feat: Implement password reset flow

src/pages/AuthCallback.tsx

@@ -32,6 +32,98 @@ export default function AuthCallback() {
         const user = session.user;
         console.log('[AuthCallback] User authenticated:', user.id);
 
+        // Check for password setup actions from reset flow
+        const urlParams = new URLSearchParams(window.location.search);
+        const action = urlParams.get('action');
+
+        if (action === 'password-setup') {
+          console.log('[AuthCallback] Processing password-setup action');
+          
+          // Retrieve the password from session storage
+          const pendingPassword = sessionStorage.getItem('pending_password_setup');
+          
+          if (pendingPassword) {
+            try {
+              console.log('[AuthCallback] Setting password from pending setup');
+              
+              // Set the password - this creates the email identity
+              const { error: passwordError } = await supabase.auth.updateUser({
+                password: pendingPassword
+              });
+              
+              if (passwordError) {
+                console.error('[AuthCallback] Failed to set password:', passwordError);
+                throw passwordError;
+              }
+              
+              // Clear session storage
+              sessionStorage.removeItem('pending_password_setup');
+              console.log('[AuthCallback] Password set successfully, email identity created');
+              
+              // Show success message
+              toast({
+                title: "Password Set Successfully!",
+                description: "You can now sign in with your email and password.",
+              });
+              
+              // Redirect to auth page for sign-in
+              setTimeout(() => {
+                navigate('/auth');
+              }, 1500);
+              
+              return;
+            } catch (error: any) {
+              console.error('[AuthCallback] Password setup error:', error);
+              sessionStorage.removeItem('pending_password_setup'); // Cleanup
+              
+              toast({
+                variant: 'destructive',
+                title: 'Password Setup Failed',
+                description: error.message || 'Failed to set password. Please try again.',
+              });
+              
+              setTimeout(() => {
+                navigate('/settings?tab=security');
+              }, 2000);
+              
+              return;
+            }
+          } else {
+            console.warn('[AuthCallback] No pending password found in session storage');
+            toast({
+              variant: 'destructive',
+              title: 'Password Setup Incomplete',
+              description: 'Please try setting your password again from Security Settings.',
+            });
+            
+            setTimeout(() => {
+              navigate('/settings?tab=security');
+            }, 2000);
+            
+            return;
+          }
+        }
+
+        if (action === 'confirm-password') {
+          console.log('[AuthCallback] Processing confirm-password action (orphaned password)');
+          
+          // For orphaned password, the password is already set in auth.users
+          // The reset link just needed to be clicked to create the email identity
+          // Supabase handles this automatically when the reset link is clicked
+          
+          toast({
+            title: "Password Activated!",
+            description: "Your password authentication is now fully active. You can sign in with email and password.",
+          });
+          
+          // Redirect to auth page for sign-in
+          setTimeout(() => {
+            navigate('/auth');
+          }, 1500);
+          
+          return;
+        }
+
         // Check if this is a new OAuth user (created within last minute)
         const createdAt = new Date(user.created_at);
         const now = new Date();