Contrib.social

Provide a decoupled way to get the one time login token

Open on Drupal.org →
Created on 13 May 2023, about 2 years ago

Problem/Motivation

Currently, the module let to edit the password via PasswordUpdate, which ask the hash and timestamp.
However, the email link sent by PasswordReset is the core, hardcoded, to the back-end, thus making impossible to do all the flow only in the front-end

Feature request
Status

Active

Version

1.0

Component

Code

Created by

🇮🇹Italy Giuseppe87

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @Giuseppe87
  • Comment about 2 years ago
    🇮🇹Italy Giuseppe87

    Attached a patch which provides the functionality.

    It adds a submodule, jsonapi_user_resources_one_time_login.

    It essentially provides a token, with the same logic of the user module, but without building the entire Drupal's reset password route url.

    It also add an alternative to the code user reset_password mail, where is possible to use the token as a partial data of a front-end url.
    I went with this implementation because there's is not (or at least I couldn't find) good hook\event to use to insert (or replace) the new token in the standard email. user_mail_tokens() is a good starting point to check that.

    I had to to remove the final from PasswordResetSubscriber in order to decorate it in the submodule.

  • Comment 9 months ago
    🇮🇳India jaykainthola

    I reviewed the patch and it was not taking the `Frontend url` to build the user reset password URL and the subject was not set for mail properly.

    I have updated the patch.

  • Comment 9 months ago
    🇮🇳India jaykainthola

    I missed the update for the final class in PasswordResetSubscriber

  • Comment 9 months ago
    🇮🇳India jaykainthola
  • Comment 9 months ago
    🇮🇳India jaykainthola
contrib.social Blog FAQ Discussions
Production build 0.71.5 2024