From 0a1d59dd45f1bc67fa07c1a2782e7edcc963b1ec Mon Sep 17 00:00:00 2001 From: Sebastian Kinzlinger Date: Tue, 17 Nov 2020 11:02:28 +0200 Subject: [PATCH 1/3] Update auth.ts Pass custom `reset_url` to `requestPasswordReset`. --- api/src/controllers/auth.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/api/src/controllers/auth.ts b/api/src/controllers/auth.ts index 94d86fd44c..89f253d3f1 100644 --- a/api/src/controllers/auth.ts +++ b/api/src/controllers/auth.ts @@ -175,9 +175,9 @@ router.post( }; const service = new UsersService({ accountability, schema: req.schema }); - + try { - await service.requestPasswordReset(req.body.email); + await service.requestPasswordReset(req.body.email, req.body.reset_url); } catch { // We don't want to give away what email addresses exist, so we'll always return a 200 // from this endpoint From ececd1e633db723b02061a119fb4b89876b13c58 Mon Sep 17 00:00:00 2001 From: Sebastian Kinzlinger Date: Tue, 17 Nov 2020 11:05:48 +0200 Subject: [PATCH 2/3] Update users.ts Use custom acceptUrl if present. Fallback to directus default url. --- api/src/services/users.ts | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/api/src/services/users.ts b/api/src/services/users.ts index 0fb7b1ae84..5158a785ef 100644 --- a/api/src/services/users.ts +++ b/api/src/services/users.ts @@ -125,13 +125,15 @@ export class UsersService extends ItemsService { } } - async requestPasswordReset(email: string) { + async requestPasswordReset(email: string, url: string) { const user = await this.knex.select('id').from('directus_users').where({ email }).first(); if (!user) throw new ForbiddenException(); const payload = { email, scope: 'password-reset' }; const token = jwt.sign(payload, env.SECRET as string, { expiresIn: '1d' }); - const acceptURL = env.PUBLIC_URL + '/admin/reset-password?token=' + token; + + let acceptURL = env.PUBLIC_URL + '/admin/reset-password?token=' + token + if(url && url !== '') acceptURL = url + '?token=' + token await sendPasswordResetMail(email, acceptURL); } From bbae89d63326ead1007aea8a60abe3f81c5cde0c Mon Sep 17 00:00:00 2001 From: rijkvanzanten Date: Wed, 16 Dec 2020 16:57:26 -0500 Subject: [PATCH 3/3] Minor code cleanup --- api/src/controllers/auth.ts | 4 ++-- api/src/services/users.ts | 7 +++---- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/api/src/controllers/auth.ts b/api/src/controllers/auth.ts index c666b996d9..05313e577e 100644 --- a/api/src/controllers/auth.ts +++ b/api/src/controllers/auth.ts @@ -167,9 +167,9 @@ router.post( }; const service = new UsersService({ accountability, schema: req.schema }); - + try { - await service.requestPasswordReset(req.body.email, req.body.reset_url); + await service.requestPasswordReset(req.body.email, req.body.reset_url || null); } catch { // We don't want to give away what email addresses exist, so we'll always return a 200 // from this endpoint diff --git a/api/src/services/users.ts b/api/src/services/users.ts index 7cb64d6482..192caac1f3 100644 --- a/api/src/services/users.ts +++ b/api/src/services/users.ts @@ -115,15 +115,14 @@ export class UsersService extends ItemsService { } } - async requestPasswordReset(email: string, url: string) { + async requestPasswordReset(email: string, url: string | null) { const user = await this.knex.select('id').from('directus_users').where({ email }).first(); if (!user) throw new ForbiddenException(); const payload = { email, scope: 'password-reset' }; const token = jwt.sign(payload, env.SECRET as string, { expiresIn: '1d' }); - - let acceptURL = env.PUBLIC_URL + '/admin/reset-password?token=' + token - if(url && url !== '') acceptURL = url + '?token=' + token + + const acceptURL = url ? `${url}?token=${token}` : `${env.PUBLIC_URL}/admin/reset-password?token=${token}`; await sendPasswordResetMail(email, acceptURL); }