refs #5762 Securify fix for recovery url
gitea/salix/pipeline/head This commit looks good Details

This commit is contained in:
Juan Ferrer 2023-08-02 09:29:09 +02:00
parent 125d908c5d
commit 3e8bb221e0
1 changed files with 11 additions and 3 deletions

View File

@ -98,14 +98,22 @@ module.exports = function(Self) {
const headers = httpRequest.headers; const headers = httpRequest.headers;
const origin = headers.origin; const origin = headers.origin;
const defaultHash = '/reset-password?access_token=$token$';
const recoverHashes = {
hedera: 'verificationToken=$token$'
};
// FIXME: Change with: info.options?.app
const app = info.options?.directory;
let recoverHash = app ? recoverHashes[app] : defaultHash;
recoverHash = recoverHash.replace('$token$', info.accessToken.id);
const user = await Self.app.models.VnUser.findById(info.user.id); const user = await Self.app.models.VnUser.findById(info.user.id);
let directory = info.options?.directory ?? '/#!/reset-password?access_token=$token$';
directory = directory.replace('$token$', info.accessToken.id);
const params = { const params = {
recipient: info.email, recipient: info.email,
lang: user.lang, lang: user.lang,
url: origin + directory url: origin + '/#!' + recoverHash
}; };
const options = Object.assign({}, info.options); const options = Object.assign({}, info.options);