Bug #102516
closed
felogin sends invalid password recovery link via email
0%
Description
After submitting the password recovery form, I receive an email including a password recovery link. The link mentioned in the email is a relative and not an absolute link. The Protocol and the domain is missing. Specificall the following link is stated:
/log= in?tx_felogin_login%5Baction%5D=3DshowChangePassword&tx_felogin_login%5Bcon= troller%5D=3DPasswordRecovery&tx_felogin_login%5Bhash%5D=3D1700969245%7Cf70= c2a8f5427ac8fff33c95c73204511e9678abc
After copying this relative link to the browser and adding the domain before it is working perfectly fine. What makes it quite confusing is, that in the email footer of the recovery email includes the correct name of the website and the correct absolute domain. Specificall, it looks like this:
This email was sent by SITE_TITLE from URL: http://MYDOMAIN.de/ - Please contact your site administrator if you feel you received this email by accident.So I tried some debugging
- RecoveryService.php:141, TYPO3\CMS\FrontendLogin\Service\RecoveryService->prepareMail(): the $url beeing generated is a relative and not an absolute url
- UriBuilder.php:697, TYPO3\CMS\Extbase\Mvc\Web\Routing\UriBuilder->buildFrontendUri(): forceAbsoluteUrl was set to true
- UriBuilder.php:699, TYPO3\CMS\Extbase\Mvc\Web\Routing\UriBuilder->buildFrontendUri(): no abslute uri scheme is given (it is null) $this->absoluteUriScheme
Can anyone help me out? I am happy to provide any further information.
Files
Updated by Torben Hansen 6 months ago
- Status changed from New to Needs Feedback
Can you please check in your Site-Configuration, that the Entry Point (base) is set to a valid domain name including schema. If you just use / as base, the UriBuilder cam not create valid links.
You should also verify, if the problem occurs with the default template PasswordRecovery.html for the password recovery function.
Updated by Marvin Müller 6 months ago
- File current_setup.png current_setup.png added
Hi Torben,
thanks for your hints. It seems to go into the right direction. You are totally right: My base is currently defined by a slash only. Nevertheless, I have entered multiple baseVariants in my site config. I have attached my current configuration as a screenshot - I just replaced the original domain name by 'mydomain' and made two minor typo3 backend css modifications to get a better screenshot.
What I have already tried: I replaced the slash of the base with the current domain - Than it was working perfectly fine and an absolute link was written in the password recovery email. Nevertheless I assume it should also work with the base variants somehow? Or how should the site config look like for using different/multiple domains?
Last remark regarding the email template: I use the pure default template, I did not manage to customize it. I tried to overwrite the Template directory, but it is not working and in the end I gave up. Overwriting the FrontEnd template directory worked fine, but overwriting the email template directory is not working. That is what I have tried:
# FE Template (working fine) plugin.tx_felogin_login.view.templateRootPaths.10 = EXT:MyExtension/Resources/Private/Templates/ # Email Template (not working) plugin.tx_felogin_login.settings.email.templateRootPaths.10 = EXT:MyExtension/Resources/Private/Email/Templates/
Thanks for you help
Marvin
Updated by Torben Hansen 6 months ago
AFAIK TYPO3 will use the default base for production context. Regarding all other base variants I currently have no idea what could be wrong, but in general this works and has nothing to do with ext:felogin. But using / as base will cause problems as described in the site configuration.
Updated by Marvin Müller 6 months ago
- Priority changed from Should have to -- undefined --
long story short, there seems to be some an issue with the site config. Specifically, with the base its base variants - the conditions of the base variants are not working as expected.
I have solved it by now with some more general base definition in the site config:
base: "%env('REQUEST_SCHEME')%://%env('HTTP_HOST')%/"
From my point of view this issue can be closed.
Updated by Torben Hansen 6 months ago
- Status changed from Needs Feedback to Closed
Thanks for your feedback. I'm closing the issue as requested.