lingthio / Flask-User

Customizable User Authorization & User Management: Register, Confirm, Login, Change username/password, Forgot password and more.
http://flask-user.readthedocs.io/
MIT License
1.06k stars 293 forks source link

HTTPS scheme in email links #172

Open ncrocfer opened 7 years ago

ncrocfer commented 7 years ago

Hello,

Do you know a simple way to force all links generated in emails from http:// to https:// please ?

For example when I receive the "Forgot password" email, the link is take from the reset_password_link variable.

This variable is generated in the send_reset_password_email() function, but the the _scheme argument is not customizable.

Did I miss something or this feature does not exists yet please ?

carrete commented 7 years ago

From https://gitlab.com/tvaughan/docker-flask-starterkit/blob/master/flask-app/starterkit/app.py

from functools import partial

def _wrap_uwsgi_app(wsgi_app, environ, start_response):
    environ['wsgi.url_scheme'] = 'https'
    return wsgi_app(environ, start_response)

app.wsgi_app = partial(_wrap_uwsgi_app, app.wsgi_app)
lingthio commented 7 years ago

Hmmm. {{ reset_password_link }} is generated with flask.url_for(..., _external=True), which uses the scheme of the current request. So if the page that generates the link is using https (e.g. https://user/forgot-password), then the reset_password_link should start with https://.

Are you using https:// throughout your website?

Ling