Univention Bugzilla – Full Text Bug Listing |
Summary: | token-request: the host name in the link for an email should be changeable via UCRV | ||
---|---|---|---|
Product: | UCS | Reporter: | Daniel Tröder <troeder> |
Component: | Self Service | Assignee: | Daniel Tröder <troeder> |
Status: | CLOSED FIXED | QA Contact: | Florian Best <best> |
Severity: | enhancement | ||
Priority: | P5 | CC: | damrose, gohmann, grandjean, stephan.hendl, thorp-hansen, troeder, walkenhorst |
Version: | UCS 4.1 | ||
Target Milestone: | UCS 4.1-0-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
What kind of report is it?: | --- | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: |
Description
Daniel Tröder
2015-11-26 08:56:46 CET
Requested at Ticket#2015112721000424 A UCRV umc/self-service/passwordreset/email/webserver_address with the FQDN of the backend as default if empty was added. It is used for the string replacement of "link" and "tokenlink" on the mail text: # ucr set umc/self-service/passwordreset/email/webserver_address=www.front.de --------------------------------------------------- [..] To change your password please follow this link: https://www.front.de/univention-self-service/?token=3Dr7pzQvem8QKNreM59YdVC= RGxD8k4SESSczDcqDjWcWdTEUnuAocEvXAU6EXrZNKZ&username=3Dtest2#passwordreset If the link does not work, you can go to https://www.front.de/univention-self-service/#passwordreset [..] --------------------------------------------------- Commit: 66109 Build: 1.0.3-4.51.201512041149 The UCR-Variable works. But it's not possible to change the scheme to http. The value is also not validated against invalid chars. Would it be better to make the complete URI configurable via UCR? Then it would also be possible to define a jump-back address. Also: is the template "email_body.txt" thought to be configurable by the cusomers? Then it may be better to change this into a UCR template? Otherwise package updates will overwrite locally modified versions of it. (In reply to Florian Best from comment #3) > The UCR-Variable works. But it's not possible to change the scheme to http. I don't think that would advisable. IMO we should even deny a request for it, but let's first see if someone does need it. > The value is also not validated against invalid chars. It's a UCR set by the Administrator... checked now: 66134, 66135 > Would it be better to > make the complete URI configurable via UCR? Then it would also be possible > to define a jump-back address. jump-back where to? > Also: is the template "email_body.txt" thought to be configurable by the > cusomers? Then it may be better to change this into a UCR template? > Otherwise package updates will overwrite locally modified versions of it. No. Admins should copy it, and point umc/self-service/passwordreset/email/text_file to their modification. There is a separate Bug #40047 to make to allow multiple languages. (In reply to Daniel Tröder from comment #4) > (In reply to Florian Best from comment #3) > > The UCR-Variable works. But it's not possible to change the scheme to http. > I don't think that would advisable. IMO we should even deny a request for > it, but let's first see if someone does need it. OK > > The value is also not validated against invalid chars. > It's a UCR set by the Administrator... checked now: 66134, 66135 Well, that wasn't even necessary. But okay. > > Would it be better to > > make the complete URI configurable via UCR? Then it would also be possible > > to define a jump-back address. > jump-back where to? There are parameters ?url=&urlLabel= but they probably doesn't make sense there. > > Also: is the template "email_body.txt" thought to be configurable by the > > cusomers? Then it may be better to change this into a UCR template? > > Otherwise package updates will overwrite locally modified versions of it. > No. Admins should copy it, and point > umc/self-service/passwordreset/email/text_file to their modification. > There is a separate Bug #40047 to make to allow multiple languages. OK (In reply to Florian Best from comment #5) > > > The value is also not validated against invalid chars. > > It's a UCR set by the Administrator... checked now: 66134, 66135 > Well, that wasn't even necessary. But okay. Reverted in 66153 to allow ports and paths. |