{#- set_password.html — set a password from an invite or reset link. Inherits the auth contract. Backend: GET/POST /set-password (app.py). The `token` comes from the query string on GET and is echoed back in a hidden field on POST; auth.set_password(token, password) consumes it and activates the account. Shared by both the invite and reset flows. -#} {% extends "layout_auth.html" %} {% block title %}Set password{% endblock %} {% block eyebrow %}Account access{% endblock %} {% block heading %}Set your password{% endblock %} {% block subheading %}

Choose a password to activate your account.

{% endblock %} {% block auth_body %}
{#- Echo the single-use token back to the POST. -#}
Passwords don't match.
{% endblock %} {% block auth_foot %} Back to sign in {% endblock %} {% block scripts %} {% endblock %}