feat(auth): add password strength indicator and magic links

Password strength (zxcvbn-ts): - PasswordStrength component with 4-segment color bar and German feedback - Lazy-loaded with 150ms debounce to avoid SSR/bundle issues - Integrated into RegisterPage and ChangePassword components Magic Links (passwordless email): - Better Auth magicLink plugin (10-minute expiry) - sendMagicLinkEmail() in email service (German template) - Passthrough route for /magic-link/* endpoints - sendMagicLink() in shared-auth client - "Login-Link per E-Mail senden" button on all 20 login pages - All 21 auth stores have sendMagicLink() method Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-05-18 20:01:22 +02:00 · 2026-03-27 11:23:09 +01:00 · 2026-03-27 11:23:09 +01:00 · cc50c0c2ab
commit cc50c0c2ab
parent 86d1da3587
49 changed files with 430 additions and 1 deletions
--- a/packages/shared-auth/src/core/authService.ts
+++ b/packages/shared-auth/src/core/authService.ts
@ -778,6 +778,33 @@ export function createAuthService(config: AuthServiceConfig) {
 			}
 		},

+		/**
+		 * Send magic link for passwordless login
+		 */
+		async sendMagicLink(email: string): Promise<AuthResult> {
+			try {
+				const response = await fetch(`${baseUrl}/api/auth/magic-link/send-magic-link`, {
+					method: 'POST',
+					credentials: 'include',
+					headers: { 'Content-Type': 'application/json' },
+					body: JSON.stringify({ email }),
+				});
+
+				if (!response.ok) {
+					const err = await response.json().catch(() => ({}));
+					return { success: false, error: err.message || 'Failed to send magic link' };
+				}
+
+				trackAuth('magic_link_sent');
+				return { success: true };
+			} catch (error) {
+				return {
+					success: false,
+					error: error instanceof Error ? error.message : 'Failed to send magic link',
+				};
+			}
+		},
+
 		/**
 		 * Get security events (audit log)
 		 */