Auth Rework Issues / Suggestions

[ydahal1]

1. Password Reset Email Not Received

Steps to Reproduce:

1. Navigate to http://localhost:3001/forgot-password.
2. Enter email and click the "Reset Password" button.

---

2. Request Access Error: Invalid CSRF Token

Error:
Express error handler on route /api/instanceSettings/requestAccess returns "Invalid CSRF token."

Steps to Reproduce:

1. Register a new user.
2. Open the "Request Access" modal.
3. Enter a message and click "Submit."

---

3. Disabled Links for Admin/Owner Without Application

Behavior:
Users, Integrations, and Notifications links are disabled for Admins/Owners if no application exists.

Steps to Reproduce:

1. Login with Admin/Owner credentials.
2. Navigate to the home screen.
3. Notice the "Users" link in the left navigation is disabled.

Suggestion:
Consider allowing privileged users (Admins/Owners) to manage users even if no applications exist.

---

4. Password Change Does Not Logout Other Sessions

Expected Behavior:
When a user changes their password, they should be logged out of all sessions except the current one.

---

5. Revoking Current Session Behavior

Expected Behavior:
Users should not be allowed to revoke their current session. If allowed, they should be immediately logged out of the current session.

[ydahal1]

Completed