Merge remote-tracking branch 'origin/master'

ui/src/pages/FirstPasswordChange.vue

@@ -57,7 +57,7 @@
 <script setup>
 import { ref } from 'vue'
 import { useRouter } from 'vue-router'
-import api from 'src/services/api'
+import api, { extractApiErrorDetail } from 'src/services/api'
 import { useAuthStore } from 'stores/authStore.js'
 
 const router = useRouter()
@@ -69,6 +69,33 @@ const newPassword2 = ref('')
 const loading = ref(false)
 const error = ref('')
 
+function resolveFirstPasswordError(status, detail) {
+  const text = String(detail || '').trim()
+  const lower = text.toLowerCase()
+
+  if (status === 401) {
+    if (lower.includes('mevcut sifre') || lower.includes('current password')) {
+      return 'Mevcut şifreyi yanlış girdiniz.'
+    }
+
+    if (lower.includes('token') || lower.includes('authorization')) {
+      return 'Oturum doğrulanamadı. Lütfen tekrar giriş yapın.'
+    }
+
+    return text || 'Kimlik doğrulama hatası (401). Lütfen tekrar giriş yapın.'
+  }
+
+  if (status === 403) {
+    if (lower.includes('permission')) {
+      return 'Şifre değiştirme yetkiniz yok (403). Sistem yöneticinize başvurun.'
+    }
+
+    return text || 'Bu işlem için yetkiniz yok (403).'
+  }
+
+  return text || 'Şifre güncellenemedi'
+}
+
 async function submit () {
   error.value = ''
 
@@ -84,25 +111,25 @@ async function submit () {
 
   loading.value = true
   try {
-    // 🔐 TOKEN interceptor ile otomatik
     await api.post('/password/change', {
       current_password: currentPassword.value,
       new_password: newPassword.value
     })
 
-    // Şifre değişimi sonrası tekrar giriş zorunlu
     auth.clearSession()
     router.replace('/login')
-
   } catch (e) {
-    error.value =
-      e?.data?.message ||
-      e?.message ||
-      'Şifre güncellenemedi'
+    const status = e?.response?.status
+    const detail = await extractApiErrorDetail(e)
+
+    console.error('FIRST_PASSWORD_CHANGE failed', {
+      status,
+      detail
+    })
+
+    error.value = resolveFirstPasswordError(status, detail)
   } finally {
     loading.value = false
   }
 }
 </script>
-
-

ui/src/services/api.js

@@ -1,9 +1,7 @@
-// src/services/api.js
 import axios from 'axios'
 import qs from 'qs'
 import { useAuthStore } from 'stores/authStore'
 
-// 🔥 ENV YOK
 export const API_BASE_URL = '/api'
 
 const api = axios.create({
@@ -38,17 +36,22 @@ api.interceptors.response.use(
   r => r,
   async (error) => {
     const status = error?.response?.status
+    const requestUrl = String(error?.config?.url || '')
     const hasBlob = typeof Blob !== 'undefined' && error?.response?.data instanceof Blob
+    const isPasswordChangeRequest =
+      requestUrl.startsWith('/password/change') ||
+      requestUrl.startsWith('/me/password')
 
     if ((status >= 500 || hasBlob) && error) {
       const method = String(error?.config?.method || 'GET').toUpperCase()
-      const url = error?.config?.url || ''
       const detail = await extractApiErrorDetail(error)
       error.parsedMessage = detail
-      console.error(`❌ API ${status || '-'} ${method} ${url}: ${detail}`)
+      console.error(`API ${status || '-'} ${method} ${requestUrl}: ${detail}`)
     }
 
-    if (error?.response?.status === 401 && !isLoggingOut) {
+    // Password change endpoints may return 401 for business reasons
+    // (for example current password mismatch). Keep session in that case.
+    if (status === 401 && !isPasswordChangeRequest && !isLoggingOut) {
       isLoggingOut = true
       try {
         useAuthStore().clearSession()
@@ -56,6 +59,7 @@ api.interceptors.response.use(
         isLoggingOut = false
       }
     }
+
     return Promise.reject(error)
   }
 )