trentuna/candle-annotator
8
0
Fork 0
Code Issues Pull requests Releases Packages Activity Actions
candle-annotator/openspec/changes/user-accounts/specs/login-page/spec.md
Marko Djordjevic c36ab7c146 Implement task 6.1: Create PUT /api/auth/profile endpoint for updating user display name 
- Create src/app/api/auth/profile/route.ts with PUT handler
- Validates user is authenticated (returns 401 if not)
- Validates request body has a non-empty name field
- Updates user's name in the database
- Returns 200 with updated user data

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-20 10:20:20 +01:00

2.9 KiB
Raw Blame History

ADDED Requirements

Requirement: Login page at /login

The system SHALL serve a login page at /login (route src/app/(public)/login/page.tsx). The page SHALL match the Lovable design mockup from lovable_design_html/candles_lovable_design_login_page.html.

Scenario: Login page renders

  • WHEN an unauthenticated user navigates to /login
  • THEN the login page renders with a centered card containing the login form

Scenario: Authenticated user redirected

  • WHEN an authenticated user navigates to /login
  • THEN they are redirected to /app

Requirement: Login page navigation

The login page navbar SHALL display a back arrow and the CandleAnnotator logo/name, linking to / (landing page).

Scenario: Back to landing

  • WHEN a user clicks the CandleAnnotator logo in the login page navbar
  • THEN they are navigated to /

Requirement: Email/password login form

The login card SHALL display a "Welcome back" heading, "Sign in to your workspace" subtitle, and a form with email input, password input, and "Sign In" submit button. The form SHALL use Auth.js signIn("credentials", ...) on submit.

Scenario: Successful email login

  • WHEN a user enters valid email and password and clicks "Sign In"
  • THEN signIn("credentials", { email, password, redirect: true, callbackUrl: "/app" }) is called
  • AND on success, the user is redirected to /app

Scenario: Failed email login

  • WHEN a user enters invalid credentials and clicks "Sign In"
  • THEN an error message is displayed: "Invalid email or password"
  • AND the user remains on the login page

Scenario: Form validation

  • WHEN a user clicks "Sign In" with empty email or password fields
  • THEN browser-native validation prevents submission (fields are required)

Requirement: Google OAuth login button

The login form SHALL include a "Continue with Google" button below the email/password form. Clicking it SHALL call signIn("google", { callbackUrl: "/app" }).

Scenario: Google login initiated

  • WHEN a user clicks "Continue with Google"
  • THEN they are redirected to Google's OAuth consent screen
  • AND on successful auth, they are redirected back to /app

Requirement: Forgot password link

The login form SHALL display a "Forgot password?" link next to the password label. Since password reset is deferred, clicking it SHALL show a toast: "Password reset is not yet available. Contact support."

Scenario: Forgot password clicked

  • WHEN a user clicks "Forgot password?"
  • THEN a toast notification appears with the message about contacting support

Requirement: Register link

The login page SHALL display "Don't have an account? Sign up" below the form. "Sign up" SHALL link to /register.

Scenario: Navigate to register

  • WHEN a user clicks "Sign up"
  • THEN they are navigated to /register