Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-6996

The register email URL in the self registration service can't be a relative path

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 12.0.0, 13.0.0
    • Fix Version/s: 12.0.3, 13.0.0
    • Component/s: rest
    • Labels:
      None

      Description

      When using the register endpoint: http://openam.forgerock.org/openam-documentation/openam-doc-source/doc/webhelp/dev-guide/rest-api-self-registration.html

      curl \
       --request POST \
       --header "Content-Type: application/json" \
       --data \
       '{
         "email": "newuser@example.com",
         "subject": "Confirm registration with OpenAM",
         "message": "Follow this link to confirm your registration"
       }' \
       https://openam.example.com:8443/openam/json/users?_action=register
      {}
      

      The URL still use the deployment of the header:

                  StringBuilder deploymentURL = RestUtils.getFullDeploymentURI(header.getPath());
      

      Should use

                      String baseURL = baseURLProviderFactory.get(realm).getURL(header);
      

      and also do the same than for forgotten password:

      if (confURL == null || confURL.isEmpty()) {
                          confURLBuilder.append(baseURL).append("/json/confirmation/forgotPassword");
                      } else if(confURL.startsWith("/")) {
                          confURLBuilder.append(baseURL).append(confURL);
                      }  else {
                          confURLBuilder.append(confURL);
                      }
      

      =>

                  if (StringUtils.isBlank(confURL)) {
                      confURLBuilder.append(deploymentURL.append("/json/confirmation/register").toString());
                   } else if(confURL.startsWith("/")) {
                          confURLBuilder.append(baseURL).append(confURL);
                   } else {
                      confURLBuilder.append(confURL);
                  }
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                quentin.castel Quentin CASTEL [X] (Inactive)
                Reporter:
                quentin.castel Quentin CASTEL [X] (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: