diff --git a/project/backend/Auth.py b/project/backend/Auth.py
index bbe28e5..696fce6 100644
--- a/project/backend/Auth.py
+++ b/project/backend/Auth.py
@@ -11,7 +11,10 @@
from fastapi.security import OAuth2PasswordBearer
from jose import JWTError, jwt
import bcrypt
-from pydantic import BaseModel
+
+import hashlib
+
+PASSWORD_RESET_EXPIRE_MINUTES = 30
from Models import Token, User
@@ -132,3 +135,31 @@ async def getCurrentUser(token: Annotated[str, Depends(oauth2_scheme)]) -> User:
raise credentials_exception
return User(email=konto["email"], name=konto["name"])
+
+# --- Reset Password --- #
+
+def hashResetToken(token: str) -> str:
+ """SHA-256 Hash – für Reset-Tokens reicht das, sie sind ohnehin hochentropisch."""
+ return hashlib.sha256(token.encode()).hexdigest()
+
+
+def createPasswordResetToken(kontoId: int) -> str:
+ """Generiert Klartext-Token (geht per Mail) und speichert nur den Hash in der DB."""
+ from Database import savePasswordResetToken
+ token = secrets.token_urlsafe(48)
+ expiresAt = datetime.now(timezone.utc) + timedelta(minutes=PASSWORD_RESET_EXPIRE_MINUTES)
+ savePasswordResetToken(kontoId, hashResetToken(token), expiresAt.isoformat())
+ return token
+
+
+def validatePasswordResetToken(token: str) -> dict | None:
+ from Database import getPasswordResetToken
+ entry = getPasswordResetToken(hashResetToken(token))
+ if entry is None or entry["usedAt"] is not None:
+ return None
+ expiresAt = datetime.fromisoformat(entry["expiresAt"])
+ if expiresAt.tzinfo is None:
+ expiresAt = expiresAt.replace(tzinfo=timezone.utc)
+ if expiresAt < datetime.now(timezone.utc):
+ return None
+ return entry
\ No newline at end of file
diff --git a/project/backend/Database.py b/project/backend/Database.py
index 5d35f3a..2da1bb3 100644
--- a/project/backend/Database.py
+++ b/project/backend/Database.py
@@ -1,13 +1,8 @@
import sqlite3
from contextlib import contextmanager
from pathlib import Path
-import os
-# Verwende die Datenbank aus dem data-Ordner
-DB_PATH = Path(__file__).parent.parent / "data" / "LazyCookDB.sqlite3"
-
-# Stelle sicher, dass das Verzeichnis existiert
-DB_PATH.parent.mkdir(parents=True, exist_ok=True)
+DB_PATH = Path("/data/LazyCookDB.sqlite3")
def getConnection() -> sqlite3.Connection:
@@ -15,7 +10,7 @@ def getConnection() -> sqlite3.Connection:
con = sqlite3.connect(str(DB_PATH), check_same_thread=False)
con.row_factory = sqlite3.Row
con.execute("PRAGMA foreign_keys = ON")
- # con.execute("PRAGMA journal_mode = WAL")
+ con.execute("PRAGMA journal_mode = WAL")
return con
@@ -104,13 +99,23 @@ def initDB():
UNIQUE (AccountID, rid)
)
""")
+ cur.execute("""
+ CREATE TABLE IF NOT EXISTS PasswordResetToken (
+ id INTEGER PRIMARY KEY AUTOINCREMENT,
+ kontoID INTEGER NOT NULL,
+ tokenHash TEXT NOT NULL UNIQUE,
+ expiresAt TIMESTAMP NOT NULL,
+ usedAt TIMESTAMP,
+ createdAt TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+ FOREIGN KEY (kontoID) REFERENCES Account (id) ON DELETE CASCADE
+ )
+ """)
print("✅ Datenbank-Tabellen erfolgreich initialisiert")
# ── Account-Operationen ──────────────────────────────────────────
-
def createAccount(email: str, name: str, hashedPassword: str) -> dict | None:
"""Legt ein neues Account an. Gibt die Account-Daten zurück oder None bei Duplikat."""
