site LoginController.getResetPasswordUrl has a bug
Posted: Mon Dec 10, 2012 6:14 pm
The trailing "/" in the first line added to scheme causes subsequent call getResetPasswordPort to fail to determine the scheme which is either http or https, but never be http/ or https/:
The consequence is that if you are running site on port other than 80/443, the generated password reset Url won't work. Removing the trailing "/" in scheme fixes the problem.
Thanks.
-Charlie
Code: Select all
@Override
public String getResetPasswordUrl(HttpServletRequest request) {
String url = request.getScheme() + "://" + request.getServerName() + getResetPasswordPort(request, request.getScheme() + "/");
if (request.getContextPath() != null && ! "".equals(request.getContextPath())) {
url = url + request.getContextPath() + "/login/resetPassword";
} else {
url = url + "/login/resetPassword";
}
return url;
}
public String getResetPasswordPort(HttpServletRequest request, String scheme) {
if ("http".equalsIgnoreCase(scheme) && request.getServerPort() != 80) {
return ":" + request.getServerPort();
} else if ("https".equalsIgnoreCase(scheme) && request.getServerPort() != 443) {
return ":" + request.getServerPort();
}
return ""; // no port required
}
The consequence is that if you are running site on port other than 80/443, the generated password reset Url won't work. Removing the trailing "/" in scheme fixes the problem.
Thanks.
-Charlie