Bug: Two competing forgot-password flows (app + Keycloak) #152

New issue

Open

opened 2026-03-28 21:26:08 +00:00 by forgejo_admin · 0 comments

forgejo_admin commented 2026-03-28 21:26:08 +00:00

Owner

Copy link

Type

Bug

Lineage

Discovered during spike #150 — parent login flow validation.

Repo

forgejo_admin/westside-landing

What Broke

Two independent password reset paths exist: the app's custom /forgot-password flow (generates token, sends branded email, resets via basketball-api) and Keycloak's built-in "Forgot Password?" link on the login form (sends Keycloak-styled email, resets directly). Parents see different emails and UX depending on which link they click.

Repro Steps

1. Go to /signin → click "Forgot Password?" → app's custom flow
2. Go to /signin → click "Sign In" → on Keycloak form click "Forgot Password?" → Keycloak's built-in flow
3. Both work but produce different emails and reset pages

Expected Behavior

One consistent password reset flow, not two competing ones.

Environment

• Cluster/namespace: prod

Acceptance Criteria

• Single password reset flow for parents
• Either hide Keycloak's "Forgot Password?" link via theme, or remove app's custom flow
• Consistent email branding

Related

• project-westside-basketball
• forgejo_admin/westside-landing #150

### Type Bug ### Lineage Discovered during spike #150 — parent login flow validation. ### Repo `forgejo_admin/westside-landing` ### What Broke Two independent password reset paths exist: the app's custom `/forgot-password` flow (generates token, sends branded email, resets via basketball-api) and Keycloak's built-in "Forgot Password?" link on the login form (sends Keycloak-styled email, resets directly). Parents see different emails and UX depending on which link they click. ### Repro Steps 1. Go to `/signin` → click "Forgot Password?" → app's custom flow 2. Go to `/signin` → click "Sign In" → on Keycloak form click "Forgot Password?" → Keycloak's built-in flow 3. Both work but produce different emails and reset pages ### Expected Behavior One consistent password reset flow, not two competing ones. ### Environment - Cluster/namespace: prod ### Acceptance Criteria - [ ] Single password reset flow for parents - [ ] Either hide Keycloak's "Forgot Password?" link via theme, or remove app's custom flow - [ ] Consistent email branding ### Related - `project-westside-basketball` - `forgejo_admin/westside-landing #150`

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

142-validate-coach-login-and-read-only-roste

139-fix-admin-dashboard-stats-showing-all-ze

129-validate-girls-draft-board-coach-login-a

204-auto-tag-update

deploy-update-image-tag

110-fix-harbor-push-target

No results found.

Labels

Clear labels   

domain:backend

  

domain:devops

  

domain:frontend

No labels

domain:backend

domain:devops

domain:frontend

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

forgejo_admin/westside-landing#152

No description provided.