with getDB() as con:
@@ -142,7 +147,6 @@ def getAccountByEmail(email: str) -> dict | None:
# ── Refresh-Token-Operationen ──────────────────────────────────
-
def saveRefreshToken(AccountID: int, token: str, expiresAt: str) -> None:
"""Speichert einen neuen Refresh Token in der Datenbank."""
with getDB() as con:
@@ -191,22 +195,90 @@ def deleteAccount(email: str) -> bool:
cur.execute("DELETE FROM Account WHERE email = ?", (email,))
return cur.rowcount > 0
-
def updateAccount(konto_id: int, email: str = None, password_hash: str = None) -> None:
"""Aktualisiert E-Mail und/oder Passwort eines Accounts."""
with getDB() as con:
cur = con.cursor()
if email:
- cur.execute("UPDATE Account SET email = ? WHERE id = ?", (email, konto_id))
+ cur.execute(
+ "UPDATE Account SET email = ? WHERE id = ?",
+ (email, konto_id)
+ )
if password_hash:
cur.execute(
"UPDATE Account SET hashedPassword = ? WHERE id = ?",
- (password_hash, konto_id),
+ (password_hash, konto_id)
)
-
def cleanupExpiredTokens() -> None:
"""Löscht alle abgelaufenen Refresh Tokens."""
with getDB() as con:
cur = con.cursor()
cur.execute("DELETE FROM RefreshToken WHERE expiresAt < datetime('now')")
+
+
+
+# ── Password-Reset-Token-Operationen ───────────────────────────
+
+def savePasswordResetToken(kontoID: int, tokenHash: str, expiresAt: str) -> None:
+ """Invalidiert alte Tokens des Kontos und speichert einen neuen."""
+ with getDB() as con:
+ cur = con.cursor()
+ # Alte, ungenutzte Tokens für dieses Konto invalidieren
+ cur.execute(
+ "UPDATE PasswordResetToken SET usedAt = CURRENT_TIMESTAMP "
+ "WHERE kontoID = ? AND usedAt IS NULL",
+ (kontoID,),
+ )
+ cur.execute(
+ "INSERT INTO PasswordResetToken (kontoID, tokenHash, expiresAt) VALUES (?, ?, ?)",
+ (kontoID, tokenHash, expiresAt),
+ )
+
+
+def getPasswordResetToken(tokenHash: str) -> dict | None:
+ con = getConnection()
+ try:
+ cur = con.cursor()
+ cur.execute(
+ "SELECT id, kontoID, tokenHash, expiresAt, usedAt "
+ "FROM PasswordResetToken WHERE tokenHash = ?",
+ (tokenHash,),
+ )
+ row = cur.fetchone()
+ return dict(row) if row else None
+ finally:
+ con.close()
+
+
+def markResetTokenUsed(tokenID: int) -> None:
+ with getDB() as con:
+ cur = con.cursor()
+ cur.execute(
+ "UPDATE PasswordResetToken SET usedAt = CURRENT_TIMESTAMP WHERE id = ?",
+ (tokenID,),
+ )
+
+
+def updateKontoPassword(konto_id: int, hashed_password: str) -> None:
+ with getDB() as con:
+ cur = con.cursor()
+ cur.execute(
+ "UPDATE Account SET hashedPassword = ? WHERE id = ?",
+ (hashed_password, konto_id),
+ )
+
+
+def getAccountById(konto_id: int) -> dict | None:
+ """Gibt Account-Daten anhand der ID zurück, oder None."""
+ con = getConnection()
+ try:
+ cur = con.cursor()
+ cur.execute(
+ "SELECT id, email, name, hashedPassword FROM Account WHERE id = ?",
+ (konto_id,),
+ )
+ row = cur.fetchone()
+ return dict(row) if row else None
+ finally:
+ con.close()
\ No newline at end of file
diff --git a/project/backend/EmailService.py b/project/backend/EmailService.py
index 96d1a23..67506b5 100644
--- a/project/backend/EmailService.py
+++ b/project/backend/EmailService.py
@@ -6,7 +6,6 @@
gmailUser = os.environ.get("GMAIL_USER")
gmailPassword = os.environ.get("GMAIL_PASSWORD")
-
def sendPasswordChangedEmail(to_email: str, name: str) -> None:
try:
msg = MIMEMultipart("alternative")
@@ -32,3 +31,43 @@ def sendPasswordChangedEmail(to_email: str, name: str) -> None:
except Exception as e:
print(f"E-Mail Fehler: {e}")
raise
+
+
+def sendPasswordResetEmail(to_email: str, name: str, resetLink: str) -> None:
+ try:
+ msg = MIMEMultipart("alternative")
+ msg["Subject"] = "Passwort zurücksetzen – Lazy Cook"
+ msg["From"] = gmailUser
+ msg["To"] = to_email
+
+ html = f"""
+
+
Hallo {name},
+
du hast angefordert, dein Passwort bei Lazy Cook zurückzusetzen.
