web/app/signup/set-password/page.tsx

'use client'
import { useCallback, useState } from 'react'
import { useTranslation } from 'react-i18next'
import { useRouter, useSearchParams } from 'next/navigation'
import cn from 'classnames'
import Button from '@/app/components/base/button'
import Toast from '@/app/components/base/toast'
import Input from '@/app/components/base/input'
import { validPassword } from '@/config'
import type { MailRegisterResponse } from '@/service/use-common'
import { useMailRegister } from '@/service/use-common'
import { trackEvent } from '@/app/components/base/amplitude'

const ChangePasswordForm = () => {
  const { t } = useTranslation()
  const router = useRouter()
  const searchParams = useSearchParams()
  const token = decodeURIComponent(searchParams.get('token') || '')

  const [password, setPassword] = useState('')
  const [confirmPassword, setConfirmPassword] = useState('')
  const { mutateAsync: register, isPending } = useMailRegister()

  const showErrorMessage = useCallback((message: string) => {
    Toast.notify({
      type: 'error',
      message,
    })
  }, [])

  const valid = useCallback(() => {
    if (!password.trim()) {
      showErrorMessage(t('login.error.passwordEmpty'))
      return false
    }
    if (!validPassword.test(password)) {
      showErrorMessage(t('login.error.passwordInvalid'))
      return false
    }
    if (password !== confirmPassword) {
      showErrorMessage(t('common.account.notEqual'))
      return false
    }
    return true
  }, [password, confirmPassword, showErrorMessage, t])

  const handleSubmit = useCallback(async () => {
    if (!valid())
      return
    try {
      const res = await register({
        token,
        new_password: password,
        password_confirm: confirmPassword,
      })
      const { result } = res as MailRegisterResponse
      if (result === 'success') {
        // Track registration success event
        trackEvent('user_registration_success', {
          method: 'email',
        })

        Toast.notify({
          type: 'success',
          message: t('common.api.actionSuccess'),
        })
        router.replace('/apps')
      }
    }
    catch (error) {
      console.error(error)
    }
  }, [password, token, valid, confirmPassword, register])

  return (
    <div className={
      cn(
        'flex w-full grow flex-col items-center justify-center',
        'px-6',
        'md:px-[108px]',
      )
    }>
      <div className='flex flex-col md:w-[400px]'>
        <div className="mx-auto w-full">
          <h2 className="title-4xl-semi-bold text-text-primary">
            {t('login.changePassword')}
          </h2>
          <p className='body-md-regular mt-2 text-text-secondary'>
            {t('login.changePasswordTip')}
          </p>
        </div>

        <div className="mx-auto mt-6 w-full">
          <div>
            {/* Password */}
            <div className='mb-5'>
              <label htmlFor="password" className="system-md-semibold my-2 text-text-secondary">
                {t('common.account.newPassword')}
              </label>
              <div className='relative mt-1'>
                <Input
                  id="password"
                  type='password'
                  value={password}
                  onChange={e => setPassword(e.target.value)}
                  placeholder={t('login.passwordPlaceholder') || ''}
                />

              </div>
              <div className='body-xs-regular mt-1 text-text-secondary'>{t('login.error.passwordInvalid')}</div>
            </div>
            {/* Confirm Password */}
            <div className='mb-5'>
              <label htmlFor="confirmPassword" className="system-md-semibold my-2 text-text-secondary">
                {t('common.account.confirmPassword')}
              </label>
              <div className='relative mt-1'>
                <Input
                  id="confirmPassword"
                  type='password'
                  value={confirmPassword}
                  onChange={e => setConfirmPassword(e.target.value)}
                  placeholder={t('login.confirmPasswordPlaceholder') || ''}
                />
              </div>
            </div>
            <div>
              <Button
                variant='primary'
                className='w-full'
                onClick={handleSubmit}
                disabled={isPending || !password || !confirmPassword}
              >
                {t('login.changePasswordBtn')}
              </Button>
            </div>
          </div>
        </div>
      </div>
    </div>
  )
}

