TryGhost/Ghost
1
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2024-12-28 21:33:24 +03:00
Code Issues Projects Releases Wiki Activity

Fixed truncated URL for password reset email (#11827)

Browse Source 
no issue

- shows the full URL instead of a truncated link in password reset email body. This is required for security and usability reasons (copy/paste)
This commit is contained in:
Peter Zimon 2020-05-20 09:22:37 +02:00 committed by GitHub
parent 1f5b031bfa
commit c2470bcddb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 2 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
core/server/services/auth/passwordreset.js
View File

@ -123,12 +123,10 @@ async function sendResetNotification(data, mailAPI) {
const adminUrl = urlUtils.urlFor('admin', true); const adminUrl = urlUtils.urlFor('admin', true);
const resetToken = security.url.encodeBase64(data.resetToken); const resetToken = security.url.encodeBase64(data.resetToken);
const resetUrl = urlUtils.urlJoin(adminUrl, 'reset', resetToken, '/'); const resetUrl = urlUtils.urlJoin(adminUrl, 'reset', resetToken, '/');
const resetLink = urlUtils.urlJoin(adminUrl, 'reset', `${resetToken.slice(0, 5)}...`);
const content = await mail.utils.generateContent({ const content = await mail.utils.generateContent({
data: { data: {
resetUrl, resetUrl
resetLink
}, },
template: 'reset-password' template: 'reset-password'
}); });

2
core/server/services/mail/templates/reset-password.html
View File

@ -23,7 +23,7 @@
<!-- START OF EMAIL CONTENT --> <!-- START OF EMAIL CONTENT -->
<p style="color: #808284; font-family: sans-serif; font-size: 15px; font-weight: normal; line-height: 1.5em; margin: 0; padding: 0 0 1.5em 0;"><strong>Hey there!</strong></p> <p style="color: #808284; font-family: sans-serif; font-size: 15px; font-weight: normal; line-height: 1.5em; margin: 0; padding: 0 0 1.5em 0;"><strong>Hey there!</strong></p>
<p style="color: #808284; font-family: sans-serif; font-size: 15px; font-weight: normal; line-height: 1.5em; margin: 0; padding: 0 0 1.5em 0;">You can use this link to create a new password for your account on <strong>{{siteTitle}}</strong>:</p> <p style="color: #808284; font-family: sans-serif; font-size: 15px; font-weight: normal; line-height: 1.5em; margin: 0; padding: 0 0 1.5em 0;">You can use this link to create a new password for your account on <strong>{{siteTitle}}</strong>:</p>
<p style="color: #808284; font-family: sans-serif; font-size: 15px; font-weight: normal; line-height: 1.5em; margin: 0; padding: 0 0 1.5em 0;"><a href="{{resetUrl}}" style="color: #5ba4e5;">{{resetLink}}</a></p> <p style="color: #808284; font-family: sans-serif; font-size: 15px; font-weight: normal; line-height: 1.5em; margin: 0; padding: 0 0 1.5em 0; word-break: break-all;"><a href="{{resetUrl}}" style="color: #5ba4e5;">{{resetUrl}}</a></p>
<p style="color: #808284; font-family: sans-serif; font-size: 15px; font-weight: normal; line-height: 1.5em; margin: 0; padding: 0 0 1.5em 0;">If you have any trouble, you should contact your site administrator for help.</p> <p style="color: #808284; font-family: sans-serif; font-size: 15px; font-weight: normal; line-height: 1.5em; margin: 0; padding: 0 0 1.5em 0;">If you have any trouble, you should contact your site administrator for help.</p>
<!-- END OF EMAIL CONTENT --> <!-- END OF EMAIL CONTENT -->