+
Klicke auf den Button, um ein neues Passwort festzulegen:
+
+
+ Passwort zurücksetzen
+
+
+
+ Oder kopiere diesen Link in deinen Browser:
+ {resetLink}
+
+
Der Link ist 30 Minuten gültig.
+
Falls du das nicht angefordert hast, ignoriere diese E-Mail einfach – dein Passwort bleibt unverändert.
+
+
– Das Lazy Cook Team
+
-
onChange(e.target.value)}
- placeholder={placeholder}
- onKeyDown={onKeyDown}
- onBlur={onBlur}
- />
+
+ onChange(e.target.value)}
+ placeholder={placeholder}
+ onKeyDown={onKeyDown}
+ onBlur={onBlur}
+ style={isPassword ? { paddingRight: 38 } : undefined}
+ />
+ {isPassword && (
+
+ )}
+
);
-}
\ No newline at end of file
+}
diff --git a/project/frontend/app/global.css b/project/frontend/app/globals.css
similarity index 99%
rename from project/frontend/app/global.css
rename to project/frontend/app/globals.css
index fddc17d..83073d3 100644
--- a/project/frontend/app/global.css
+++ b/project/frontend/app/globals.css
@@ -40,7 +40,7 @@
--sidebar-accent-foreground: oklch(0.205 0 0);
--sidebar-border: oklch(0.922 0 0);
--sidebar-ring: oklch(0.708 0 0);
- --text-base: 10 px;
+ --text-base: 10px;
--text-2xl: 30px;
--text-lg: 20px;
--text-xl:25px;
diff --git a/project/frontend/app/homepage/forgotPassword.tsx b/project/frontend/app/homepage/forgotPassword.tsx
new file mode 100644
index 0000000..0186cac
--- /dev/null
+++ b/project/frontend/app/homepage/forgotPassword.tsx
@@ -0,0 +1,75 @@
+import React, { useState } from "react";
+import Field from "@/app/components/fields";
+import styles from "./page.module.css";
+
+const API_URL = process.env.NEXT_PUBLIC_API_URL ?? "http://localhost:3000";
+
+export default function ForgotPasswordForm({ onClose, onBack,}: { onClose: () => void; onBack: () => void; }) {
+ const [email, setEmail] = useState("");
+ const [busy, setBusy] = useState(false);
+ const [submitted, setSubmitted] = useState(false);
+ const [emailBlurred, setEmailBlurred] = useState(false);
+
+ const emailValid = /^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(email);
+
+ const handleSubmit = async () => {
+ setEmailBlurred(true);
+ if (!emailValid) return;
+ setBusy(true);
+ try {
+ await fetch(`${API_URL}/auth/forgot-password`, {
+ method: "POST",
+ headers: { "Content-Type": "application/json" },
+ body: JSON.stringify({ email }),
+ });
+ setSubmitted(true);
+ } finally {
+ setBusy(false);
+ }
+ };
+
+ if (submitted) {
+ return (
+
+
E-Mail versendet
+
+ Falls ein Konto mit dieser E-Mail existiert, haben wir dir einen
+ Link zum Zurücksetzen geschickt. Prüfe auch deinen Spam-Ordner.
+
+
+
+
Passwort vergessen
+
+ Gib deine E-Mail-Adresse ein. Wir schicken dir einen Link zum
+ Zurücksetzen.