export default ChangePasswordForm
fix: login security issue frontend (#25571) Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> 2025-09-12 10:25:06 +08:00			`'use client'`
			`import { useCallback, useState } from 'react'`
			`import { useTranslation } from 'react-i18next'`
			`import { useRouter, useSearchParams } from 'next/navigation'`
			`import cn from 'classnames'`
			`import Button from '@/app/components/base/button'`
			`import Toast from '@/app/components/base/toast'`
			`import Input from '@/app/components/base/input'`
			`import { validPassword } from '@/config'`
			`import type { MailRegisterResponse } from '@/service/use-common'`
			`import { useMailRegister } from '@/service/use-common'`
integrate Amplitude analytics into the application (#29049) Co-authored-by: CodingOnStar <hanxujiang@dify.ai> Co-authored-by: Joel <iamjoel007@gmail.com> 2025-12-03 14:22:12 +08:00			`import { trackEvent } from '@/app/components/base/amplitude'`
fix: login security issue frontend (#25571) Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> 2025-09-12 10:25:06 +08:00
			`const ChangePasswordForm = () => {`
			`const { t } = useTranslation()`
			`const router = useRouter()`
			`const searchParams = useSearchParams()`
			`const token = decodeURIComponent(searchParams.get('token') \|\| '')`

			`const [password, setPassword] = useState('')`
			`const [confirmPassword, setConfirmPassword] = useState('')`
			`const { mutateAsync: register, isPending } = useMailRegister()`

			`const showErrorMessage = useCallback((message: string) => {`
			`Toast.notify({`
			`type: 'error',`
			`message,`
			`})`
			`}, [])`

			`const valid = useCallback(() => {`
			`if (!password.trim()) {`
			`showErrorMessage(t('login.error.passwordEmpty'))`
			`return false`
			`}`
			`if (!validPassword.test(password)) {`
			`showErrorMessage(t('login.error.passwordInvalid'))`
			`return false`
			`}`
			`if (password !== confirmPassword) {`
			`showErrorMessage(t('common.account.notEqual'))`
			`return false`
			`}`
			`return true`
			`}, [password, confirmPassword, showErrorMessage, t])`

			`const handleSubmit = useCallback(async () => {`
			`if (!valid())`
			`return`
			`try {`
			`const res = await register({`
			`token,`
			`new_password: password,`
			`password_confirm: confirmPassword,`
			`})`
refactor: replace localStorage with HTTP-only cookies for auth tokens (#24365) Signed-off-by: NeatGuyCoding <15627489+NeatGuyCoding@users.noreply.github.com> Signed-off-by: lyzno1 <yuanyouhuilyz@gmail.com> Signed-off-by: kenwoodjw <blackxin55+@gmail.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: Yunlu Wen <wylswz@163.com> Co-authored-by: Joel <iamjoel007@gmail.com> Co-authored-by: GareArc <chen4851@purdue.edu> Co-authored-by: NFish <douxc512@gmail.com> Co-authored-by: Davide Delbianco <davide.delbianco@outlook.com> Co-authored-by: minglu7 <1347866672@qq.com> Co-authored-by: Ponder <ruan.lj@foxmail.com> Co-authored-by: crazywoola <100913391+crazywoola@users.noreply.github.com> Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Co-authored-by: heyszt <270985384@qq.com> Co-authored-by: Asuka Minato <i@asukaminato.eu.org> Co-authored-by: Guangdong Liu <liugddx@gmail.com> Co-authored-by: Eric Guo <eric.guocz@gmail.com> Co-authored-by: NeatGuyCoding <15627489+NeatGuyCoding@users.noreply.github.com> Co-authored-by: XlKsyt <caixuesen@outlook.com> Co-authored-by: Dhruv Gorasiya <80987415+DhruvGorasiya@users.noreply.github.com> Co-authored-by: crazywoola <427733928@qq.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: lyzno1 <92089059+lyzno1@users.noreply.github.com> Co-authored-by: hj24 <mambahj24@gmail.com> Co-authored-by: GuanMu <ballmanjq@gmail.com> Co-authored-by: 非法操作 <hjlarry@163.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: Tonlo <123lzs123@gmail.com> Co-authored-by: Yusuke Yamada <yamachu.dev@gmail.com> Co-authored-by: Novice <novice12185727@gmail.com> Co-authored-by: kenwoodjw <blackxin55+@gmail.com> Co-authored-by: Ademílson Tonato <ademilsonft@outlook.com> Co-authored-by: znn <jubinkumarsoni@gmail.com> Co-authored-by: yangzheli <43645580+yangzheli@users.noreply.github.com> 2025-10-19 21:29:04 +08:00			`const { result } = res as MailRegisterResponse`
fix: login security issue frontend (#25571) Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> 2025-09-12 10:25:06 +08:00			`if (result === 'success') {`
integrate Amplitude analytics into the application (#29049) Co-authored-by: CodingOnStar <hanxujiang@dify.ai> Co-authored-by: Joel <iamjoel007@gmail.com> 2025-12-03 14:22:12 +08:00			`// Track registration success event`
			`trackEvent('user_registration_success', {`
			`method: 'email',`
			`})`

