Remove Domain/IP from Password Reset Link to custom Global Setting (#11379)

Co-authored-by: Davi Torres <dtorres@simnet.ca> Co-authored-by: Suresh Kumar Anaparti <sureshkumar.anaparti@gmail.com>
2025-10-26 08:42:29 +01:00 · 2025-08-31 05:22:33 -04:00 · 2025-08-31 05:22:33 -04:00 · 9184170b01
commit 9184170b01
parent 3c4f458819
2 changed files with 10 additions and 4 deletions
--- a/server/src/main/java/org/apache/cloudstack/user/UserPasswordResetManager.java
+++ b/server/src/main/java/org/apache/cloudstack/user/UserPasswordResetManager.java
@ -65,6 +65,11 @@ public interface UserPasswordResetManager {
            "Password for SMTP server for sending emails for resetting password for ACS users",
            false, ConfigKey.Scope.Global);

+    ConfigKey<String> UserPasswordResetDomainURL = new ConfigKey<>(ConfigKey.CATEGORY_ADVANCED,
+            String.class, "user.password.reset.mail.domain.url", null,
+            "Domain URL for reset password links sent to the user via email", true,
+            ConfigKey.Scope.Global);
+
    void setResetTokenAndSend(UserAccount userAccount);

    boolean validateAndResetPassword(UserAccount user, String token, String password);
--- a/server/src/main/java/org/apache/cloudstack/user/UserPasswordResetManagerImpl.java
+++ b/server/src/main/java/org/apache/cloudstack/user/UserPasswordResetManagerImpl.java
@ -48,7 +48,6 @@ import java.util.Map;
 import java.util.Set;
 import java.util.UUID;

-import static org.apache.cloudstack.config.ApiServiceConfiguration.ManagementServerAddresses;
 import static org.apache.cloudstack.resourcedetail.UserDetailVO.PasswordResetToken;
 import static org.apache.cloudstack.resourcedetail.UserDetailVO.PasswordResetTokenExpiryDate;

@ -69,7 +68,7 @@ public class UserPasswordResetManagerImpl extends ManagerBase implements UserPas
            new ConfigKey<>(ConfigKey.CATEGORY_ADVANCED, String.class,
            "user.password.reset.mail.template", "Hello {{username}}!\n" +
            "You have requested to reset your password. Please click the following link to reset your password:\n" +
-            "http://{{{resetLink}}}\n" +
+            "{{{domainUrl}}}{{{resetLink}}}\n" +
            "If you did not request a password reset, please ignore this email.\n" +
            "\n" +
            "Regards,\n" +
@ -95,6 +94,7 @@ public class UserPasswordResetManagerImpl extends ManagerBase implements UserPas
                UserPasswordResetSMTPUseAuth,
                UserPasswordResetSMTPUsername,
                UserPasswordResetSMTPPassword,
+                UserPasswordResetDomainURL,
                PasswordResetMailTemplate
        };
    }
@ -173,9 +173,10 @@ public class UserPasswordResetManagerImpl extends ManagerBase implements UserPas
        final String email = userAccount.getEmail();
        final String username = userAccount.getUsername();
        final String subject = "Password Reset Request";
+        final String domainUrl = UserPasswordResetDomainURL.value();

-        String resetLink = String.format("%s/client/#/user/resetPassword?username=%s&token=%s",
-                ManagementServerAddresses.value().split(",")[0], username, resetToken);
+        String resetLink = String.format("/client/#/user/resetPassword?username=%s&token=%s",
+                username, resetToken);
        String content = getMessageBody(userAccount, resetToken, resetLink);

        SMTPMailProperties mailProperties = new SMTPMailProperties();