We spotted an issue in the registration process using the method to send a password reset link that is currently implemented.
If the user reads the mail not immediately, but a day or two after the mail was sent, the token in the reset link of self-service-password is invalid (this is a security feature).
I found out that calling the self-service-password url and appending the login (in our case mailadress) as an argument via http-get works quite well. The user clicks the link in his welcome mail and triggers the reset link on his own.
Therefore I suggest we introduce a tag in our mail text that is auomatically replaced by the url and the appended mail adress of the user.
(If you trust me, I may implement the feature in a separate branch by myself)
We spotted an issue in the registration process using the method to send a password reset link that is currently implemented.
If the user reads the mail not immediately, but a day or two after the mail was sent, the token in the reset link of self-service-password is invalid (this is a security feature).
I found out that calling the self-service-password url and appending the login (in our case mailadress) as an argument via http-get works quite well. The user clicks the link in his welcome mail and triggers the reset link on his own.
Therefore I suggest we introduce a tag in our mail text that is auomatically replaced by the url and the appended mail adress of the user.
(If you trust me, I may implement the feature in a separate branch by myself)