+
+
setEmail(v)}
+ placeholder="Email"
+ onBlur={() => setEmailBlurred(true)}
+ onKeyDown={(e) => e.key === "Enter" && handleSubmit()}
+ state={
+ emailBlurred && !emailValid ? "error" : emailValid ? "success" : "default"
+ }
+ />
+
+
+
+
+ {error}
}
{ setEmail(v); if (emailBlurred) setEmailBlurred(false); }} placeholder="Email" onBlur={() => setEmailBlurred(true)} state={emailState()} />
e.key === "Enter" && handleSubmit()} onBlur={() => setPwBlurred(true)} state={pwBlurred && !password ? "error" : "default"} />
+
+
+
diff --git a/project/frontend/app/layout.tsx b/project/frontend/app/layout.tsx
index 407b567..4f16d75 100644
--- a/project/frontend/app/layout.tsx
+++ b/project/frontend/app/layout.tsx
@@ -1,6 +1,6 @@
import type { Metadata } from "next";
import { Geist, Geist_Mono } from "next/font/google";
-import "./global.css";
+import "./globals.css";
import { AuthProvider } from "@/lib/auth";
const geistSans = Geist({
@@ -23,13 +23,13 @@ export default function RootLayout({children,}: Readonly<{
}>) {
return (
-
-
- {children}
-
-
+
+
+ {children}
+
+
);
}
\ No newline at end of file
diff --git a/project/frontend/app/profile/changeEmailPopup.tsx b/project/frontend/app/profile/changeEmailPopup.tsx
new file mode 100644
index 0000000..1d1dd3b
--- /dev/null
+++ b/project/frontend/app/profile/changeEmailPopup.tsx
@@ -0,0 +1,57 @@
+import {Button} from "@/app/components/ui/button";
+import {fetchWithAuth} from "@/lib/auth";
+import {useState} from "react";
+import "../recipeFinder/style.css"
+
+const API_URL = process.env.NEXT_PUBLIC_API_URL ?? "http://localhost:3000";
+export default function ChangeEmail (){
+
+
+ const [newEmail, setNewEmail] = useState("");
+ const [emailMsg, setEmailMsg] = useState("");
+
+ async function handleEmailChange() {
+ setEmailMsg("");
+ try {
+ const res = await fetchWithAuth(`${API_URL}/users/me`, {
+ method: "PATCH",
+ headers: { "Content-Type": "application/json" },
+ body: JSON.stringify({ email: newEmail }),
+ });
+ if (!res.ok) {
+ const err = await res.json();
+ setEmailMsg(`${err.detail}`);
+ return;
+ }
+ setEmailMsg("E-Mail erfolgreich geändert.");
+ setNewEmail("");
+ } catch {
+ setEmailMsg("Unbekannter Fehler.");
+ }
+ }
+
+ return (
+
+
E-Mail ändern
+
+ setNewEmail(e.target.value)}
+ onKeyDown={(e) => e.key === "Enter" && handleEmailChange()}
+ className="popup__input"
+ />
+
+ {emailMsg &&
{emailMsg}
}
+
+
+
+
+ onChange(e.target.value)}
+ onKeyDown={onKeyDown}
+ className="popup__input"
+ style={{ width: "100%", paddingRight: 38 }}
+ />
+
+
+ );
+}
+
+type Modus = "change" | "forgot";
+
+interface ChangePasswordProps {
+ modus: Modus;
+ onSuccess?: () => void;
+}
+
+export default function ChangePassword({ modus, onSuccess }: ChangePasswordProps) {
+
+ const [currentPassword, setCurrentPassword] = useState("");
+ const [newPassword, setNewPassword] = useState("");
+ const [confirmPassword, setConfirmPassword] = useState("");
+ const [passwordMsg, setPasswordMsg] = useState("");
+ const [pwBlurred, setPwBlurred] = useState(false);
+
+ const isForgot = modus === "forgot";
+
+ async function handlePasswordChange() {
+ setPasswordMsg("");
+
+ // Bestätigung prüfen (nur im forgot-Modus relevant, aber sinnvoll auch beim Ändern)
+ if (newPassword !== confirmPassword) {
+ setPasswordMsg("Die Passwörter stimmen nicht überein.");
+ return;
+ }
+
+ try {
+ const endpoint = isForgot
+ ? `${API_URL}/users/forgot-password`
+ : `${API_URL}/users/me`;
+
+ const body = isForgot
+ ? { newPassword }
+ : { currentPassword, newPassword };
+
+ const fetcher = isForgot ? fetch : fetchWithAuth;
+
+ const res = await fetcher(endpoint, {
+ method: "PATCH",
+ headers: { "Content-Type": "application/json" },
+ body: JSON.stringify(body),
+ });
+
+ if (!res.ok) {
+ const err = await res.json();
+ setPasswordMsg(`❌ ${err.detail}`);
+ return;
+ }
+
+ setPasswordMsg(
+ isForgot
+ ? "Passwort erfolgreich zurückgesetzt."
