fix(admin): correct identity register & change-password routes (405)

clients/admin/src/api/users.ts

@@ -81,7 +81,7 @@ export async function changePassword(input: {
   newPassword: string;
   confirmNewPassword: string;
 }): Promise<string> {
-  return apiFetch<string>(`${BASE}/change-password`, {
+  return apiFetch<string>(`${IDENTITY}/change-password`, {
     method: "POST",
     body: JSON.stringify(input),
   });
@@ -110,7 +110,7 @@ export async function getUserRoles(id: string): Promise<UserRoleDto[]> {
 }
 
 export async function registerUser(input: RegisterUserInput): Promise<RegisterUserResponse> {
-  return apiFetch<RegisterUserResponse>(`${BASE}/register`, {
+  return apiFetch<RegisterUserResponse>(`${IDENTITY}/register`, {
     method: "POST",
     body: JSON.stringify(input),
   });

clients/admin/tests/settings/security.spec.ts

@@ -5,7 +5,7 @@ import { installAdminShellMocks, ADMIN_PERMS } from "../helpers/shell-mocks";
 
 // SecuritySettings = password change + 2FA. The 2FA branch is driven by the
 // profile's twoFactorEnabled flag (GET /api/v1/identity/profile). Password
-// change POSTs to /api/v1/identity/users/change-password with
+// change POSTs to /api/v1/identity/change-password with
 // { password, newPassword, confirmNewPassword }.
 
 const PROFILE_2FA_OFF = {
@@ -55,7 +55,7 @@ test.describe("settings · security", () => {
     await mockJsonResponse(page, "**/api/v1/identity/profile", PROFILE_2FA_OFF);
     await mockJsonResponse(
       page,
-      "**/api/v1/identity/users/change-password",
+      "**/api/v1/identity/change-password",
       '"Password changed."',
       { method: "POST" },
     );
@@ -75,7 +75,7 @@ test.describe("settings · security", () => {
 
     const reqPromise = page.waitForRequest(
       (r) =>
-        r.url().includes("/api/v1/identity/users/change-password") && r.method() === "POST",
+        r.url().includes("/api/v1/identity/change-password") && r.method() === "POST",
       { timeout: 5_000 },
     );
     await dialog.getByRole("button", { name: /update password/i }).click();
@@ -135,7 +135,7 @@ test.describe("settings · security", () => {
     await mockJsonResponse(page, "**/api/v1/identity/profile", PROFILE_2FA_OFF);
     await mockProblemDetails(
       page,
-      "**/api/v1/identity/users/change-password",
+      "**/api/v1/identity/change-password",
       400,
       { title: "Bad Request", detail: "Current password is incorrect." },
     );

clients/admin/tests/users/users.spec.ts

@@ -138,8 +138,8 @@ test.describe("users create form", () => {
     ).toBeVisible();
   });
 
-  test("filling the form and submitting POSTs to /users/register", async ({ page }) => {
-    await page.route("**/api/v1/identity/users/register", async (route) => {
+  test("filling the form and submitting POSTs to /register", async ({ page }) => {
+    await page.route("**/api/v1/identity/register", async (route) => {
       if (route.request().method() !== "POST") {
         await route.fallback();
         return;
@@ -179,7 +179,7 @@ test.describe("users create form", () => {
     await dialog.getByLabel(/^Confirm password/).fill("Sup3rSecret!");
 
     const reqPromise = page.waitForRequest(
-      (r) => r.url().endsWith("/api/v1/identity/users/register") && r.method() === "POST",
+      (r) => r.url().endsWith("/api/v1/identity/register") && r.method() === "POST",
       { timeout: 5_000 },
     );
     await dialog.getByRole("button", { name: "Create account", exact: true }).click();
@@ -198,7 +198,7 @@ test.describe("users create form", () => {
 
   test("client-side validation blocks submit on an invalid username", async ({ page }) => {
     let posted = false;
-    await page.route("**/api/v1/identity/users/register", async (route) => {
+    await page.route("**/api/v1/identity/register", async (route) => {
       if (route.request().method() === "POST") posted = true;
       await route.fulfill({
         status: 200,