From 84592b8b3be03df7a7bf9143e1b2c3ac8caeddc1 Mon Sep 17 00:00:00 2001
From: NPS Agent <npsagent@dash.naroomaplumbing.au>
Date: Tue, 12 May 2026 11:21:09 +0930
Subject: [PATCH] Changed login screen to ask for username and password instead
 of displaying staff name

---
 app.jsx         |  27 ++++++++++++++----
 backend/main.py |  11 ++++++--
 dashy.db        | Bin 77824 -> 81920 bytes
 screens.jsx     |  71 ++++++++++++++++++++++--------------------------
 4 files changed, 63 insertions(+), 46 deletions(-)

diff --git a/app.jsx b/app.jsx
index b011fba..d6799f0 100644
--- a/app.jsx
+++ b/app.jsx
@@ -14,17 +14,28 @@ function useApiData(authed) {
   const [loading, setLoading] = React.useState(true);
 
   React.useEffect(() => {
-    if (!authed) return;
-    
     let mounted = true;
     const load = async () => {
       try {
+        if (!authed) {
+          // Fetch only public data (workspace info and user list for login)
+          const [users, workspace] = await Promise.all([
+            api.getUsers().catch(() => []),
+            api.getWorkspace().catch(() => null)
+          ]);
+          if (mounted) {
+            setData(prev => ({ ...prev, users, workspace }));
+            setLoading(false);
+          }
+          return;
+        }
+
         const [tasks, users, audit, workspace, deletedTasks] = await Promise.all([
           api.getTasks(),
           api.getUsers(),
           api.getAudit(),
           api.getWorkspace(),
-          api.getDeletedTasks().catch(() => []) // Catch if not admin or error
+          api.getDeletedTasks().catch(() => [])
         ]);
         if (mounted) {
           setData({ tasks, users, audit, workspace, deletedTasks });
@@ -109,8 +120,14 @@ function App() {
 
   if (!authed) {
     return <LoginScreen dbUsers={dbUsers} workspace={workspace} onLogin={async (id, pwd) => {
-      await api.login(id, pwd);
-      setMeId(id);
+      const data = await api.login(id, pwd);
+      // Extract actual User ID from token payload
+      try {
+        const payload = JSON.parse(atob(data.access_token.split('.')[1]));
+        setMeId(payload.sub);
+      } catch(e) {
+        setMeId(id);
+      }
       setAuthed(true);
       api.addAudit({ actor: id, action: 'login', summary: 'Signed in' }).catch(console.error);
     }} />;
diff --git a/backend/main.py b/backend/main.py
index 58ce2a4..d211daa 100644
--- a/backend/main.py
+++ b/backend/main.py
@@ -21,7 +21,12 @@ app.add_middleware(
 
 @app.post("/token", response_model=schemas.Token)
 async def login_for_access_token(form_data: schemas.UserLogin, db: Session = Depends(get_db)):
-    user = db.query(models.User).filter(models.User.id == form_data.id).first()
+    # Search by ID or Name
+    user = db.query(models.User).filter(
+        (models.User.id == form_data.id) | 
+        (models.User.name == form_data.id)
+    ).first()
+    
     if not user or not auth.verify_password(form_data.password, user.password_hash):
         raise HTTPException(
             status_code=status.HTTP_401_UNAUTHORIZED,
@@ -32,7 +37,7 @@ async def login_for_access_token(form_data: schemas.UserLogin, db: Session = Dep
     return {"access_token": access_token, "token_type": "bearer"}
 
 @app.get("/users", response_model=List[schemas.User])
-def read_users(db: Session = Depends(get_db), current_user: models.User = Depends(auth.get_current_user)):
+def read_users(db: Session = Depends(get_db)):
     return db.query(models.User).all()
 
