fix(server):give higher preference to redirect_uri

While using forgot_password redirect URI was ignored if not present Resolves #275
2022-10-24 11:15:36 +05:30 · 2022-10-24 11:15:36 +05:30 · e690066652
commit e690066652
parent 6e09307c22
2 changed files with 18 additions and 13 deletions
--- a/server/resolvers/forgot_password.go
+++ b/server/resolvers/forgot_password.go
@ -62,12 +62,12 @@ func ForgotPasswordResolver(ctx context.Context, params model.ForgotPasswordInpu
 		log.Debug("Failed to generate nonce: ", err)
 		return res, err
 	}
-	redirectURL := parsers.GetAppURL(gc)
+	redirectURI := parsers.GetAppURL(gc)
 	if strings.TrimSpace(refs.StringValue(params.RedirectURI)) != "" {
-		redirectURL = refs.StringValue(params.RedirectURI)
+		redirectURI = refs.StringValue(params.RedirectURI)
 	}

-	verificationToken, err := token.CreateVerificationToken(params.Email, constants.VerificationTypeForgotPassword, hostname, nonceHash, redirectURL)
+	verificationToken, err := token.CreateVerificationToken(params.Email, constants.VerificationTypeForgotPassword, hostname, nonceHash, redirectURI)
 	if err != nil {
 		log.Debug("Failed to create verification token", err)
 		return res, err
@ -78,7 +78,7 @@ func ForgotPasswordResolver(ctx context.Context, params model.ForgotPasswordInpu
 		ExpiresAt:   time.Now().Add(time.Minute * 30).Unix(),
 		Email:       params.Email,
 		Nonce:       nonceHash,
-		RedirectURI: redirectURL,
+		RedirectURI: redirectURI,
 	})
 	if err != nil {
 		log.Debug("Failed to add verification request", err)
@ -89,7 +89,7 @@ func ForgotPasswordResolver(ctx context.Context, params model.ForgotPasswordInpu
 	go email.SendEmail([]string{params.Email}, constants.VerificationTypeForgotPassword, map[string]interface{}{
 		"user":             user.ToMap(),
 		"organization":     utils.GetOrganization(),
-		"verification_url": utils.GetForgotPasswordURL(verificationToken, hostname),
+		"verification_url": utils.GetForgotPasswordURL(verificationToken, hostname, redirectURI),
 	})

 	res = &model.Response{
--- a/server/utils/common.go
+++ b/server/utils/common.go
@ -81,17 +81,22 @@ func GetOrganization() map[string]interface{} {
 }

 // GetForgotPasswordURL to get url for given token and hostname
-func GetForgotPasswordURL(token, hostname string) string {
-	resetPasswordUrl, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyResetPasswordURL)
-	if err != nil {
-		return ""
-	}
-	if resetPasswordUrl == "" {
-		if err := memorystore.Provider.UpdateEnvVariable(constants.EnvKeyResetPasswordURL, hostname+"/app/reset-password"); err != nil {
+func GetForgotPasswordURL(token, hostname, redirectURI string) string {
+	resetPasswordURL := redirectURI
+
+	if resetPasswordURL == "" {
+		resetPasswordURL, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyResetPasswordURL)
+		if err != nil {
 			return ""
 		}
+		if resetPasswordURL == "" {
+			if err := memorystore.Provider.UpdateEnvVariable(constants.EnvKeyResetPasswordURL, hostname+"/app/reset-password"); err != nil {
+				return ""
+			}
+		}
 	}
-	verificationURL := resetPasswordUrl + "?token=" + token
+
+	verificationURL := resetPasswordURL + "?token=" + token
 	return verificationURL
 }