Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Forgot password email has link corrupted #1586

Open
federicovilla opened this issue Jul 7, 2024 · 4 comments
Open

Forgot password email has link corrupted #1586

federicovilla opened this issue Jul 7, 2024 · 4 comments

Comments

@federicovilla
Copy link
Contributor

federicovilla commented Jul 7, 2024
edited
Loading

Hi, in my project I'm using Ion Auth 3.
Forgotten password email is sent correctly by the script...but the email has an anchor not working ... I get the following error if I try to click on link to set a new password (using a custom email template ):
The URI you submitted has disallowed characters.

uri_error

If I use the email template included in the downloaded package, I get an email with no link at all ...here you are the sourcee of the received email.
Thanks a lot for any hint or help and sorry for my bad english.
`
Return-Path: [email protected]
Delivered-To: [email protected]
Received: from srv.hdedi-xlogic3000.org
by srv.hdedi-xlogic3000.org with LMTP
id iMKXHdRAimYTRAAA29GO/Q
(envelope-from [email protected])
for [email protected]; Sun, 07 Jul 2024 09:16:36 +0200
Return-path: [email protected]
Envelope-to: [email protected]
Delivery-date: Sun, 07 Jul 2024 09:16:36 +0200
Received: from [159.69.73.219] (port=47522 helo=gavs.it)
by srv.hdedi-xlogic3000.org with esmtpsa (TLS1.3) tls TLS_AES_256_GCM_SHA384
(Exim 4.97.1)
(envelope-from [email protected])
id 1sQM8S-00000000AVI-1sbf
for [email protected];
Sun, 07 Jul 2024 09:16:36 +0200
Date: Sun, 7 Jul 2024 09:16:36 +0200
From: "GAVS.it" [email protected]
To: [email protected]
Subject: =?UTF-8?Q?GAVS.it=20-=20Verifica=20il=20cambio=20password=20dimenticata?=
Reply-To: [email protected]
User-Agent: CodeIgniter
X-Sender: [email protected]
X-Mailer: CodeIgniter
X-Priority: 3 (Normal)
Message-ID: [email protected]
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="B_ALT_668a40d465a2b"

--B_ALT_668a40d465a2b
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Reimposta Password per
Si prega di cliccare su questo collegamento per Reimposta la tua Password.

--B_ALT_668a40d465a2b
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Reimposta Password per

Si prega di cliccare su = questo collegamento per Reimposta la tua Password<=3D /a>.

--B_ALT_668a40d465a2b--
`
@avenirer
Copy link
Contributor

avenirer commented Jul 7, 2024

In the URL I see you have a space before the string... f=%20... Maybe it's from that?

@federicovilla
Copy link
Contributor Author

federicovilla commented Jul 7, 2024
edited
Loading

Hi Adrian, nice to meet you again! Thanks a lot for your feedback and for taking time to check this issue.
The weird thing is that the url is built using the Ben code, with the forgot code got from the db... the code is the following:
`if ($data = $this->ion_auth->forgotten_password($identity->{$this->config->item('identity', 'ion_auth')}))
{
// Custom email
$this->load->library('email');
$this->email->clear();

// Set email config
$config['protocol']  = 'smtp';
$config['smtp_host'] = 'ssl://xxxxxxxxxxxx.it';
$config['smtp_port'] = '465';
$config['smtp_user'] = '[email protected]';
$config['smtp_pass'] = 'xxxxxxxxx';
$config['mailtype']  = 'html';
$config['charset']   = 'utf-8';
$config['wordwrap']  = TRUE;
$config['newline']   = "\r\n";

$this->email->initialize($config);

$message = $this->load->view('_email/forgot_password.tpl.php', $data, TRUE);
	
$this->email->from($this->config->item('admin_email', 'ion_auth'), $this->config->item('site_title', 'ion_auth'));
$this->email->to($this->input->post('identity'));
$this->email->subject($this->config->item('site_title', 'ion_auth') . ' - ' . $this->lang->line('email_forgotten_password_subject'));
$this->email->message($message);

if ($this->email->send())	{
	$this->session->set_flashdata('success', $this->ion_auth->messages());
	redirect("nuovo/auth/forgot", 'refresh');
}

}
else
{
$this->session->set_flashdata('warning', $this->ion_auth->errors());
redirect("nuovo/auth/forgot", 'refresh');
}`

Maybe CI 3 has corrupted the url paramenter?

@avenirer
Copy link
Contributor

avenirer commented Jul 7, 2024

Hello. Haven't opened a CodeIgniter project for a long time. In order to test, maybe you should take a look at the configuration for urls:

public string $permittedURIChars = 'a-z 0-9~%.:_\-';

Just in order to test, you could set an empty string there, and see if it works. Afterwards, you should see what characters you should allow for this (maybe $)

@federicovilla
Copy link
Contributor Author

Hi Adrian, thanks a lot for your time and for your hint. I did the suggested test ... but it didn't fix the issue. The url in email is quite weird...since it looks like the following one:
<a href=3D"http=3D s://gavs.= it/admini/auth/reset_password/5210d32522693403aff4.49b2b2108fe29=3D dc8a882= 8ac18e49e529e36e7d69e7941ae12a37a61c2a1a5888c8b293649c06e5a4">Re=3D imposta = la tua Password</a>

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@avenirer @federicovilla