Mercurial > gemma

changeset 557:009171c1485c

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Password reset: Generate right URLs for the server if we are behind a proxy.
author Sascha L. Teichmann <sascha.teichmann@intevation.de>
date Mon, 03 Sep 2018 17:24:50 +0200
parents 09d8e5483851
children b3baa2a98f55
files pkg/controllers/pwreset.go
diffstat 1 files changed, 11 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/pkg/controllers/pwreset.go	Mon Sep 03 14:21:31 2018 +0200
+++ b/pkg/controllers/pwreset.go	Mon Sep 03 17:24:50 2018 +0200
@@ -238,6 +238,15 @@
 	return misc.SendMail(email, "Password Reset Link", body)
 }
 
+// host checks if we are behind a proxy and returns the name
+// of the up-front server.
+func host(req *http.Request) string {
+	if fwd := req.Header.Get("X-Forwarded-Host"); fwd != "" {
+		return fwd
+	}
+	return req.Host
+}
+
 func passwordResetRequest(
 	input interface{},
 	req *http.Request,
@@ -250,7 +259,7 @@
 		if err := backgroundRequest(https, host, user); err != nil {
 			log.Printf("error: %v\n", err)
 		}
-	}(useHTTPS(req), req.Host, input.(*models.PWResetUser))
+	}(useHTTPS(req), host(req), input.(*models.PWResetUser))
 
 	// Send a neutral message to avoid being an user oracle.
 	const neutralMessage = "If this account exists, a reset link will be mailed."
@@ -298,7 +307,7 @@
 			_, err = conn.ExecContext(ctx, deleteRequestSQL, hash)
 			return err
 		}); err == nil {
-		body := changedMessageBody(useHTTPS(req), user, password, req.Host)
+		body := changedMessageBody(useHTTPS(req), user, password, host(req))
 		if err = misc.SendMail(email, "Password Reset Done", body); err == nil {
 			jr.Result = &struct {
 				SendTo string `json:"send-to"`