Details
-
Enhancement
-
Status: Closed
-
Should
-
Resolution: Fixed
-
None
-
None
Description
During development of the "reset password" feature implemented in TRUNK-5425, a new Global Property as added, with a property name of "host.url". The comment on this GP in OpenmrsConstants is that this is a "Global property that stores the base url for the application.", however this is not accurate.
The only place within the application where this host url GP appears to be used is in the UserServiceImpl method, which attempts to take this value of this global property, perform a replacement of an
{activationKey} placeholder with a generated activation key, and then add this as the link that a user should go to in order to reset their password.So in practice, in order to use this feature effectively, one would need to program this global property with something like:
```https://myserver/context/path/to/resetPassword.page?activationKey={activationKey}
```
Which is not the "base url for the application".
The easiest thing to do here would be to rename the global property used by the reset password feature to "security.passwordResetUrl", and probably deprecate the "host.url" global property. We should also copy over any existing value from host.url to security.passwordResetUrl. If not, we should at least update the comment and the description of this global property to ensure it's usage is clear.
dkayiwa / burke copying you both for thoughts since you were involved with the original creation of this feature.
mogoodrich FYI
Gliffy Diagrams
Attachments
Issue Links
- mentioned in
-
Page Loading...
