1px solid var(--border-subtle);
+	}
+
+	.back-link {
+		font-size: 14px;
+		color: var(--accent-primary);
+		text-decoration: none;
+	}
+
+	.back-link:hover {
+		text-decoration: underline;
+	}
+
+	/* Footer */
+	.footer {
+		text-align: center;
+		font-size: 14px;
+		color: var(--text-muted);
+		margin-top: 24px;
+	}
+</style>