 @app.post("/users", response_model=schemas.User)
@@ -169,7 +174,7 @@ def restore_task(task_id: str, db: Session = Depends(get_db), current_user: mode
     db.refresh(db_task)
     return db_task
 @app.get("/workspace", response_model=schemas.Workspace)
-def read_workspace(db: Session = Depends(get_db), current_user: models.User = Depends(auth.get_current_user)):
+def read_workspace(db: Session = Depends(get_db)):
     ws = db.query(models.Workspace).first()
     if not ws:
         ws = models.Workspace(id="default", name="murchison-auto", timezone="Pacific/Auckland")
diff --git a/dashy.db b/dashy.db
index f3bda5a839479ff252e8fe4c3e9634add0e6ce09..f0716934aac245edf8d036d0b1024d3aa744203c 100644
GIT binary patch
delta 1964
zcmZvdTWs4@9LAldX=}&lxKV0_vW+Ecs|u~vj_-D)!HTqj+HD24X-});_|m3LlTxbD
z%hoh|g|S5z;(^O1gpfd}E6M{Z+CY<#U@%@mNPFOZM;f;wHgR!cJ0tO;$jX;<e*f?I
zoX>x+eb&CV7CE~mas|V%o=Wom(3LkbFOQRL)D7nktcSWq-KfSM{+=quEJt^<gmaz4
zD;RZ?`i=UD`WnB9zfJr_%@SwfYp{p>Ao?QpG5iK($WNme!6U>xjNsRZa`Z9S7yXdX
zsrSe^{5)|9yhR+wE8sMIjx14oK!0>CDiG_@Gvw>=5Ar)=FU7#8h`Xo>(1BloC*dY|
zpg($u_yPY2j*w5oPsl&X0csro5frH%fFoZ3G}#HBCkE{knIV$EVS##*I7huoh}HGX
zr7nAYx}(G^oNP%bI|sw5kf!o1#|f6i7F{VJMG-~KD7X?Cj3wv>KkJQ(mMI}#%Da*k
zIYlr`X2u(}vI;_+FzvB2W0(TZ<y@(o3M*T3$(nMtsOt(V>S)rH3Q{;$L&$QaDP?(v
zvykac77PZlI%Bw!mt|eFL{oPqr#N#B*~+?-WhGvecvJJFD9W6Kq)c7*stn7EBCBOp
zci36KWtcpgsIE_&5qdK^K)g#J{6Vln=HY0^&aS;(*Q=@SaEHC~cp<zM8?03Ns_z^>
z7HaQ$3A?va830GRL5dzuB;vg^huOocNn$29Kd)&^^TmQazD(QsRoLmI1^)^=SgDNK
z*B5_p2U%=?rScFg#|RJ~D<){Vmmb0FUzR59i%WOgQ_C=>;vhB#67l#pX9U9*6npgF
z?a_MG`Jypv8urHWAc%E=*fF(k?(knOABoh>?cFOwco}uV*m#+u?aM3q_PkceRoN3v
zD4fE2D<ibMa`KgSr*Q2aqGcMw6jKI?1Z@v2j;E5t$p!QA1^43qt~=L@Pvs`3?9$@4
z>KCg!%3&Tm^-O2zXsPX5+v&D_p?^XbLTZS@HnCGq@s^KZb*8v@Vmqd({(-ZI6^D^9
z%&<wsq<QDdI=7cEPUZ@Sa+3wqNahNM%^KFXJEf_9Fq$z=NJkLoaQ5Y2`**3P&a*nw
zxPwNGOK}b-dI@Ubm^8=PpZ}fuAEP%IKW0IOb(k$Sy4A5u)pR|}^GG<5t#gdy<>xWT
zp&Iw>`A8^o8{DV4hA~a`lN$h8#Wx(3_hww9+I%nC!TD0dXiz$!Hdf|mKM05oU{7QF
zgozqhKP~?$X#r81R|2Q?W;`7Fd1xze&Yl2QG3tHl40V*c2Yw4T;1lpZ7y(zSspJMI
zNpnv9M7_S>m744GVwz<}YR^$~9;D)J(Cc3TkYUGaPhksKXn+zbxvj2+6w-opCvvty
z`b{wa^5PxVD&!r|-9*W2pB`B9GcTlB`O((Q3o{MQ@3Sq2d|C)%(sW~;lGl%0FfJ{)
zTT^P@8!_jQbp14t*SZ5FC+~N<NHZr*H5|PjZv{D2?;g#dEKW8Y{kK7YWW=E3f97-u
AB>(^b

delta 471
zcmZo@U~PE7GC`VkH3I{K@I(cB#?>1WmiTiq^8W@3FbMMh-YhubJ-;=BfDspvAIr6l
zf&Ul(XZ|<*Pq}{b=kl%M6X7|<J&*qy-!t9>o}1izcmw%ZxeNJ}xli*S=PBUY%e!l`
zPlALFzad`_e;h9xUoGEGUMKEgu2+1HJbirEdA{?g^854V^DFTh^UUQH<zeTYGkH#e
z4jW${e>eZi%~ulka%^1S%(!`7Rw}FL4z6olWt>kq-Fd5dayVqzwD}Y{K5SMLU}l@F
zU6#kZh(UegMCHx<%VHTh>-cyT4bz3ig(rvB`7;;gr%djxmJ&5IR4_2LGBC3;wE%gK
zfq^@d!EfS3ugM=OzVJ5kbMXj!=ZlL9ONu&9wyTO`&P`33yr4>jCytXx(3@9WSXdS)
zaj{C9IVZn-^8YGz9sv#>!Pt0laj*{K>QL6i%A)){pjA37yh#lH6DN9eHX5??3Hmqk
zi%&jOox_@)SyYs`*{H^lk-3~fa-yT?<m%dGh9LqxilVw;V~iOXO5ziflaowL3`|QB
zi?d5oi%S$zQj3#|G7CyF^Yb7!lvijlW>1`$zWGs|QX{iAv+z`Q#_)|3w=!)PW@db=
F0{~ymi^%{0

