feat: username/password authentication for admin and merchant panels
CI/CD / CI · API (dotnet build + test) (push) Successful in 49s
CI/CD / CI · Admin API (dotnet build) (push) Successful in 42s
CI/CD / CI · Dashboard (tsc) (push) Successful in 1m8s
CI/CD / CI · Admin Web (tsc) (push) Successful in 37s
CI/CD / CI · Website (tsc) (push) Successful in 46s
CI/CD / CI · Koja (tsc) (push) Successful in 49s
CI/CD / Deploy · all services (push) Has been cancelled
CI/CD / CI · API (dotnet build + test) (push) Successful in 49s
CI/CD / CI · Admin API (dotnet build) (push) Successful in 42s
CI/CD / CI · Dashboard (tsc) (push) Successful in 1m8s
CI/CD / CI · Admin Web (tsc) (push) Successful in 37s
CI/CD / CI · Website (tsc) (push) Successful in 46s
CI/CD / CI · Koja (tsc) (push) Successful in 49s
CI/CD / Deploy · all services (push) Has been cancelled
- Add PasswordHasher utility (PBKDF2/SHA-256, 100k iterations)
- Add Username + PasswordHash fields to Employee and SystemAdmin entities
- EF migration: AddPasswordLogin (nullable columns on both tables)
- Meezi.API: POST /api/auth/login (employee password login, CHOOSE_CAFE support)
- Meezi.API: PUT/DELETE /api/cafes/{id}/employees/{id}/credentials (Owner/Manager only)
- Meezi.Admin.API: POST /api/admin/auth/login + PUT /api/admin/auth/password
- Dashboard login page: OTP / Password tabs
- Admin login page: OTP / Password tabs
- HR screen: new Credentials tab for setting employee username/password
- PlatformDataSeeder: ensure system admin + integration settings in production
- Trial countdown banner: updated deadline to 1 Tir 1405 (Jun 22)
- i18n: fa/en/ar updated for all new UI strings
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
soroush.asadi
@@ -1093,7 +1093,14 @@
|
||||
"otp": "رمز التحقق",
|
||||
"login": "دخول",
|
||||
"error": "فشل تسجيل الدخول",
|
||||
"devHint": "في التطوير يُطبع الرمز في سجل Admin API."
|
||||
"devHint": "في التطوير يُطبع الرمز في سجل Admin API.",
|
||||
"tabOtp": "رمز مؤقت",
|
||||
"tabPassword": "كلمة المرور",
|
||||
"username": "اسم المستخدم",
|
||||
"usernamePlaceholder": "اسم المستخدم",
|
||||
"password": "كلمة المرور",
|
||||
"passwordPlaceholder": "كلمة المرور",
|
||||
"invalidCredentials": "اسم المستخدم أو كلمة المرور غير صحيحة."
|
||||
},
|
||||
"dashboard": {
|
||||
"title": "نظرة عامة",
|
||||
|
||||
@@ -1086,7 +1086,14 @@
|
||||
"otp": "Verification code",
|
||||
"login": "Sign in",
|
||||
"error": "Login failed",
|
||||
"devHint": "In development the OTP is logged by Admin API (DEV admin OTP)."
|
||||
"devHint": "In development the OTP is logged by Admin API (DEV admin OTP).",
|
||||
"tabOtp": "One-time code",
|
||||
"tabPassword": "Password",
|
||||
"username": "Username",
|
||||
"usernamePlaceholder": "Username",
|
||||
"password": "Password",
|
||||
"passwordPlaceholder": "Password",
|
||||
"invalidCredentials": "Incorrect username or password."
|
||||
},
|
||||
"dashboard": {
|
||||
"title": "Platform overview",
|
||||
|
||||
@@ -1086,7 +1086,14 @@
|
||||
"otp": "کد تأیید",
|
||||
"login": "ورود",
|
||||
"error": "خطا در ورود",
|
||||
"devHint": "در حالت توسعه کد در لاگ Admin API چاپ میشود (DEV admin OTP)."
|
||||
"devHint": "در حالت توسعه کد در لاگ Admin API چاپ میشود (DEV admin OTP).",
|
||||
"tabOtp": "کد یکبارمصرف",
|
||||
"tabPassword": "رمز عبور",
|
||||
"username": "نام کاربری",
|
||||
"usernamePlaceholder": "نام کاربری",
|
||||
"password": "رمز عبور",
|
||||
"passwordPlaceholder": "رمز عبور",
|
||||
"invalidCredentials": "نام کاربری یا رمز عبور اشتباه است."
