feat(medusa,utils,core-flows): add reset password metdata (#14417)

## Summary **What** Adds metadata field for reset password route that allows passing data from caller that can be found in the subscriber. ## Checklist Please ensure the following before requesting a review: - [x] I have added a **changeset** for this PR - Every non-breaking change should be marked as a **patch** - To add a changeset, run `yarn changeset` and follow the prompts - [x] The changes are covered by relevant **tests** - [x] I have verified the code works as intended locally - [ ] I have linked the related issue(s) if applicable --- > [!NOTE] > Introduces optional request `metadata` for reset-password and propagates it through to event subscribers. > > - Accepts `metadata` in `ResetPasswordRequest` validator and `reset-password` route; forwards it to `generateResetPasswordTokenWorkflow` > - Workflow now accepts `metadata` and includes it in emitted `auth.password_reset` event data > - Updates event docs to mention `metadata` field > - Adds integration test verifying `metadata` is emitted in the password reset event > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 7f9855feabed284336e8872eebfb18fe3bd320db. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup>
2026-01-02 13:41:26 +01:00
parent d06729d0d1
commit 43305a562c
6 changed files with 58 additions and 5 deletions
--- a/integration-tests/http/tests/auth/admin/auth.spec.ts
+++ b/integration-tests/http/tests/auth/admin/auth.spec.ts
@@ -1,4 +1,5 @@
 import { generateResetPasswordTokenWorkflow } from "@medusajs/core-flows"
+import { AuthWorkflowEvents, Modules } from "@medusajs/framework/utils"
 import { medusaIntegrationTestRunner } from "@medusajs/test-utils"
 import jwt from "jsonwebtoken"
 import {
@@ -431,6 +432,46 @@ medusaIntegrationTestRunner({
        expect(response.response.status).toEqual(401)
        expect(response.response.data.message).toEqual("Invalid token")
      })
+
+      it("should emit metadata in password reset event", async () => {
+        await api.post("/auth/user/emailpass/register", {
+          email: "test-metadata@medusa-commerce.com",
+          password: "secret_password",
+        })
+
+        const eventBus = container.resolve(Modules.EVENT_BUS)
+        const subscriber = jest.fn()
+
+        eventBus.subscribe(AuthWorkflowEvents.PASSWORD_RESET, subscriber)
+
+        const metadata = {
+          source: "test",
+          userId: "123",
+          customField: "customValue",
+        }
+
+        const response = await api.post("/auth/user/emailpass/reset-password", {
+          identifier: "test-metadata@medusa-commerce.com",
+          metadata: metadata,
+        })
+
+        expect(response.status).toEqual(201)
+
+        await new Promise((resolve) => setTimeout(resolve, 100))
+
+        expect(subscriber).toHaveBeenCalledTimes(1)
+
+        const eventData = subscriber.mock.calls[0][0]
+
+        expect(eventData.data).toMatchObject({
+          entity_id: "test-metadata@medusa-commerce.com",
+          actor_type: "user",
+          token: expect.any(String),
+          metadata,
+        })
+
+        eventBus.unsubscribe(AuthWorkflowEvents.PASSWORD_RESET, subscriber)
+      })
    })

    it("should refresh the token successfully", async () => {