diff --git a/screens.jsx b/screens.jsx
index 4a55f1d..60700f2 100644
--- a/screens.jsx
+++ b/screens.jsx
@@ -1,20 +1,19 @@
 // Screens for Dashy
 
 function LoginScreen({ onLogin, dbUsers = [], workspace }) {
-  const [pickedId, setPickedId] = React.useState('rod');
+  const [username, setUsername] = React.useState('');
   const [password, setPassword] = React.useState('');
   const [error, setError] = React.useState('');
   const [busy, setBusy] = React.useState(false);
 
-  React.useEffect(() => { setPassword(''); setError(''); }, [pickedId]);
-
   const submit = async () => {
+    if (!username) { setError('Enter your username'); return; }
     if (!password) { setError('Enter your password'); return; }
     setError(''); setBusy(true);
     try {
-      await onLogin(pickedId, password);
+      await onLogin(username, password);
     } catch (e) {
-      setError('Incorrect password');
+      setError('Incorrect username or password');
     } finally {
       setBusy(false);
     }
@@ -27,43 +26,39 @@ function LoginScreen({ onLogin, dbUsers = [], workspace }) {
           <BrandMark />
           <span className="login__wordmark">Dashy</span>
         </div>
-        <h1 className="login__title">Pick up where you left off.</h1>
-        <p className="login__sub">Sign in to your team workspace · <span className="mono">{workspace ? workspace.name : 'loading…'}</span></p>
+        <h1 className="login__title">Sign in to Dashy</h1>
+        <p className="login__sub">Enter your details to access the <span className="mono">{workspace ? workspace.name : 'loading…'}</span> workspace</p>
 
-        <div className="login__users">
-          {dbUsers.map(u => (
-            <button
-              key={u.id}
-              className={"login__user" + (pickedId === u.id ? " is-picked" : "")}
-              onClick={() => setPickedId(u.id)}
-            >
-              <Avatar user={u} size={40} />
-              <div className="login__user-meta">
-                <span className="login__user-name">{u.name}</span>
-                <span className="login__user-role">{u.role}</span>
-              </div>
-              {pickedId === u.id && <span className="login__user-tick"><Icon.Check /></span>}
-            </button>
-          ))}
+        <div style={{ display: 'flex', flexDirection: 'column', gap: '14px', marginTop: '1rem' }}>
+          <label className="field">
+            <span className="field__label">Username</span>
+            <input
+              className="field__input"
+              value={username}
+              onChange={e => setUsername(e.target.value)}
+              onKeyDown={e => { if (e.key === 'Enter') submit(); }}
+              placeholder="Username"
+              autoFocus
+            />
+          </label>
+
+          <label className="field">
+            <span className="field__label">Password</span>
+            <input
+              className="field__input"
+              type="password"
+              value={password}
+              onChange={e => setPassword(e.target.value)}
+              onKeyDown={e => { if (e.key === 'Enter') submit(); }}
+              placeholder="••••••••"
+            />
+          </label>
         </div>
 
-        <label className="field">
-          <span className="field__label">Password</span>
-          <input
-            className="field__input"
-            type="password"
-            value={password}
-            onChange={e => setPassword(e.target.value)}
-            onKeyDown={e => { if (e.key === 'Enter') submit(); }}
-            placeholder="Enter password"
-            autoFocus
-          />
-        </label>
+        {error && <div className="mono" style={{ color: 'var(--prio-high-dot)', marginTop: '0.25rem', fontSize: '12px' }}>{error}</div>}
 
-        {error && <div className="mono" style={{ color: 'var(--prio-high-dot)', marginTop: '0.25rem' }}>{error}</div>}
-
-        <button className="btn btn--primary btn--full" onClick={submit} disabled={busy}>
-          {busy ? 'Signing in…' : <>Sign in as {findUser(pickedId).name}</>}
+        <button className="btn btn--primary btn--full" style={{ marginTop: '0.5rem' }} onClick={submit} disabled={busy}>
+          {busy ? 'Signing in…' : 'Sign in'}
           <Icon.Arrow />
         </button>