From 3e8bb221e036e66add3b0b09a107d489ec0ad526 Mon Sep 17 00:00:00 2001
From: Juan Ferrer Toribio <juan@verdnatura.es>
Date: Wed, 2 Aug 2023 09:29:09 +0200
Subject: [PATCH] refs #5762 Securify fix for recovery url

---
 back/models/vn-user.js | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/back/models/vn-user.js b/back/models/vn-user.js
index 163649718..3e4a08b6e 100644
--- a/back/models/vn-user.js
+++ b/back/models/vn-user.js
@@ -98,14 +98,22 @@ module.exports = function(Self) {
         const headers = httpRequest.headers;
         const origin = headers.origin;
 
+        const defaultHash = '/reset-password?access_token=$token$';
+        const recoverHashes = {
+            hedera: 'verificationToken=$token$'
+        };
+
+        // FIXME: Change with: info.options?.app
+        const app = info.options?.directory;
+        let recoverHash = app ? recoverHashes[app] : defaultHash;
+        recoverHash = recoverHash.replace('$token$', info.accessToken.id);
+
         const user = await Self.app.models.VnUser.findById(info.user.id);
-        let directory = info.options?.directory ?? '/#!/reset-password?access_token=$token$';
-        directory = directory.replace('$token$', info.accessToken.id);
 
         const params = {
             recipient: info.email,
             lang: user.lang,
-            url: origin + directory
+            url: origin + '/#!' + recoverHash
         };
 
         const options = Object.assign({}, info.options);