Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support Dynamic Password Reset URL #6839

Open
wants to merge 1 commit into
base: trunk
Choose a base branch
from
Open

Conversation

tedraykov
Copy link
Collaborator

@tedraykov tedraykov commented May 15, 2023

Resolves #6838
Impact: minor
Type: feature

Issue

The authentication plugin generates a password reset email with a hardcoded URL.

Solution

Instead of hardcoding the URL, we can parametrize it by introducing a password reset path fragment environmental variable like PASSWORD_RESET_PATH_FRAGMENT and turn the password reset URL into:

${STORE_URL}/${PASSWORD_RESET_PATH_FRAGMENT}${token}

If we provide the default value of this env var to be ?resetToken=, it will support backward compatibility.

Technically we can set the STORE_URL to a more specific route like http://localhost:4000/password-reset that will evaluate to an URL, but the name of the variable doesn't imply that it will be only used in the password reset scenario. That's why I think it's a better idea to add additional configurable fragment to provide flexibility.

Breaking changes

None. The default value of the newly proposed environmental variable provides backward compatibility.

Testing

  1. Set up Opencommerce with a working email client.
  2. Set up the PASSWORD_RESET_PATH_FRAGMENT to a desired path
  3. Call the sendResetAccountPasswordEmail for an existing account.
  4. Validate that the password reset URL in the received email matches the desired format.

@changeset-bot
Copy link

changeset-bot bot commented May 15, 2023

🦋 Changeset detected

Latest commit: cd2f570

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 2 packages
Name Type
@reactioncommerce/api-plugin-authentication Minor
reaction Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

sujithvn
sujithvn previously approved these changes May 18, 2023
Copy link
Contributor

@sujithvn sujithvn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I did not test this, but the changes looks good

brent-hoover
brent-hoover previously approved these changes May 18, 2023
@tedraykov tedraykov dismissed stale reviews from brent-hoover and sujithvn via 13de0cf May 19, 2023 08:30
@tedraykov tedraykov force-pushed the password-reset-url branch 2 times, most recently from 9e80185 to cd2f570 Compare May 19, 2023 08:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Allow configurable password reset URL
4 participants