From 9da18d06970e5fd8b85112b5c0162017fcfe09ee Mon Sep 17 00:00:00 2001 From: AndyButland Date: Tue, 6 Sep 2016 08:42:53 +0200 Subject: [PATCH] Used configurable application URL when constructing password reset link --- .../Editors/AuthenticationController.cs | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/src/Umbraco.Web/Editors/AuthenticationController.cs b/src/Umbraco.Web/Editors/AuthenticationController.cs index 426adcf02f..14dbdac1d4 100644 --- a/src/Umbraco.Web/Editors/AuthenticationController.cs +++ b/src/Umbraco.Web/Editors/AuthenticationController.cs @@ -215,7 +215,7 @@ namespace Umbraco.Web.Editors if (user != null && user.IsLockedOut == false) { var code = await UserManager.GeneratePasswordResetTokenAsync(identityUser.Id); - var callbackUrl = ConstuctCallbackUrl(identityUser.Id, code); + var callbackUrl = ConstructCallbackUrl(identityUser.Id, code); var message = Services.TextService.Localize("resetPasswordEmailCopyFormat", //Ensure the culture of the found user is used for the email! @@ -233,12 +233,11 @@ namespace Umbraco.Web.Editors return Request.CreateResponse(HttpStatusCode.OK); } - private string ConstuctCallbackUrl(int userId, string code) + private string ConstructCallbackUrl(int userId, string code) { - //get an mvc helper to get the url + // Get an mvc helper to get the url var http = EnsureHttpContext(); var urlHelper = new UrlHelper(http.Request.RequestContext); - var action = urlHelper.Action("ValidatePasswordResetCode", "BackOffice", new { @@ -247,12 +246,10 @@ namespace Umbraco.Web.Editors r = code }); - //TODO: Virtual path? - - return string.Format("{0}://{1}{2}", - http.Request.Url.Scheme, - http.Request.Url.Host + (http.Request.Url.Port == 80 ? string.Empty : ":" + http.Request.Url.Port), - action); + // Construct full URL using configured application URL (which will fall back to request) + var applicationUri = new Uri(ApplicationContext.UmbracoApplicationUrl); + var callbackUri = new Uri(applicationUri, action); + return callbackUri.ToString(); } ///