v0.12.46 host bug fixes and password reset feature,

2026-03-31 12:21:59 -04:00
parent d0f10c4d7e
commit 350bb25ecd
9 changed files with 127 additions and 45 deletions
--- a/backend/package.json
+++ b/backend/package.json
@@ -1,6 +1,6 @@
 {
  "name": "rosterchirp-backend",
-  "version": "0.12.45",
+  "version": "0.12.46",
  "description": "RosterChirp backend server",
  "main": "src/index.js",
  "scripts": {
--- a/backend/src/models/db.js
+++ b/backend/src/models/db.js
@@ -249,7 +249,21 @@ async function seedUserGroups(schema) {
    const existing = await queryOne(schema,
      'SELECT id FROM user_groups WHERE name = $1', [name]
    );
-    if (existing) continue;
+    if (existing) {
+      // Auto-configure feature settings if not already set
+      if (name === 'Players') {
+        await exec(schema,
+          "INSERT INTO settings (key, value) VALUES ('feature_players_group_id', $1) ON CONFLICT (key) DO NOTHING",
+          [existing.id.toString()]
+        );
+      } else if (name === 'Parents') {
+        await exec(schema,
+          "INSERT INTO settings (key, value) VALUES ('feature_guardians_group_id', $1) ON CONFLICT (key) DO NOTHING",
+          [existing.id.toString()]
+        );
+      }
+      continue;
+    }

    // Create the managed DM chat group first
    const gr = await queryResult(schema,
@@ -259,17 +273,31 @@ async function seedUserGroups(schema) {
    const dmGroupId = gr.rows[0].id;

    // Create the user group linked to the DM group
-    await exec(schema,
-      'INSERT INTO user_groups (name, dm_group_id) VALUES ($1, $2) ON CONFLICT (name) DO NOTHING',
+    const ugr = await queryResult(schema,
+      'INSERT INTO user_groups (name, dm_group_id) VALUES ($1, $2) ON CONFLICT (name) DO NOTHING RETURNING id',
      [name, dmGroupId]
    );
+    const ugId = ugr.rows[0]?.id;
    console.log(`[DB:${schema}] Default user group created: ${name}`);
+
+    // Auto-configure feature settings for players/parents groups
+    if (ugId && name === 'Players') {
+      await exec(schema,
+        "INSERT INTO settings (key, value) VALUES ('feature_players_group_id', $1) ON CONFLICT (key) DO NOTHING",
+        [ugId.toString()]
+      );
+    } else if (ugId && name === 'Parents') {
+      await exec(schema,
+        "INSERT INTO settings (key, value) VALUES ('feature_guardians_group_id', $1) ON CONFLICT (key) DO NOTHING",
+        [ugId.toString()]
+      );
+    }
  }
 }

 async function seedAdmin(schema) {
  const strip = s => (s || '').replace(/^['"]+|['"]+$/g, '').trim();
-  const adminEmail = strip(process.env.ADMIN_EMAIL) || 'admin@rosterchirp.local';
+  const adminEmail = (strip(process.env.ADMIN_EMAIL) || 'admin@rosterchirp.local').toLowerCase();
  const adminName  = strip(process.env.ADMIN_NAME)  || 'Admin User';
  const adminPass  = strip(process.env.ADMIN_PASS)  || 'Admin@1234';
  const pwReset    = process.env.ADMPW_RESET === 'true';
--- a/backend/src/routes/auth.js
+++ b/backend/src/routes/auth.js
@@ -12,7 +12,7 @@ module.exports = function(io) {
  router.post('/login', async (req, res) => {
    const { email, password, rememberMe } = req.body;
    try {
-      const user = await queryOne(req.schema, 'SELECT * FROM users WHERE email = $1', [email]);
+      const user = await queryOne(req.schema, 'SELECT * FROM users WHERE LOWER(email) = LOWER($1)', [email]);
      if (!user) return res.status(401).json({ error: 'Invalid credentials' });

      if (user.status === 'suspended') {
--- a/backend/src/routes/host.js
+++ b/backend/src/routes/host.js
@@ -9,6 +9,7 @@
 */

 const express = require('express');
+const bcrypt  = require('bcryptjs');
 const router  = express.Router();
 const {
  query, queryOne, queryResult, exec,
@@ -186,7 +187,7 @@ router.post('/tenants', async (req, res) => {
 // Supports updating: name, plan, customDomain, status

 router.patch('/tenants/:slug', async (req, res) => {
-  const { name, plan, customDomain, status } = req.body;
+  const { name, plan, customDomain, status, adminPassword } = req.body;
  try {
    const tenant = await queryOne('public',
      'SELECT * FROM tenants WHERE slug = $1', [req.params.slug]
@@ -224,6 +225,15 @@ router.patch('/tenants/:slug', async (req, res) => {
      await exec(s, "UPDATE settings SET value=$1 WHERE key='app_type'", [planAppType]);
    }

+    // Reset tenant admin password if provided
+    if (adminPassword && adminPassword.length >= 6) {
+      const hash = bcrypt.hashSync(adminPassword, 10);
+      await exec(tenant.schema_name,
+        "UPDATE users SET password=$1, must_change_password=TRUE, updated_at=NOW() WHERE is_default_admin=TRUE",
+        [hash]
+      );
+    }
+
    await reloadTenantCache();
    const updated = await queryOne('public', 'SELECT * FROM tenants WHERE slug=$1', [req.params.slug]);
    res.json({ tenant: updated });