feat: Implement password addition email notification

src/lib/identityService.ts

@@ -218,12 +218,40 @@ export async function addPasswordToAccount(
     const { error: updateError } = await supabase.auth.updateUser({ password });
     if (updateError) throw updateError;
     
-    // Step 2: Log the password addition
+    // Step 2: Get user profile for email personalization
+    console.log('[IdentityService] Fetching user profile for email');
+    const { data: profile } = await supabase
+      .from('profiles')
+      .select('display_name, username')
+      .eq('user_id', user!.id)
+      .single();
+    
+    // Step 3: Send password addition email (before logging out)
+    console.log('[IdentityService] Sending password addition email');
+    try {
+      const { error: emailError } = await supabase.functions.invoke('send-password-added-email', {
+        body: {
+          email: userEmail,
+          displayName: profile?.display_name,
+          username: profile?.username,
+        },
+      });
+      
+      if (emailError) {
+        console.error('[IdentityService] Failed to send email:', emailError);
+      } else {
+        console.log('[IdentityService] Email sent successfully');
+      }
+    } catch (emailError) {
+      console.error('[IdentityService] Email sending error:', emailError);
+    }
+    
+    // Step 4: Log the password addition
     await logIdentityChange(user!.id, 'password_added', { 
       method: 'oauth_with_relogin_required' 
     });
     
-    // Step 3: Sign the user out so they can sign back in with email/password
+    // Step 5: Sign the user out so they can sign back in with email/password
     console.log('[IdentityService] Signing user out to force re-login');
     await supabase.auth.signOut();
     

supabase/config.toml

@@ -1,5 +1,8 @@
 project_id = "ydvtmnrszybqnbcqbdcy"
 
+[functions.send-password-added-email]
+verify_jwt = true
+
 [functions.create-novu-subscriber]
 verify_jwt = true
 

supabase/functions/send-password-added-email/index.ts

@@ -0,0 +1,161 @@
+import { serve } from 'https://deno.land/std@0.168.0/http/server.ts';
+import { createClient } from 'https://esm.sh/@supabase/supabase-js@2';
+
+const corsHeaders = {
+  'Access-Control-Allow-Origin': '*',
+  'Access-Control-Allow-Headers': 'authorization, x-client-info, apikey, content-type',
+};
+
+interface EmailRequest {
+  email: string;
+  displayName?: string;
+  username?: string;
+}
+
+serve(async (req) => {
+  if (req.method === 'OPTIONS') {
+    return new Response(null, { headers: corsHeaders });
+  }
+
+  try {
+    const supabaseClient = createClient(
+      Deno.env.get('SUPABASE_URL') ?? '',
+      Deno.env.get('SUPABASE_ANON_KEY') ?? '',
+      {
+        global: {
+          headers: { Authorization: req.headers.get('Authorization')! },
+        },
+      }
+    );
+
+    const { data: { user }, error: userError } = await supabaseClient.auth.getUser();
+
+    if (userError || !user) {
+      throw new Error('Unauthorized');
+    }
+
+    const { email, displayName, username }: EmailRequest = await req.json();
+
+    if (!email) {
+      throw new Error('Email is required');
+    }
+
+    const recipientName = displayName || username || 'there';
+    const siteUrl = Deno.env.get('SITE_URL') || 'https://thrillwiki.com';
+
+    const emailHTML = `
+      <!DOCTYPE html>
+      <html>
+        <head>
+          <style>
+            body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif; line-height: 1.6; color: #333; }
+            .container { max-width: 600px; margin: 0 auto; padding: 20px; }
+            .header { background: linear-gradient(135deg, #667eea 0%, #764ba2 100%); color: white; padding: 30px; text-align: center; border-radius: 8px 8px 0 0; }
+            .content { background: white; padding: 30px; border: 1px solid #e0e0e0; border-top: none; border-radius: 0 0 8px 8px; }
+            .button { display: inline-block; background: #667eea; color: white; padding: 12px 30px; text-decoration: none; border-radius: 6px; margin: 20px 0; }
+            .security-notice { background: #fff3cd; border-left: 4px solid #ffc107; padding: 15px; margin: 20px 0; border-radius: 4px; }
+            .footer { text-align: center; margin-top: 30px; padding-top: 20px; border-top: 1px solid #e0e0e0; color: #666; font-size: 12px; }
+            ul { line-height: 1.8; }
+          </style>
+        </head>
+        <body>
+          <div class="container">
+            <div class="header">
+              <h1>Password Successfully Added</h1>
+            </div>
+            <div class="content">
+              <p>Hi ${recipientName},</p>
+              
+              <p>Great news! A password has been successfully added to your ThrillWiki account (<strong>${email}</strong>).</p>
+              
+              <h3>✅ What This Means</h3>
+              <p>You now have an additional way to access your account. You can sign in using:</p>
+              <ul>
+                <li>Your email address and the password you just created</li>
+                <li>Any social login methods you've connected (Google, Discord, etc.)</li>
+              </ul>
+              
+              <h3>🔐 Complete Your Setup</h3>
+              <p>To activate your password authentication, please sign in with your new credentials:</p>
+              
+              <a href="${siteUrl}/auth?email=${encodeURIComponent(email)}" class="button">
+                Sign In Now
+              </a>
+              
+              <div class="security-notice">
+                <strong>⚠️ Security Notice</strong><br>
+                If you didn't add a password to your account, please contact our support team immediately at <strong>support@thrillwiki.com</strong>
+              </div>
+              
+              <p>Thanks for being part of the ThrillWiki community!</p>
+              
+              <p>
+                Best regards,<br>
+                The ThrillWiki Team
+              </p>
+            </div>
+            <div class="footer">
+              <p>© ${new Date().getFullYear()} ThrillWiki. All rights reserved.</p>
+              <p>This is an automated security notification. Please do not reply to this email.</p>
+            </div>
+          </div>
+        </body>
+      </html>
+    `;
+
+    const forwardEmailKey = Deno.env.get('FORWARDEMAIL_API_KEY');
+    const fromEmail = Deno.env.get('FROM_EMAIL_ADDRESS') || 'noreply@thrillwiki.com';
+
+    if (!forwardEmailKey) {
+      console.error('FORWARDEMAIL_API_KEY not configured');
+      throw new Error('Email service not configured');
+    }
+
+    const emailResponse = await fetch('https://api.forwardemail.net/v1/emails', {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        'Authorization': `Basic ${btoa(forwardEmailKey + ':')}`,
+      },
+      body: JSON.stringify({
+        from: fromEmail,
+        to: email,
+        subject: 'Password Added to Your ThrillWiki Account',
+        html: emailHTML,
+      }),
+    });
+
+    if (!emailResponse.ok) {
+      const errorText = await emailResponse.text();
+      console.error('ForwardEmail API error:', errorText);
+      throw new Error(`Failed to send email: ${emailResponse.statusText}`);
+    }
+
+    console.log(`Password addition email sent successfully to: ${email}`);
+
+    return new Response(
+      JSON.stringify({
+        success: true,
+        message: 'Password addition email sent successfully',
+      }),
+      {
+        status: 200,
+        headers: { ...corsHeaders, 'Content-Type': 'application/json' },
+      }
+    );
+
+  } catch (error) {
+    console.error('Error in send-password-added-email function:', error);
+    
+    return new Response(
+      JSON.stringify({
+        success: false,
+        error: error instanceof Error ? error.message : 'Unknown error',
+      }),
+      {
+        status: 500,
+        headers: { ...corsHeaders, 'Content-Type': 'application/json' },
+      }
+    );
+  }
+});