4 лет назад · f65edc322e
--- a/src/server/models/password-reset-order.js
+++ b/src/server/models/password-reset-order.js
@@ -34,7 +34,7 @@ class PasswordResetOrder {
 
				 
			
 
				     const passwordResetOrderData = await this.create({ token, email });
			
 
				 
			
 
				-    return passwordResetOrderData;
			
 
				+    return { passwordResetOrderData };
			
 
				   }
			
 
				 
			
 
				   isExpired() {
			
--- a/src/server/routes/forgot-password.js
+++ b/src/server/routes/forgot-password.js
@@ -3,7 +3,7 @@ const ApiResponse = require('../util/apiResponse');
 
				 
			
 
				 module.exports = function(crowi, app) {
			
 
				   const PasswordResetOrder = crowi.model('PasswordResetOrder');
			
 
				-  const { /* appService, */ mailService, configManager } = crowi;
			
 
				+  const { appService, mailService, configManager } = crowi;
			
 
				   const path = require('path');
			
 
				   const actions = {};
			
 
				   const api = {};
			
@@ -18,17 +18,17 @@ module.exports = function(crowi, app) {
 
				   };
			
 
				 
			
 
				 
			
 
				-  async function sendPasswordResetEmail(email, i18n) {
			
 
				+  async function sendPasswordResetEmail(email, url, i18n) {
			
 
				     return mailService.send({
			
 
				       to: email,
			
 
				       subject: 'Password Reset',
			
 
				       template: path.join(crowi.localeDir, `${i18n}/notifications/passwordReset.txt`),
			
 
				       // TODO: need to set appropriate values by GW-6828
			
 
				-      // vars: {
			
 
				-      //   appTitle: appService.getAppTitle(),
			
 
				-      //   email: 'hoge@gmail.com',
			
 
				-      //   url: 'https://www.google.com/',
			
 
				-      // },
			
 
				+      vars: {
			
 
				+        appTitle: appService.getAppTitle(),
			
 
				+        email,
			
 
				+        url,
			
 
				+      },
			
 
				     });
			
 
				   }
			
 
				 
			
@@ -36,10 +36,13 @@ module.exports = function(crowi, app) {
 
				     const { email } = req.body;
			
 
				     const grobalLang = configManager.getConfig('crowi', 'app:globalLang');
			
 
				     const i18n = req.language || grobalLang;
			
 
				+    const appUrl = appService.getSiteUrl();
			
 
				 
			
 
				     try {
			
 
				-      await PasswordResetOrder.createPasswordResetOrder(email);
			
 
				-      await sendPasswordResetEmail(email, i18n);
			
 
				+      const { passwordResetOrderData } = await PasswordResetOrder.createPasswordResetOrder(email);
			
 
				+      const url = new URL(`/forgot-password/token?${passwordResetOrderData.token}`, appUrl);
			
 
				+      const oneTimeUrl = url.href;
			
 
				+      await sendPasswordResetEmail(email, oneTimeUrl, i18n);
			
 
				       return res.json(ApiResponse.success());
			
 
				     }
			
 
				     catch (err) {
			
--- a/src/server/routes/index.js
+++ b/src/server/routes/index.js
@@ -179,7 +179,7 @@ module.exports = function(crowi, app) {
 
				   app.get('/forgot-password', forgotPassword.forgotPassword);
			
 
				   app.post('/_api/forgot-password', forgotPassword.api.post);
			
 
				   // TODO: apply oneTimeToken to the link by GW−6856
			
 
				-  app.get('/forgot-password/hogeToken', forgotPassword.resetPassword);
			
 
				+  app.get('/forgot-password/:token', forgotPassword.resetPassword);
			
 
				 
			
 
				   app.get('/share/:linkId', page.showSharedPage);