Address minor reviewer comments

Author: kryvosheyin

frontend/app/api/auth/password-reset/confirm/route.ts

@@ -25,19 +25,34 @@ const schema = z.object({
       `Password must be at most ${PASSWORD_MAX_LEN} characters`
     )
     .regex(/[A-Z]/, 'Password must contain at least one capital letter')
-    .regex(/[^A-Za-z0-9]/, 'Password must contain at least one special character')
+    .regex(
+      /[^A-Za-z0-9]/,
+      'Password must contain at least one special character'
+    )
     .regex(PASSWORD_POLICY_REGEX, 'Password does not meet the required policy'),
 });
 
+function firstFieldErrorMessage(
+  fieldErrors: Record<string, string[] | undefined>
+): string | null {
+  for (const key of Object.keys(fieldErrors)) {
+    const msgs = fieldErrors[key];
+    if (Array.isArray(msgs) && msgs.length > 0 && msgs[0]) {
+      return msgs[0];
+    }
+  }
+  return null;
+}
+
 export async function POST(req: Request) {
   const body = await req.json().catch(() => null);
   const parsed = schema.safeParse(body);
 
   if (!parsed.success) {
-    return NextResponse.json(
-      { error: parsed.error.flatten().fieldErrors },
-      { status: 400 }
-    );
+    const flattened = parsed.error.flatten().fieldErrors;
+    const firstMsg =
+      firstFieldErrorMessage(flattened) ?? 'Invalid request';
+    return NextResponse.json({ error: firstMsg }, { status: 400 });
   }
 
   const { token, password } = parsed.data;

frontend/components/auth/SignupForm.tsx

@@ -36,13 +36,11 @@ export function SignupForm({ locale, returnTo }: SignupFormProps) {
   const [verificationRequired, setVerificationRequired] = useState(false);
   const [email, setEmail] = useState('');
 
-  // Live values
   const [nameValue, setNameValue] = useState('');
   const [emailValueLive, setEmailValueLive] = useState('');
   const [passwordValue, setPasswordValue] = useState('');
   const [confirmPasswordValue, setConfirmPasswordValue] = useState('');
 
-  // Touched flags (show messages only after blur)
   const [nameTouched, setNameTouched] = useState(false);
   const [emailTouched, setEmailTouched] = useState(false);
   const [passwordTouched, setPasswordTouched] = useState(false);
@@ -94,7 +92,7 @@ export function SignupForm({ locale, returnTo }: SignupFormProps) {
   const emailErrorText = useMemo(() => {
     if (!emailTouched) return null;
 
-    if (!emailTrimmed) return null;
+    if (!emailTrimmed) return "Email is required";
 
     if (emailTrimmed.length > EMAIL_MAX_LEN) {
       return `Email must not exceed ${EMAIL_MAX_LEN} characters.`;
@@ -117,7 +115,7 @@ export function SignupForm({ locale, returnTo }: SignupFormProps) {
 
   const confirmPolicyErrorText =
     confirmPasswordTouched && !confirmPasswordPolicyOk
-      ? `Repeat password must meet requirements: ${passwordRequirementsText}`
+      ? `Password must meet requirements: ${passwordRequirementsText}`
       : null;
 
   const mismatchErrorText =
@@ -282,7 +280,7 @@ export function SignupForm({ locale, returnTo }: SignupFormProps) {
             <PasswordField
               id="confirmPassword"
               name="confirmPassword"
-              placeholder="Repeat password"
+              placeholder="Confirm password"
               autoComplete="new-password"
               minLength={PASSWORD_MIN_LEN}
               maxLength={PASSWORD_MAX_LEN}