search

Flask-Middleware / flask-security

Quick and simple security for Flask applications
MIT License
624 stars 155 forks source link

Reset password link returns 404 #932

Closed kevinkoech357 closed 4 months ago

kevinkoech357 commented 4 months ago

The forgot-password form is functional, but the link it sends via email appears to be broken.

Request URL:
http://127.0.0.1:5000/reset-password?token=WyIzZTc3M2MyZDExYTE0OTRlYmY5ZWVmMDE2MGRhNGMzZSIsIiQ1JHJvdW5kcz01MzUwMDAkeGw2ZEJ2SE10d2xHYW9jaSQxeGJoQzlEU3pFeXJWN085blVES0FWbFhzRzJNb25FZEY2V1VGaC5oVVBCIl0.ZdorpA.A0SwsXY-7JifTDwWaZmbS1ONbZw
Request Method:
GET
Status Code:
404 NOT FOUND
Remote Address:
127.0.0.1:5000
Referrer Policy:
strict-origin-when-cross-origin

I note the route is /reset-password?token and not /reset?token based on the documentation and comments on the reset_password function in views.py.

jwag956 commented 4 months ago

WIth the default configuration the reset_url is /reset - and the email link should be /reset/ Not sure where you are getting ?token=xxxx from.

Would need more of your config and what the email looks like.

kevinkoech357 commented 4 months ago

I just figured I had an error in my config file. Fixed that and now it works flawlessly. Thank you.