Invalid Link in the Rainlab User RecoverPassword Mails

Need Help
#1

Rainlab Users: v3.2.0
OctoberCMS: 3.7.6

I am currently overriding the Rainlab User Components to add some more functionality, but I am a bit confused here.

The task I struggle with is fixing the broken links in the recover password emails, they start with the “?..” instead of a full link.

In order to assure that it’s not my component, I tested the original component but it also had only the url parameters instead of the full link. So… did I do something wrong or is this a bug?

What did I afterwards:

1) Vanilla Theme
First I checked the example theme to see how the original component is used:

The password reset email is send from the authentication component and I see the parameter “resetPage” here. So I checked out the component, but it only has the parameters “rememberMe”, “twoFactorAuth” and “recoverPassword”. “resetPage” does not appear in the Authentiation component nor in the ActionRecoverPassword trait, so I wonder if this is correct or some legacy parameters.

2) Doku
I also checked out the documentation:

It doesnt tell anything about the Authentication component, but I remember testing it and this code didnt work for me:
return $this->account->onLogin();
As far as I remember it told me that onLogin() does not work on null obviously, and I also dont see and I dont see any property called “account” in the Authentication component or the ActionLogin trait, so I wonder if this is up to date as well.

3) Further Research
I had similar problems with the registrationEmail and the activationEmail - I have build a workaround to restore the missing “activate account” functionality.

I found this thread:

I used the sendEmailVerificationNotification in combination with setUrlForEmailVerification for my account activation and similar methods for the registration, but this here will not work for password reset:

        $user->setUrlForPasswordReset(Cms::pageUrl($this->restorePage));
        $user->sendPasswordResetNotification($missingToken);

The problem: sendPasswordResetNotification($token) required a token, ok, so lets check out where the token normally come from and I ended up in Illuminate\Auth\Passwords\PasswordBroker.php / sendResetLink()

…and this is the part where I got compleatly lost…

I also saw that sendPasswordResetNotification() used Cms::entryUrl('resetPassword'), but since I extended the component, this fallback is not useable for me.

Honestly I dont have any idea left what I can do to fix this.

I would like to extend the Authentication component for additional logic and still have the links in the password restore emails to work. No idea how I can fix this, so any help is welcome :slight_smile:

#2

…I found a solution and it is so extremly easy that I had to laugh: I just adjusted the email template in the backend:

# Hello {{ first_name }}

You are receiving this email because we received a password recovery request for your account. If you did not perform this request, you can safely ignore this email.

{% set fullUrl =  config('app.url') ~ '/restore' ~ url %}

{% partial 'button' url=fullUrl body %}
Reset Password
{% endpartial %}

This password reset link will expire in {{ count }} minutes.

{% partial 'subcopy' body %}
If you're having trouble clicking the button, copy the URL below into your browser.

<span class="break-all">{{ fullUrl|raw }}</span>
{% endpartial %}

BUT: Still I think this is a bug in the default password recovery template:

If I reset the email layout AND use the default password recovery, onle the url parameters arrive and NOT the full url: ?reset=d4e34........&email=info@...

For daft: Please have a look if I am wrong here, but I think this needs a fix. ^^

#3

If it needs a fix, you are welcome to submit a PR for review with your suggestion. I’m not sure I can determine what needs fixing from here, easily. The code repo is here: GitHub - rainlab/user-plugin: Front-end user management.