feat(auth): enable patient login using book_no and add book_no support in forgot-password flow
This MR enhances the authentication flow by enabling patient login using book_no and updating the forgot-password endpoint to support password creation/reset using book_no.
Login Flow Changes (/api/v1/auth/login)
-
Added support for patient login using
book_no+ password. -
If the patient is logging in for the first time (password not set), the API returns:
{ "first_login": true, "phone_number": "..." }This allows the frontend to redirect the patient to the forgot-password / set-password page.
-
Subsequent logins return the standard JWT token response.
-
Existing login flow for staff (phone_number + password) remains unchanged.
Forgot Password Changes (/api/v1/auth/forgot-password)
- Updated request body to support
book_noalong with existing fields. - Now supports password reset using:
-
user_phone_no(existing flow) - OR
book_no(new flow)
-
Updated request structure:
{ "user_phone_no": "...", "book_no": "...", "user_password": "...", "confirm_password": "...", "otp": "..." }
- Either
user_phone_noorbook_nomust be provided. - When
book_nois used:- Patient is fetched using
book_no - OTP validation is performed using the registered phone number
- Password is created/updated after successful validation
- Patient is fetched using
Validation & Handling
- Handles first-time patient login scenario.
- Ensures OTP validation before password creation.
- Maintains backward compatibility with existing phone-based reset.
- Proper validation errors returned for invalid inputs.
Impact
- Enables secure patient authentication using
book_no. - Allows patients without passwords to create one via OTP verification.
- Does not affect existing authentication flows for other user roles.