fix(server):give higher preference to redirect_uri

lakhansamani · lakhansamani · commit e6900666527e · 2022-10-24T11:15:36.000+05:30
While using forgot_password redirect URI was ignored if not present Resolves #275
diff --git a/server/resolvers/forgot_password.go b/server/resolvers/forgot_password.go
@@ -62,12 +62,12 @@ func ForgotPasswordResolver(ctx context.Context, params model.ForgotPasswordInpu
 		log.Debug("Failed to generate nonce: ", err)
 		return res, err
 	}
-	redirectURL := parsers.GetAppURL(gc)
+	redirectURI := parsers.GetAppURL(gc)
 	if strings.TrimSpace(refs.StringValue(params.RedirectURI)) != "" {
-		redirectURL = refs.StringValue(params.RedirectURI)
+		redirectURI = refs.StringValue(params.RedirectURI)
 	}
 
-	verificationToken, err := token.CreateVerificationToken(params.Email, constants.VerificationTypeForgotPassword, hostname, nonceHash, redirectURL)
+	verificationToken, err := token.CreateVerificationToken(params.Email, constants.VerificationTypeForgotPassword, hostname, nonceHash, redirectURI)
 	if err != nil {
 		log.Debug("Failed to create verification token", err)
 		return res, err
@@ -78,7 +78,7 @@ func ForgotPasswordResolver(ctx context.Context, params model.ForgotPasswordInpu
 		ExpiresAt:   time.Now().Add(time.Minute * 30).Unix(),
 		Email:       params.Email,
 		Nonce:       nonceHash,
-		RedirectURI: redirectURL,
+		RedirectURI: redirectURI,
 	})
 	if err != nil {
 		log.Debug("Failed to add verification request", err)
@@ -89,7 +89,7 @@ func ForgotPasswordResolver(ctx context.Context, params model.ForgotPasswordInpu
 	go email.SendEmail([]string{params.Email}, constants.VerificationTypeForgotPassword, map[string]interface{}{
 		"user":             user.ToMap(),
 		"organization":     utils.GetOrganization(),
-		"verification_url": utils.GetForgotPasswordURL(verificationToken, hostname),
+		"verification_url": utils.GetForgotPasswordURL(verificationToken, hostname, redirectURI),
 	})
 
 	res = &model.Response{
diff --git a/server/utils/common.go b/server/utils/common.go
@@ -81,17 +81,22 @@ func GetOrganization() map[string]interface{} {
 }
 
 // GetForgotPasswordURL to get url for given token and hostname
-func GetForgotPasswordURL(token, hostname string) string {
-	resetPasswordUrl, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyResetPasswordURL)
-	if err != nil {
-		return ""
-	}
-	if resetPasswordUrl == "" {
-		if err := memorystore.Provider.UpdateEnvVariable(constants.EnvKeyResetPasswordURL, hostname+"/app/reset-password"); err != nil {
+func GetForgotPasswordURL(token, hostname, redirectURI string) string {
+	resetPasswordURL := redirectURI
+
+	if resetPasswordURL == "" {
+		resetPasswordURL, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyResetPasswordURL)
+		if err != nil {
 			return ""
 		}
+		if resetPasswordURL == "" {
+			if err := memorystore.Provider.UpdateEnvVariable(constants.EnvKeyResetPasswordURL, hostname+"/app/reset-password"); err != nil {
+				return ""
+			}
+		}
 	}
-	verificationURL := resetPasswordUrl + "?token=" + token
+
+	verificationURL := resetPasswordURL + "?token=" + token
 	return verificationURL
 }
 
