Invalid Link in the Rainlab User RecoverPassword Mails

LordRazen · December 20, 2024, 9:57am

Rainlab Users: v3.2.0
OctoberCMS: 3.7.6

I am currently overriding the Rainlab User Components to add some more functionality, but I am a bit confused here.

The task I struggle with is fixing the broken links in the recover password emails, they start with the “?..” instead of a full link.

In order to assure that it’s not my component, I tested the original component but it also had only the url parameters instead of the full link. So… did I do something wrong or is this a bug?

What did I afterwards:

1) Vanilla Theme
First I checked the example theme to see how the original component is used:

github.com

rainlab/vanilla-theme/blob/master/pages/account/login.htm

##
url = "/account/login"
layout = "default"
title = "Account Login"
description = "Sign in, registration and account management."

[authentication]
resetPage = "account/password"
rememberMe = "ask"

[session]
security = "guest"
redirect = "account/index"

[resources]
vars[activeNavLink] = 'account'
==
<div class="page-account">
    <div class="py-4">
        <main class="form-login m-auto">

This file has been truncated. show original

The password reset email is send from the authentication component and I see the parameter “resetPage” here. So I checked out the component, but it only has the parameters “rememberMe”, “twoFactorAuth” and “recoverPassword”. “resetPage” does not appear in the Authentiation component nor in the ActionRecoverPassword trait, so I wonder if this is correct or some legacy parameters.

2) Doku
I also checked out the documentation:

It doesnt tell anything about the Authentication component, but I remember testing it and this code didnt work for me:
return $this->account->onLogin();
As far as I remember it told me that onLogin() does not work on null obviously, and I also dont see and I dont see any property called “account” in the Authentication component or the ActionLogin trait, so I wonder if this is up to date as well.

3) Further Research
I had similar problems with the registrationEmail and the activationEmail - I have build a workaround to restore the missing “activate account” functionality.

I found this thread:

I used the sendEmailVerificationNotification in combination with setUrlForEmailVerification for my account activation and similar methods for the registration, but this here will not work for password reset:

        $user->setUrlForPasswordReset(Cms::pageUrl($this->restorePage));
        $user->sendPasswordResetNotification($missingToken);

The problem: sendPasswordResetNotification($token) required a token, ok, so lets check out where the token normally come from and I ended up in Illuminate\Auth\Passwords\PasswordBroker.php / sendResetLink()

…and this is the part where I got compleatly lost…

I also saw that sendPasswordResetNotification() used Cms::entryUrl('resetPassword'), but since I extended the component, this fallback is not useable for me.

Honestly I dont have any idea left what I can do to fix this.

I would like to extend the Authentication component for additional logic and still have the links in the password restore emails to work. No idea how I can fix this, so any help is welcome