nis2-agile/public/forgot-password.html

<!DOCTYPE html>
<html lang="it">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Password dimenticata - NIS2 Agile</title>
    <link rel="stylesheet" href="css/style.css">
    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.1/css/all.min.css">
    <style>
        .back-link { display:block; text-align:center; margin-top:14px; font-size:.85rem; color:#6B7280; text-decoration:none; }
        .back-link:hover { color: var(--color-primary, #2563eb); }
        .auth-success { background:#ECFDF5; color:#065F46; border:1px solid #A7F3D0; padding:12px 16px; border-radius:6px; font-size:.9rem; margin-bottom:16px; display:none; }
        .auth-success.visible { display:block; }
        .auth-helper { font-size:.85rem; color:#6B7280; margin-bottom:18px; line-height:1.5; }
    </style>
</head>
<body>
    <div class="auth-page">
        <div class="auth-card">
            <div class="auth-header">
                <div class="auth-logo">
                    <div class="auth-logo-icon">
                        <svg viewBox="0 0 24 24" fill="currentColor">
                            <path d="M12 1L3 5v6c0 5.55 3.84 10.74 9 12 5.16-1.26 9-6.45 9-12V5l-9-4zm0 2.18l7 3.12v4.7c0 4.83-3.23 9.36-7 10.57-3.77-1.21-7-5.74-7-10.57V6.3l7-3.12z"/>
                        </svg>
                    </div>
                    <span class="auth-logo-text">NIS2 <span>Agile</span></span>
                </div>
                <p class="auth-subtitle">Reimposta la tua password</p>
            </div>

            <div class="auth-body">
                <div class="auth-error" id="err"></div>
                <div class="auth-success" id="ok"></div>

                <p class="auth-helper">Inserisci l'indirizzo email associato al tuo account. Ti invieremo un link valido 30 minuti per impostare una nuova password.</p>

                <form id="forgot-form" novalidate>
                    <div class="form-group">
                        <label class="form-label" for="email">Indirizzo Email</label>
                        <input type="email" id="email" name="email" class="form-input"
                               placeholder="nome@azienda.it" autocomplete="email" required>
                    </div>

                    <button type="submit" class="btn btn-primary btn-lg w-full" id="submit-btn">
                        Invia link
                    </button>
                </form>
            </div>

            <div class="auth-footer">
                <a href="login.html" class="back-link"><i class="fas fa-arrow-left"></i> Torna al login</a>
            </div>
        </div>
    </div>

    <script src="js/api.js"></script>
    <script>
        const form  = document.getElementById('forgot-form');
        const err   = document.getElementById('err');
        const ok    = document.getElementById('ok');
        const btn   = document.getElementById('submit-btn');

        form.addEventListener('submit', async function(e) {
            e.preventDefault();
            err.classList.remove('visible');
            ok.classList.remove('visible');

            const email = document.getElementById('email').value.trim();
            if (!email) {
                err.textContent = 'Inserisci l\'indirizzo email.';
                err.classList.add('visible');
                return;
            }

            btn.disabled = true;
            btn.textContent = 'Invio in corso...';
            try {
                const res = await fetch('/api/auth/forgot-password', {
                    method: 'POST',
                    headers: { 'Content-Type': 'application/json' },
                    body: JSON.stringify({ email: email })
                });
                const data = await res.json();
                if (res.status === 429) {
                    err.textContent = data.message || 'Troppe richieste. Riprova più tardi.';
                    err.classList.add('visible');
                } else if (data.success) {
                    ok.textContent = data.message;
                    ok.classList.add('visible');
                    form.style.display = 'none';
                } else {
                    err.textContent = data.message || 'Errore. Riprova.';
                    err.classList.add('visible');
                }
            } catch (e) {
                err.textContent = 'Errore di connessione al server.';
                err.classList.add('visible');
            } finally {
                btn.disabled = false;
                btn.textContent = 'Invia link';
            }
        });
    </script>
</body>
</html>