Skip to content

feat: add /settings page for recovery flows#458

Merged
ben-fornefeld merged 5 commits into
mainfrom
accountpassword-recovery-flow-doesnt-work-en-1116
Jun 24, 2026
Merged

feat: add /settings page for recovery flows#458
ben-fornefeld merged 5 commits into
mainfrom
accountpassword-recovery-flow-doesnt-work-en-1116

Conversation

@drankou

@drankou drankou commented Jun 24, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Fix password recovery flow (EN-1116)

Problem

The account/password recovery flow was broken end-to-end. After clicking a
recovery email link, Kratos drops the user into a settings flow to set a new
password — but the dashboard had nowhere to handle it:

  • settings_ui_url pointed at /dashboard/account, which is gated behind an
    e2b_session (Hydra token) that doesn't exist yet during recovery — so the
    user couldn't actually reach the password form.
  • The reauth login screen's "Forgot password?" link started recovery directly,
    but the user already holds a Kratos session there, so Kratos bounced them with
    "already logged in" instead of starting recovery.

Changes

New shell-less /settings page (layout.tsx, page.tsx, settings-cards.tsx)

  • Renders the Ory settings flow, but needs only a Kratos session (reads
    session/identity via getSettingsFlow + getUserProfile, not e2b_session),
    so the post-recovery reset works before any Hydra token exists.
  • No sidebar/team chrome — just an "Account" header with a sign-out button.
  • The Ory password method is rendered as dashboard-themed cards (the <Settings>
    default body is unstyled without the Ory theme stylesheet, which we never load).
    Name/e-mail are shown read-only for reference; profile editing stays on the
    gated /dashboard/account.
  • On success, a non-dismissable dialog takes over (suspends Ory's default
    continue_with reload) and routes the user to sign in with the new password.

@cla-bot cla-bot Bot added the cla-signed label Jun 24, 2026
@linear-code

linear-code Bot commented Jun 24, 2026

Copy link
Copy Markdown

EN-1116

@chatgpt-codex-connector

chatgpt-codex-connector Bot commented Jun 24, 2026

Copy link
Copy Markdown

Codex usage limits have been reached for code reviews. Please check with the admins of this repo to increase the limits by adding credits.
Credits must be used to enable repository wide code reviews.

@vercel

vercel Bot commented Jun 24, 2026
edited
Loading

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
web Ready Ready Preview, Comment Jun 24, 2026 4:42pm
web-tango Ready Ready Preview, Comment Jun 24, 2026 4:42pm

Request Review

claude[bot]
claude Bot reviewed Jun 24, 2026
View reviewed changes
Comment thread src/app/login/components/custom-label.tsx
Comment thread src/app/settings/settings-cards.tsx
@ben-fornefeld ben-fornefeld merged commit 6599498 into main Jun 24, 2026
13 checks passed
@ben-fornefeld ben-fornefeld deleted the accountpassword-recovery-flow-doesnt-work-en-1116 branch June 24, 2026 16:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@claude claude[bot] claude[bot] left review comments
@ben-fornefeld ben-fornefeld ben-fornefeld approved these changes
@huv1k huv1k Awaiting requested review from huv1k huv1k is a code owner
@Kraci Kraci Awaiting requested review from Kraci Kraci is a code owner

Assignees

No one assigned

Labels

cla-signed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@drankou @ben-fornefeld