reactioncommerce
Support Dynamic Password Reset URL
Resolves #6838 Impact: minor Type: feature
Issue
The authentication plugin generates a password reset email with a hardcoded URL.
Solution
Instead of hardcoding the URL, we can parametrize it by introducing a password reset path fragment environmental variable like PASSWORD_RESET_PATH_FRAGMENT and turn the password reset URL into:
${STORE_URL}/${PASSWORD_RESET_PATH_FRAGMENT}${token}
If we provide the default value of this env var to be ?resetToken=, it will support backward compatibility.
Technically we can set the STORE_URL to a more specific route like http://localhost:4000/password-reset that will evaluate to an URL, but the name of the variable doesn't imply that it will be only used in the password reset scenario. That's why I think it's a better idea to add additional configurable fragment to provide flexibility.
Breaking changes
None. The default value of the newly proposed environmental variable provides backward compatibility.
Testing
- Set up Opencommerce with a working email client.
- Set up the
PASSWORD_RESET_PATH_FRAGMENTto a desired path - Call the
sendResetAccountPasswordEmailfor an existing account. - Validate that the password reset URL in the received email matches the desired format.
🦋 Changeset detected
Latest commit: cd2f570a9cd1b2f4f7ff72ba484d9ce65d074da0
The changes in this PR will be included in the next version bump.
This PR includes changesets to release 2 packages
| Name | Type |
|---|---|
| @reactioncommerce/api-plugin-authentication | Minor |
| reaction | Patch |
Not sure what this means? Click here to learn what changesets are.
Click here if you're a maintainer who wants to add another changeset to this PR
![changeset-bot[bot] avatar](https://avatars.githubusercontent.com/in/28616?v=4 "Published by a pub.dev verified publisher"){kind=small}