Closed
Conversation
Signed-off-by: tedraykov <tedraykov@gmail.com>
🦋 Changeset detectedLatest commit: cd2f570 The changes in this PR will be included in the next version bump. This PR includes changesets to release 2 packages
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
sujithvn
previously approved these changes
May 18, 2023
Contributor
sujithvn
left a comment
sujithvn
left a comment
There was a problem hiding this comment.
I did not test this, but the changes looks good
brent-hoover
previously approved these changes
May 18, 2023
tedraykov
force-pushed
the
password-reset-url
branch
2 times, most recently
from
9e80185 to
cd2f570
Compare
vanpho93
approved these changes
Jun 1, 2023
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Resolves #6838
Impact: minor
Type: feature
Issue
The authentication plugin generates a password reset email with a hardcoded URL.
Solution
Instead of hardcoding the URL, we can parametrize it by introducing a password reset path fragment environmental variable like PASSWORD_RESET_PATH_FRAGMENT and turn the password reset URL into:
If we provide the default value of this env var to be ?resetToken=, it will support backward compatibility.
Technically we can set the STORE_URL to a more specific route like http://localhost:4000/password-reset that will evaluate to an URL, but the name of the variable doesn't imply that it will be only used in the password reset scenario. That's why I think it's a better idea to add additional configurable fragment to provide flexibility.
Breaking changes
None. The default value of the newly proposed environmental variable provides backward compatibility.
Testing
PASSWORD_RESET_PATH_FRAGMENTto a desired pathsendResetAccountPasswordEmailfor an existing account.