docs(01): create phase 1 authentication plans
Phase 1: Authentication & Account Basics - 7 plans in 4 waves - Covers AUTH-01 through AUTH-05 requirements - Foundation for household features in Phase 2 - Ready for execution
This commit is contained in:
Dani B
191
.planning/phases/01-authentication/01-05-PLAN.md
Normal file
191
.planning/phases/01-authentication/01-05-PLAN.md
Normal file
@@ -0,0 +1,191 @@
|
||||
---
|
||||
phase: 01-authentication
|
||||
plan: 05
|
||||
type: execute
|
||||
wave: 3
|
||||
depends_on: ["01-03", "01-04"]
|
||||
files_modified: ["lib/features/authentication/presentation/pages/reset_password_page.dart", "lib/features/authentication/presentation/pages/update_password_page.dart", "lib/features/authentication/presentation/widgets/password_reset_form.dart"]
|
||||
autonomous: true
|
||||
user_setup:
|
||||
- service: supabase
|
||||
why: "Configure password reset redirect URLs"
|
||||
env_vars: []
|
||||
dashboard_config:
|
||||
- task: "Add password reset redirect URLs"
|
||||
location: "Supabase Dashboard → Authentication → URL Configuration → Site URL"
|
||||
- task: "Add password reset redirect URLs"
|
||||
location: "Supabase Dashboard → Authentication → URL Configuration → Redirect URLs"
|
||||
|
||||
must_haves:
|
||||
truths:
|
||||
- "User can request password reset via email"
|
||||
- "User receives reset email within 1 minute"
|
||||
- "Reset link redirects to password update page"
|
||||
- "User can set new password successfully"
|
||||
artifacts:
|
||||
- path: "lib/features/authentication/presentation/pages/reset_password_page.dart"
|
||||
provides: "Password reset request page"
|
||||
min_lines: 35
|
||||
- path: "lib/features/authentication/presentation/pages/update_password_page.dart"
|
||||
provides: "New password entry page"
|
||||
min_lines: 40
|
||||
- path: "lib/features/authentication/presentation/widgets/password_reset_form.dart"
|
||||
provides: "Password reset form components"
|
||||
min_lines: 25
|
||||
key_links:
|
||||
- from: "lib/features/authentication/presentation/pages/reset_password_page.dart"
|
||||
to: "lib/providers/auth_provider.dart"
|
||||
via: "password reset method"
|
||||
pattern: "resetPassword|_authProvider"
|
||||
- from: "lib/features/authentication/presentation/pages/update_password_page.dart"
|
||||
to: "supabase.auth"
|
||||
via: "password update flow"
|
||||
pattern: "supabase\\.auth\\.updateUser|supabase\\.auth\\.resetPasswordForEmail"
|
||||
---
|
||||
|
||||
<objective>
|
||||
Implement password reset functionality with email flow and new password entry.
|
||||
|
||||
Purpose: Enable users to recover forgotten passwords securely through email-based reset flow.
|
||||
Output: Complete password reset system from email request to new password confirmation.
|
||||
</objective>
|
||||
|
||||
<execution_context>
|
||||
@~/.opencode/get-shit-done/workflows/execute-plan.md
|
||||
@~/.opencode/get-shit-done/templates/summary.md
|
||||
</execution_context>
|
||||
|
||||
<context>
|
||||
@.planning/PROJECT.md
|
||||
@.planning/ROADMAP.md
|
||||
@.planning/STATE.md
|
||||
@.planning/phases/01-authentication/01-RESEARCH.md
|
||||
</context>
|
||||
|
||||
<tasks>
|
||||
|
||||
<task type="auto">
|
||||
<name>Create password reset request page</name>
|
||||
<files>lib/features/authentication/presentation/pages/reset_password_page.dart</files>
|
||||
<action>
|
||||
Create ResetPasswordPage that:
|
||||
1. Has email input field with validation
|
||||
2. Uses AuthButton for "Send Reset Email" action
|
||||
3. Shows success message after email sent
|
||||
4. Shows error message for invalid email
|
||||
5. Has loading state during email sending
|
||||
6. Includes "Back to Login" navigation
|
||||
7. Provides clear instructions to user
|
||||
8. Handles rate limiting feedback (if email already sent)
|
||||
9. Uses AuthRepository resetPassword() method
|
||||
10. Has proper page structure and responsive design
|
||||
11. Includes accessibility features
|
||||
12. Shows helpful copy like "Check your email for reset link"
|
||||
</action>
|
||||
<verify>Reset password page sends email request and shows appropriate success/error states</verify>
|
||||
<done>Complete password reset request interface integrated with auth system</done>
|
||||
</task>
|
||||
|
||||
<task type="auto">
|
||||
<name>Create password reset components</name>
|
||||
<files>lib/features/authentication/presentation/widgets/password_reset_form.dart</files>
|
||||
<action>
|
||||
Create PasswordResetForm widget that:
|
||||
1. Accepts email field configuration
|
||||
2. Provides email validation
