search

janko / rodauth-rails

Rails integration for Rodauth authentication framework
https://github.com/jeremyevans/rodauth
MIT License
571 stars 40 forks source link

`config.action_mailer.default_url_options` is being ignored when setting token_link in verify_account email #63

Closed amdest closed 2 years ago

amdest commented 2 years ago

Hi,

I've got a Rails app in API mode. When I set a config.action_mailer.default_url_options in Rails environment file — it's being ignored during email generation, specifically when app generates a verify account email with a verification token link.

Example:

# config/environments/development.rb
# app runs on localhost:3000 

...
config.action_mailer.default_url_options = { host: '127.0.0.1', port: '8080' }
...

and in account verification email I still get a http://localhost:3000/verify-account?key=a8b59ebd-bc3e-4f53-9dbb-52283ae328ce_p6wyObT2QMUvdKG0ExhUmnbdvhPPaM9FZLtwX_i9WGY

Is this an expected behavior for API-only app?

Thank you.

janko commented 2 years ago

The rodauth:install generator configures the Action Mailer integration to pass full URLs as method arguments, which doesn't take config.action_mailer.default_url_options into account, but uses the URL options of the current request. This enables the mailer not to have to instantiate a Rodauth instance when background jobs are used, and figure out which methods to call.

Do you have a situation where you want to use URL options for email links that doesn't match the current URL? I'm guessing that's a valid use case. It would probably be possible to rewrite mailers in a way where they only receive the account ID, and use it to create a rodauth instance via Rodauth::Rails.rodauth, which is configured with config.action_mailer.default_url_options.

amdest commented 2 years ago

Thanks for quick reply, Janko!

Do you have a situation where you want to use URL options for email links that doesn't match the current URL?

Yes, I'm using a SPA frontend, which has a hostname that's different from backend's. And backend is configured to take JSON-only requests.

So, when user receives a (default, which is totally fine for my case) verification email and clicks a link in a message — the app can't verify account, as it needs a JSON request, not a GET. To make my setup work as I want I need an email with a link to a frontend hostname, which user follows by clicking and then frontend extracts the key and forwards it to a rodauth backend endpoint with a JSON request.

I think it's a common case for such a setups, so it would be great to have some default implementation for mailers in API-only mode, as You've said.

Thanks!