|
||||
},
|
||||
"dashboard": {
|
||||
"title": "خلاصه سامانه",
|
||||
|
||||
@@ -13,14 +13,25 @@ import { Input } from "@/components/ui/input";
|
||||
import { LabeledField } from "@/components/ui/labeled-field";
|
||||
import { Card, CardContent, CardHeader, CardTitle } from "@/components/ui/card";
|
||||
|
||||
type LoginTab = "otp" | "password";
|
||||
|
||||
export default function AdminLoginPage() {
|
||||
const t = useTranslations("admin.auth");
|
||||
const tAuth = useTranslations("auth");
|
||||
const router = useRouter();
|
||||
const setAuth = useAdminAuthStore((s) => s.setAuth);
|
||||
|
||||
const [tab, setTab] = useState<LoginTab>("otp");
|
||||
|
||||
// OTP state
|
||||
const [phone, setPhone] = useState("09120000001");
|
||||
const [code, setCode] = useState("");
|
||||
const [step, setStep] = useState<"phone" | "otp">("phone");
|
||||
const [otpStep, setOtpStep] = useState<"phone" | "otp">("phone");
|
||||
|
||||
// Password state
|
||||
const [username, setUsername] = useState("");
|
||||
const [password, setPassword] = useState("");
|
||||
|
||||
const [loading, setLoading] = useState(false);
|
||||
const [error, setError] = useState<string | null>(null);
|
||||
|
||||
@@ -34,6 +45,8 @@ export default function AdminLoginPage() {
|
||||
case "INVALID_OTP":
|
||||
case "VALIDATION_ERROR":
|
||||
return tAuth("invalidOtp");
|
||||
case "INVALID_TOKEN":
|
||||
return t("invalidCredentials");
|
||||
default:
|
||||
return err.message;
|
||||
}
|
||||
@@ -46,7 +59,7 @@ export default function AdminLoginPage() {
|
||||
setError(null);
|
||||
try {
|
||||
await adminPost("/api/admin/auth/send-otp", { phone });
|
||||
setStep("otp");
|
||||
setOtpStep("otp");
|
||||
setCode("");
|
||||
} catch (e) {
|
||||
setError(authErrorMessage(e));
|
||||
@@ -55,7 +68,7 @@ export default function AdminLoginPage() {
|
||||
}
|
||||
};
|
||||
|
||||
const verify = async () => {
|
||||
const verifyOtp = async () => {
|
||||
const normalized = normalizeOtpInput(code);
|
||||
if (normalized.length !== 6) {
|
||||
setError(tAuth("invalidOtp"));
|
||||
@@ -77,6 +90,34 @@ export default function AdminLoginPage() {
|
||||
}
|
||||
};
|
||||
|
||||
const loginWithPassword = async () => {
|
||||
if (!username.trim() || !password) {
|
||||
setError(t("invalidCredentials"));
|
||||
return;
|
||||
}
|
||||
setLoading(true);
|
||||
setError(null);
|
||||
try {
|
||||
const data = await adminPost<AuthTokenResponse>("/api/admin/auth/login", {
|
||||
username: username.trim(),
|
||||
password,
|
||||
});
|
||||
setAuth(data);
|
||||
router.push("/admin");
|
||||
} catch (e) {
|
||||
setError(authErrorMessage(e));
|
||||
} finally {
|
||||
setLoading(false);
|
||||
}
|
||||
};
|
||||
|
||||
const switchTab = (next: LoginTab) => {
|
||||
setTab(next);
|
||||
setError(null);
|
||||
setOtpStep("phone");
|
||||
setCode("");
|
||||
};
|
||||
|
||||
return (
|
||||
<div className="flex min-h-screen items-center justify-center bg-muted/30 p-4" dir="rtl">
|
||||
<Card className="w-full max-w-md">
|
||||
@@ -87,8 +128,36 @@ export default function AdminLoginPage() {
|
||||
<p className="text-center text-xs text-muted-foreground">{t("devHint")}</p>
|
||||
) : null}
|
||||
</CardHeader>
|
||||
<CardContent className="space-y-4">