|
||||
3. Shows validation errors in real-time
|
||||
4. Has onSubmit callback for email submission
|
||||
5. Shows loading state during submission
|
||||
6. Has proper styling consistent with AuthForm
|
||||
7. Includes proper text input types
|
||||
8. Responsive layout for mobile/tablet
|
||||
9. Proper accessibility labels
|
||||
10. Can be reused in different contexts
|
||||
</action>
|
||||
<verify>Password reset form validates email properly and handles submission states correctly</verify>
|
||||
<done>Reusable password reset form component</done>
|
||||
</task>
|
||||
|
||||
<task type="auto">
|
||||
<name>Create password update page</name>
|
||||
<files>lib/features/authentication/presentation/pages/update_password_page.dart</files>
|
||||
<action>
|
||||
Create UpdatePasswordPage that:
|
||||
1. Handles deep linking from password reset emails
|
||||
2. Has new password input field with strength validation
|
||||
3. Has confirm password field for validation
|
||||
4. Uses AuthButton for "Update Password" action
|
||||
5. Shows error messages for password mismatches
|
||||
6. Shows loading state during password update
|
||||
7. Navigates to login after successful password update
|
||||
8. Handles expired/invalid reset tokens gracefully
|
||||
9. Uses Supabase updateUser() method
|
||||
10. Has proper error handling for various failure modes
|
||||
11. Includes accessibility features
|
||||
12. Has clear success messaging
|
||||
13. Includes "Cancel" option to return to login
|
||||
</action>
|
||||
<verify>Password update page validates inputs, updates password successfully, and handles error cases</verify>
|
||||
<done>Complete password update interface with deep link handling</done>
|
||||
</task>
|
||||
|
||||
<task type="auto">
|
||||
<name>Update auth repository for password reset</name>
|
||||
<files>lib/features/authentication/data/repositories/auth_repository_impl.dart</files>
|
||||
<action>
|
||||
Extend AuthRepositoryImpl to:
|
||||
1. Add updatePassword() method for new password setting
|
||||
2. Handle password reset token verification
|
||||
3. Improve resetPassword() method with proper redirect URL configuration
|
||||
4. Add proper error handling for:
|
||||
- Expired reset tokens
|
||||
- Invalid reset tokens
|
||||
- Weak passwords
|
||||
- Network failures
|
||||
5. Use supabase.auth.updateUser() for password updates
|
||||
6. Ensure proper session handling after password update
|
||||
7. Add comprehensive error mapping to custom exceptions
|
||||
8. Include proper logging for debugging
|
||||
</action>
|
||||
<verify>Repository methods handle password reset flow from email to completion</verify>
|
||||
<done>Enhanced auth repository with complete password reset functionality</done>
|
||||
</task>
|
||||
|
||||
<task type="auto">
|
||||
<name>Integrate password reset with navigation</name>
|
||||
<files>lib/app/router.dart</files>
|
||||
<action>
|
||||
Update router to:
|
||||
1. Add /reset-password route for reset request page
|
||||
2. Add /update-password route for password update page
|
||||
3. Handle deep linking for password reset URLs
|
||||
4. Parse reset tokens from URL parameters
|
||||
5. Add proper route guards and validation
|
||||
6. Include password reset links in login/signup pages
|
||||
7. Configure proper URL scheme for mobile deep linking
|
||||
8. Handle web redirect URLs properly
|
||||
9. Add error handling for malformed reset URLs
|
||||
10. Ensure navigation flow works correctly
|
||||
</action>
|
||||
<verify>Navigation properly handles password reset flow and deep linking</verify>
|
||||
<done>Complete navigation integration for password reset functionality</done>
|
||||
</task>
|
||||
|
||||
</tasks>
|
||||
|
||||
<verification>
|
||||
1. Password reset email sends successfully and arrives within 1 minute
|
||||
2. Reset email contains working deep link to password update page
|
||||
3. Password update page validates inputs and updates password successfully
|
||||
4. Error handling covers all failure scenarios (invalid email, expired tokens, etc.)
|
||||
5. Navigation flows correctly through entire password reset journey
|
||||
6. Deep linking works on both mobile and web platforms
|
||||
</verification>
|
||||
|
||||
<success_criteria>
|
||||
Complete password reset system working from email request to new password confirmation with proper error handling and user feedback.
|
||||
</success_criteria>
|
||||
|
||||
<output>
|
||||
After completion, create `.planning/phases/01-authentication/01-05-SUMMARY.md`
|
||||
</output>
|
||||
Reference in New Issue
Block a user