get token from params directory

src/server/middlewares/password-reset.js

@@ -2,17 +2,15 @@ module.exports = (crowi, app) => {
   const PasswordResetOrder = crowi.model('PasswordResetOrder');
 
   return async(req, res, next) => {
-    const token = req.query.value;
+    const { token } = req.params;
 
-    const passwordResetOrder = await PasswordResetOrder.findOne({ token });
-
-    if (passwordResetOrder == null) {
+    if (token == null) {
       return res.redirect('/login');
     }
 
-
+    const passwordResetOrder = await PasswordResetOrder.findOne({ token });
     // check the oneTimeToken is valid
-    if (token == null || passwordResetOrder.isExpired()) {
+    if (passwordResetOrder == null || passwordResetOrder.isExpired()) {
       return res.redirect('/login');
     }
 

src/server/routes/forgot-password.js

@@ -38,7 +38,7 @@ module.exports = function(crowi, app) {
 
     try {
       const passwordResetOrderData = await PasswordResetOrder.createPasswordResetOrder(email);
-      const url = new URL(`/forgot-password/token?value=${passwordResetOrderData.token}`, appUrl);
+      const url = new URL(`/forgot-password/${passwordResetOrderData.token}`, appUrl);
       const oneTimeUrl = url.href;
       await sendPasswordResetEmail(email, oneTimeUrl, i18n);
       return res.json(ApiResponse.success());