|
||||
{step === "phone" ? (
|
||||
|
||||
{/* Tab switcher */}
|
||||
<div className="flex border-b px-6">
|
||||
<button
|
||||
type="button"
|
||||
className={`flex-1 py-2 text-sm font-medium transition-colors cursor-pointer ${
|
||||
tab === "otp"
|
||||
? "border-b-2 border-primary text-primary"
|
||||
: "text-muted-foreground hover:text-foreground"
|
||||
}`}
|
||||
onClick={() => switchTab("otp")}
|
||||
>
|
||||
{t("tabOtp")}
|
||||
</button>
|
||||
<button
|
||||
type="button"
|
||||
className={`flex-1 py-2 text-sm font-medium transition-colors cursor-pointer ${
|
||||
tab === "password"
|
||||
? "border-b-2 border-primary text-primary"
|
||||
: "text-muted-foreground hover:text-foreground"
|
||||
}`}
|
||||
onClick={() => switchTab("password")}
|
||||
>
|
||||
{t("tabPassword")}
|
||||
</button>
|
||||
</div>
|
||||
|
||||
<CardContent className="space-y-4 pt-4">
|
||||
{/* ───── OTP tab ───── */}
|
||||
{tab === "otp" && otpStep === "phone" && (
|
||||
<form
|
||||
className="space-y-4"
|
||||
onSubmit={(e) => {
|
||||
@@ -111,12 +180,14 @@ export default function AdminLoginPage() {
|
||||
{loading ? "..." : t("sendOtp")}
|
||||
</Button>
|
||||
</form>
|
||||
) : (
|
||||
)}
|
||||
|
||||
{tab === "otp" && otpStep === "otp" && (
|
||||
<form
|
||||
className="space-y-4"
|
||||
onSubmit={(e) => {
|
||||
e.preventDefault();
|
||||
if (!loading) void verify();
|
||||
if (!loading) void verifyOtp();
|
||||
}}
|
||||
>
|
||||
<LabeledField label={t("otp")} htmlFor="admin-login-otp">
|
||||
@@ -142,7 +213,7 @@ export default function AdminLoginPage() {
|
||||
className="w-full"
|
||||
disabled={loading}
|
||||
onClick={() => {
|
||||
setStep("phone");
|
||||
setOtpStep("phone");
|
||||
setCode("");
|
||||
setError(null);
|
||||
}}
|
||||
@@ -151,6 +222,46 @@ export default function AdminLoginPage() {
|
||||
</Button>
|
||||
</form>
|
||||
)}
|
||||
|
||||
{/* ───── Password tab ───── */}
|
||||
{tab === "password" && (
|
||||
<form
|
||||
className="space-y-4"
|
||||
onSubmit={(e) => {
|
||||
e.preventDefault();
|
||||
if (!loading) void loginWithPassword();
|
||||
}}
|
||||
>
|
||||
<LabeledField label={t("username")} htmlFor="admin-login-username">
|
||||
<Input
|
||||
id="admin-login-username"
|
||||
value={username}
|
||||
onChange={(e) => setUsername(e.target.value)}
|
||||
placeholder={t("usernamePlaceholder")}
|
||||
dir="ltr"
|
||||
className="text-start"
|
||||
autoComplete="username"
|
||||
autoFocus
|
||||
/>
|
||||
</LabeledField>
|
||||
<LabeledField label={t("password")} htmlFor="admin-login-password">
|
||||
<Input
|
||||
id="admin-login-password"
|
||||
type="password"
|
||||
value={password}
|
||||
onChange={(e) => setPassword(e.target.value)}
|
||||
placeholder={t("passwordPlaceholder")}
|
||||
dir="ltr"
|
||||
className="text-start"
|
||||
autoComplete="current-password"
|
||||
/>
|
||||
</LabeledField>
|
||||
<Button type="submit" className="w-full" disabled={loading || !username.trim() || !password}>
|
||||
{loading ? "..." : t("login")}
|
||||
</Button>
|
||||
</form>
|
||||
)}
|
||||
|
||||
{error ? <p className="text-center text-sm text-destructive">{error}</p> : null}
|
||||
</CardContent>
|
||||
</Card>
|
||||
|
||||
Reference in New Issue
Block a user