docs: expand Phase 19 to all three AuthBlocks registration paths + reset brief

Cover admin provision-now, public self-service redeem, and admin invite-by-email across CMS + public-site tracks. Add standalone AuthBlocks password-reset team brief.
This commit is contained in:
daniel-c-harvey
2026-06-19 19:18:53 -04:00
parent 0358df82ac
commit 042641d841
3 changed files with 554 additions and 106 deletions
+70 -40
View File
@@ -380,56 +380,86 @@ opacity + muted-text mixes are tune-on-screen details, not decision gates.
---
## Phase 19 — AuthBlocks User Management in the CMS
## Phase 19 — AuthBlocks User Management (CMS admin + public self-registration)
Wire the AuthBlocks user-administration surface (create users, manage existing accounts, manage
registration invites, manage role permissions) into the `DeepDrftManager` CMS so an admin runs account
management from inside the authenticated CMS. Daniel's framing: *"already part of the AuthBlocks library
so we just wire it up."* Correct — and **further along than it implies.** Full design, the
already-done-vs-remaining split, nav-shape alternatives, scope boundaries, and open questions:
Wire **all three** AuthBlocks account-creation paths into DeepDrft, each on its correct host: the
CMS-side user-administration surface (provision users, manage accounts, manage registration invites,
manage role permissions) on `DeepDrftManager`, **and** the public-facing self-service registration form
on `DeepDrftPublic`. Daniel's framing: *"already part of the AuthBlocks library so we just wire it up."*
Correct for the CMS — and **further along than it implies** there; the public-site path is a genuine
cold-start integration. Full design, the verified three-path model, the already-done-vs-remaining split,
the public-site cold-start analysis, scope boundaries, and open questions:
`product-notes/phase-19-user-management-cms.md`.
**Headline finding — most of the wiring already landed by side-effect.** The AuthBlocks startup
separation (`PLAN_authblocks_trackmanager.md`, 2026-05-25) + the login/logout integration already put
the entire user-admin surface in place: `Cerebellum.AuthBlocks.Web` is referenced
(`DeepDrftManager.csproj`), `ConfigureAuthServices` registers every user-admin client + ViewModel
pointed at DeepDrftAPI (`Program.cs`), the Blazor router already discovers the AuthBlocks pages
(`Routes.razor` `AdditionalAssemblies`), they already render in `CmsLayout` (`DefaultLayout`), and the
DeepDrft `Admin` role **inherits** `UserAdmin` (so the seeded admin already passes the page gate with no
role change). The user-admin pages ship in a published **RCL** (`Cerebellum.AuthBlocks.Web` — an
`Sdk.Razor` project with no `Program.cs`), so the brief's worried-about "extract pages into an RCL" fork
**does not arise**. The API host (`api/users/*`, `api/auth/admin-register`, etc.) is already mounted on
DeepDrftAPI via `MapAuthBlocks`.
**The three account-creation paths (verified against AuthBlocks source 2026-06-19):**
1. **Admin provisions directly**`SuperRegister.razor``/account/superregister` → `POST
api/auth/admin-register` (UserAdmin-gated, **working**). Host: **CMS**. Creates a live account now.
2. **Public self-service** — `Register.razor` → `/account/register` → `POST api/auth/register`
(unauthenticated, **working**). Host: **PUBLIC SITE**. Invited user redeems a code (pre-filled from the
invite email's deep link) and self-registers.
3. **Admin provisions a token + triggers the invite email** — `NewRegistration(Form).razor` →
`/useradmin/registrations/new` → `POST api/pendingregistration/create` (UserAdmin-gated). Host:
**CMS**. **Sends a real email server-side** via Mailtrap (`RegistrationEmailTemplate` +
`IGeneralEmailSender`, configured in DeepDrftAPI from `environment/authblocks.json`) — **not stubbed.**
**The genuine remaining work is exposure + verification + polish, not integration.** The surface is
invisible because `CmsLayout` has **no nav menu at all** (just an app bar + Home button), so nothing
links to `/useradmin/*`. The work: (G1) add navigation; (G2) verify the wired surface end-to-end; (G3) a
legibility-only theming sweep.
**Scope reversal (Daniel, 2026-06-19).** Rev. 1 deferred public registration and treated "create user"
as one CMS path. Both reversed: all three paths are in scope, and public registration (path 2) is now a
distinct **public-site track**. The only genuinely stubbed surface is **Reset Password** (`Users.razor`,
`// todo integrate with email`; **no backing endpoint** in `AuthRoutes`) — handled separately by Daniel
in the AuthBlocks repo (see `product-notes/authblocks-password-reset-brief.md`).
**Sequenced as one real wave + verification.** `19.1 → {19.2, 19.3}`.
**CMS side — most wiring already landed by side-effect.** The AuthBlocks startup separation
(`PLAN_authblocks_trackmanager.md`, 2026-05-25) + login/logout integration already put the entire
user-admin surface in place on `DeepDrftManager`: `Cerebellum.AuthBlocks.Web` referenced,
`ConfigureAuthServices` registers every client + ViewModel pointed at DeepDrftAPI, the router discovers
the pages (`AdditionalAssemblies`), they render in `CmsLayout` (`DefaultLayout`), and the DeepDrft
`Admin` role **inherits** `UserAdmin` (the seeded admin passes the gate with no role change). The pages
ship in a published **RCL**, so the worried-about "extract pages into an RCL" fork **does not arise**.