fix: login security issue frontend (#25571) Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> 2025-09-12 10:25:06 +08:00			`Toast.notify({`
			`type: 'success',`
			`message: t('common.api.actionSuccess'),`
			`})`
			`router.replace('/apps')`
			`}`
			`}`
			`catch (error) {`
			`console.error(error)`
			`}`
			`}, [password, token, valid, confirmPassword, register])`

			`return (`
			`<div className={`
			`cn(`
			`'flex w-full grow flex-col items-center justify-center',`
			`'px-6',`
			`'md:px-[108px]',`
			`)`
			`}>`
			`<div className='flex flex-col md:w-[400px]'>`
			`<div className="mx-auto w-full">`
			`<h2 className="title-4xl-semi-bold text-text-primary">`
			`{t('login.changePassword')}`
			`</h2>`
			`<p className='body-md-regular mt-2 text-text-secondary'>`
			`{t('login.changePasswordTip')}`
			`</p>`
			`</div>`

			`<div className="mx-auto mt-6 w-full">`
			`<div>`
			`{/* Password */}`
			`<div className='mb-5'>`
			`<label htmlFor="password" className="system-md-semibold my-2 text-text-secondary">`
			`{t('common.account.newPassword')}`
			`</label>`
			`<div className='relative mt-1'>`
			`<Input`
			`id="password"`
			`type='password'`
			`value={password}`
			`onChange={e => setPassword(e.target.value)}`
			`placeholder={t('login.passwordPlaceholder') \|\| ''}`
			`/>`

			`</div>`
			`<div className='body-xs-regular mt-1 text-text-secondary'>{t('login.error.passwordInvalid')}</div>`
			`</div>`
			`{/* Confirm Password */}`
			`<div className='mb-5'>`
			`<label htmlFor="confirmPassword" className="system-md-semibold my-2 text-text-secondary">`
			`{t('common.account.confirmPassword')}`
			`</label>`
			`<div className='relative mt-1'>`
			`<Input`
			`id="confirmPassword"`
			`type='password'`
			`value={confirmPassword}`
			`onChange={e => setConfirmPassword(e.target.value)}`
			`placeholder={t('login.confirmPasswordPlaceholder') \|\| ''}`
			`/>`
			`</div>`
			`</div>`
			`<div>`
			`<Button`
			`variant='primary'`
			`className='w-full'`
			`onClick={handleSubmit}`
			`disabled={isPending \|\| !password \|\| !confirmPassword}`
			`>`
			`{t('login.changePasswordBtn')}`
			`</Button>`
			`</div>`
			`</div>`
			`</div>`
			`</div>`
			`</div>`
			`)`
			`}`

			`export default ChangePasswordForm`