Skip to content

Commit

Permalink
fix: use referer from headers for base url in password reset url (#4746)
Browse files Browse the repository at this point in the history
* fix: use referer or base url in password reset url

* clean up
  • Loading branch information
RogerHYang authored Sep 25, 2024
1 parent 0e6e1e8 commit 77675c9
Show file tree
Hide file tree
Showing 5 changed files with 13 additions and 26 deletions.
12 changes: 9 additions & 3 deletions src/phoenix/server/api/routers/auth.py
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@
import secrets
from datetime import datetime, timedelta, timezone
from functools import partial
from pathlib import Path
from urllib.parse import urlencode, urlparse, urlunparse

from fastapi import APIRouter, Depends, HTTPException, Request, Response
from sqlalchemy import select
Expand Down Expand Up @@ -29,10 +31,9 @@
set_refresh_token_cookie,
validate_password_format,
)
from phoenix.config import get_base_url, get_env_disable_rate_limit
from phoenix.config import get_base_url, get_env_disable_rate_limit, get_env_host_root_path
from phoenix.db import enums, models
from phoenix.server.bearer_auth import PhoenixUser, create_access_and_refresh_tokens
from phoenix.server.email.templates.types import PasswordResetTemplateBody
from phoenix.server.email.types import EmailSender
from phoenix.server.rate_limiters import ServerRateLimiter, fastapi_ip_rate_limiter
from phoenix.server.types import (
Expand Down Expand Up @@ -218,7 +219,12 @@ async def initiate_password_reset(request: Request) -> Response:
expiration_time=datetime.now(timezone.utc) + token_expiry,
)
token, _ = await token_store.create_password_reset_token(password_reset_token_claims)
await sender.send_password_reset_email(email, PasswordResetTemplateBody(token, get_base_url()))
url = urlparse(request.headers.get("referer") or get_base_url())
path = Path(get_env_host_root_path()) / "reset-password-with-token"
query_string = urlencode(dict(token=token))
components = (url.scheme, url.netloc, path.as_posix(), "", query_string, "")
reset_url = urlunparse(components)
await sender.send_password_reset_email(email, reset_url)
return Response(status_code=HTTP_204_NO_CONTENT)


Expand Down
7 changes: 2 additions & 5 deletions src/phoenix/server/email/sender.py
Original file line number Diff line number Diff line change
@@ -1,10 +1,7 @@
from dataclasses import asdict
from pathlib import Path

from fastapi_mail import ConnectionConfig, FastMail, MessageSchema

from phoenix.server.email.templates.types import PasswordResetTemplateBody

EMAIL_TEMPLATE_FOLDER = Path(__file__).parent / "templates"


Expand All @@ -15,12 +12,12 @@ def __init__(self, conf: ConnectionConfig) -> None:
async def send_password_reset_email(
self,
email: str,
values: PasswordResetTemplateBody,
reset_url: str,
) -> None:
message = MessageSchema(
subject="[Phoenix] Password Reset Request",
recipients=[email],
template_body=asdict(values),
template_body=dict(reset_url=reset_url),
subtype="html",
)
await self._fm.send_message(
Expand Down
5 changes: 1 addition & 4 deletions src/phoenix/server/email/templates/password_reset.html
Original file line number Diff line number Diff line change
Expand Up @@ -11,10 +11,7 @@
reset your password:
</p>
<p>
<a
id="reset-url"
href="{{ base_url }}reset-password-with-token?token={{ token }}"
>Reset Password</a
<a id="reset-url" href="{{ reset_url }}">Reset Password</a
>
</p>
<p>If you did not make this request, please contact your administrator.</p>
Expand Down
11 changes: 0 additions & 11 deletions src/phoenix/server/email/templates/types.py

This file was deleted.

4 changes: 1 addition & 3 deletions src/phoenix/server/email/types.py
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,10 @@

from typing import Protocol

from phoenix.server.email.templates.types import PasswordResetTemplateBody


class EmailSender(Protocol):
async def send_password_reset_email(
self,
email: str,
values: PasswordResetTemplateBody,
reset_url: str,
) -> None: ...

0 comments on commit 77675c9

Please sign in to comment.