The CMS remaining work is exposure + verification + polish — the surface is invisible only because
`CmsLayout` has **no nav menu** (app bar + Home button), so nothing links to `/useradmin/*` or
`/account/superregister`.
- **19.1 — CmsLayout navigation (cold-start, the only code wave).** Add a `MudDrawer` + toggle to
`CmsLayout.razor`; mount the shipped `UserAdminMenu` fragment (self-gates to `UserAdmin`+) alongside
the existing CMS destinations (Catalogue / Releases / Upload); wire the canonical create-user link
(OQ2). **No service, API, data, or AuthBlocks-source change.** **Recommended nav shape: G1-b** (a real
drawer reusing AuthBlocks' own `MudNavGroup`) over an app-bar overflow stopgap or a heavier dedicated
admin dashboard.
- **19.2 — End-to-end verification (after 19.1).** Exercise list/create/deactivate users,
registrations, permissions against a running DeepDrftAPI; confirm cross-host token + CORS. Mostly
test; any break is likely a one-line config fix or an upstream AuthBlocks issue.
**Public side — genuine cold start.** `DeepDrftPublic` has **no AuthBlocks footprint at all** (verified:
no package ref, no `ConfigureAuthServices`, no page discovery). Path 2 requires real host integration:
package ref + service wiring + page discovery + layout + CORS verification. The render-mode substrate is
compatible (the public site already has InteractiveServer, which `Register.razor` needs).
**Two parallel tracks.** CMS track `19.1 → {19.2, 19.3}`; public track `19.4` independent and parallel.
*CMS track:*
- **19.1 — CmsLayout navigation (cold-start, the only CMS code wave). DECIDED nav shape: G1-b.** Add a
`MudDrawer` + toggle to `CmsLayout.razor`; mount the shipped `UserAdminMenu` fragment (self-gates to
`UserAdmin`+) alongside the existing CMS destinations (Catalogue / Releases / Upload); surface **both**
admin account paths (path 1 `SuperRegister` + path 3 via the Registrations link); do **not** surface the
redundant bare `NewUser` (OQ2 resolved). **No service, API, data, or AuthBlocks-source change.**
- **19.2 — End-to-end verification (after 19.1).** Exercise provision-now (path 1), **invite-email send
(path 3)**, list/deactivate users, permissions against a running DeepDrftAPI; confirm cross-host token +
CORS and that the Mailtrap creds are real. Mostly test; any break is likely a one-line config fix or an
upstream AuthBlocks issue.
- **19.3 — Theming legibility sweep (after 19.1, parallel-ok).** Accept the CMS palette for the
MudBlazor-default grids; fix only contrast/legibility breaks. Bespoke restyle deferred.
**Deferred (note, don't build):** an admin dashboard landing (G1-c); working **Reset Password** (the
AuthBlocks Users page stubs it — an *upstream AuthBlocks-repo* effort, not a DeepDrft wiring task);
bespoke restyle of the AuthBlocks grids; surfacing self-service registration on the public site;
bumping `Cerebellum.AuthBlocks.Web` 10.3.33 → 10.3.35 (housekeeping, Daniel's timing).
*Public-site track:*
- **19.4 — Public self-service registration on DeepDrftPublic (cold-start, parallel to 19.1).** Wire path
2: add `Cerebellum.AuthBlocks.Web` to `DeepDrftPublic`, call `ConfigureAuthServices` in `Program.cs`
pointed at the existing DeepDrftAPI base URL, add page discovery so `/account/register` is reachable,
settle layout (OQ8) + route-exposure posture (OQ7), verify CORS for the public origin. Real
host-integration code (unlike the CMS). Acceptance: the full path-3→path-2 loop works — admin provisions
in CMS → email arrives → invited user redeems on the public site.
**Open questions for Daniel (spec §6):** (1) nav shape — confirm **G1-b**; (2) canonical create-user
entry — `SuperRegister` (role multiselect, recommended) vs. `NewUser` (bare form); (3) admin dashboard
defer vs. include (recommend defer); (4) package bump now vs. separate (recommend leave); (5) confirm
Reset Password is accepted **non-functional in v1** so verification doesn't file it as a DeepDrft bug.
Items 1, 2, 5 shape the work/acceptance; 3, 4 don't block 19.1.
**Deferred (note, don't build):** admin dashboard landing (G1-c); working **Reset Password** (separate
AuthBlocks-repo effort); bespoke restyle of the AuthBlocks grids; a lean public auth layout (OQ8); a
visible public-nav Register link (OQ9 — invite-only, deep-link entry); bumping
`Cerebellum.AuthBlocks.Web` 10.3.33 → 10.3.35 (housekeeping; if 19.4 adds the package to the public host,
pin both hosts to one version).
**Open questions for Daniel (spec §6).** *Resolved:* (1) nav shape **G1-b**; (2) surface path 1 +
path 3, hide bare `NewUser`; (5) Reset Password non-functional in v1, handled separately. *Still open:*
(3) admin dashboard defer (recommend defer); (4) package bump (recommend leave); (6) accept public site
becoming auth-aware (recommend accept); (7) public route exposure of admin routes — present-but-gated vs.
narrow discovery (recommend accept for v1); (8) public-registration layout — full chrome vs. lean
(recommend full for v1); (9) public Register nav link (recommend deep-link-only). Items 69 shape 19.4;
3, 4 are CMS scope/timing. None block 19.1.
**Adjacency to the deferred Identity / accounts backlog item (below).** That item is about *public,
per-user* identity (favourites, listening history, playlists). This phase is *CMS-admin* account