+ : "Passwort erfolgreich geändert."
+ );
+ setCurrentPassword("");
+ setNewPassword("");
+ setConfirmPassword("");
+ onSuccess?.();
+ } catch {
+ setPasswordMsg('❌ Unbekannter Fehler');
+ }
+ }
+
+ return (
+
+
+ {isForgot ? "Passwort zurücksetzen" : "Passwort ändern"}
+
+
+
+ {!isForgot && (
+
setPwBlurred(true)} onKeyDown={(e) => e.key === "Enter" && handlePasswordChange()} state={pwBlurred && !currentPassword? "error" : "default"} />)}
+
+
+ e.key === "Enter" && handlePasswordChange()}
+ />
+
+ e.key === "Enter" && handlePasswordChange()}
+ />
+
+
+ {passwordMsg &&
{passwordMsg}
}
+
+
+
+
+
Einstellungen
- {/* E-Mail Modal */}
- {showEmailModal && (
- setShowEmailModal(false)}
- >
-
e.stopPropagation()}
- >
-
E-Mail ändern
-
setNewEmail(e.target.value)}
- className="border rounded-lg px-3 py-2 text-sm w-full"
- />
- {emailMsg &&
{emailMsg}
}
-
-
-
-
-
-
+
+ Konto wirklich löschen?
+
+
+
+
+
- {/* Passwort Modal */}
- {showPasswordModal && (
-
setShowPasswordModal(false)}
- >
-
e.stopPropagation()}
- >
-
Passwort ändern
-
setCurrentPassword(e.target.value)}
- className="border rounded-lg px-3 py-2 text-sm w-full"
- />
-
setNewPassword(e.target.value)}
- className="border rounded-lg px-3 py-2 text-sm w-full"
- />
- {passwordMsg &&
{passwordMsg}
}
-
-
-
-
-
- )}
+
+
+
setShowEmailModal(false)}>
+
+
+
+
setShowPasswordModal(false)}>
+
+
+
Ungültiger Link
+
+ Der Link ist unvollständig. Bitte fordere einen neuen an.
+
+
+
Erledigt!
+
+ Dein Passwort wurde zurückgesetzt. Du wirst gleich weitergeleitet…
+
+
+
Neues Passwort festlegen
+
Wähle ein sicheres neues Passwort.
+ {error &&
{error}
}
+
e.key === "Enter" && handleSubmit()}
+ state={password && !pwValid ? "error" : "default"}
+ />
+ e.key === "Enter" && handleSubmit()}
+ state={confirm && !pwMatch ? "error" : pwMatch ? "success" : "default"}
+ />
+
+ Wird geladen…
+
+ }
+ >
+
+
+ );
+}
\ No newline at end of file
diff --git a/project/frontend/lib/auth.tsx b/project/frontend/lib/auth.tsx
index cae660e..2d6c1ca 100644
--- a/project/frontend/lib/auth.tsx
+++ b/project/frontend/lib/auth.tsx
@@ -6,11 +6,10 @@ import {
useState,
useEffect,
useCallback,
- useRef,
type ReactNode,
} from "react";
-const API_URL = "http://localhost:3000";
+const API_URL = process.env.NEXT_PUBLIC_API_URL ?? "http://localhost:3000";
// ── Typen ─────────────────────────────────────────────────────
export interface User {
@@ -39,6 +38,9 @@ function getRefreshToken(): string | null {
}
function saveTokens(accessToken: string, refreshToken: string) {
+ if (!accessToken || !refreshToken) {
+ throw new Error("Tokens fehlen — Backend-Response unvollständig");
+ }
sessionStorage.setItem("access_token", accessToken);
localStorage.setItem("refresh_token", refreshToken);
}
@@ -118,23 +120,22 @@ async function fetchWithAuth(url: string, options: RequestInit = {}): Promise