|
32 | 32 | use Pimcore\Logger; |
33 | 33 | use Pimcore\Model\User; |
34 | 34 | use Pimcore\Security\SecurityHelper; |
| 35 | +use Pimcore\SystemSettingsConfig; |
35 | 36 | use Pimcore\Tool; |
36 | 37 | use Pimcore\Tool\Authentication; |
37 | 38 | use Scheb\TwoFactorBundle\Security\TwoFactor\Provider\Google\GoogleAuthenticatorInterface; |
|
44 | 45 | use Symfony\Component\RateLimiter\RateLimiterFactory; |
45 | 46 | use Symfony\Component\Routing\Annotation\Route; |
46 | 47 | use Symfony\Component\Routing\Generator\UrlGeneratorInterface; |
| 48 | +use Symfony\Component\Routing\RouterInterface; |
47 | 49 | use Symfony\Component\Security\Core\Exception\AuthenticationException; |
48 | 50 | use Symfony\Component\Security\Core\Security; |
49 | 51 | use Symfony\Component\Security\Core\User\UserInterface; |
@@ -194,7 +196,13 @@ public function loginCheckAction(Request $request): RedirectResponse |
194 | 196 | /** |
195 | 197 | * @Route("/login/lostpassword", name="pimcore_admin_login_lostpassword") |
196 | 198 | */ |
197 | | - public function lostpasswordAction(Request $request, CsrfProtectionHandler $csrfProtection, Config $config, RateLimiterFactory $resetPasswordLimiter): Response |
| 199 | + public function lostpasswordAction( |
| 200 | + Request $request, |
| 201 | + CsrfProtectionHandler $csrfProtection, |
| 202 | + Config $config, |
| 203 | + RateLimiterFactory $resetPasswordLimiter, |
| 204 | + RouterInterface $router |
| 205 | + ): Response |
198 | 206 | { |
199 | 207 | $params = $this->buildLoginPageViewParams($config); |
200 | 208 | $error = null; |
@@ -226,12 +234,20 @@ public function lostpasswordAction(Request $request, CsrfProtectionHandler $csrf |
226 | 234 | if (!$error) { |
227 | 235 | $token = Authentication::generateTokenByUser($user); |
228 | 236 |
|
229 | | - $loginUrl = $this->generateUrl('pimcore_admin_login_check', [ |
230 | | - 'token' => $token, |
231 | | - 'reset' => 'true', |
232 | | - ], UrlGeneratorInterface::ABSOLUTE_URL); |
233 | | - |
234 | 237 | try { |
| 238 | + $domain = SystemSettingsConfig::get()['general']['domain']; |
| 239 | + if (!$domain) { |
| 240 | + throw new \Exception('No main domain set in system settings, unable to generate reset password link'); |
| 241 | + } |
| 242 | + |
| 243 | + $context = $router->getContext(); |
| 244 | + $context->setHost($domain); |
| 245 | + |
| 246 | + $loginUrl = $this->generateUrl('pimcore_admin_login_check', [ |
| 247 | + 'token' => $token, |
| 248 | + 'reset' => 'true', |
| 249 | + ], UrlGeneratorInterface::ABSOLUTE_URL); |
| 250 | + |
235 | 251 | $event = new LostPasswordEvent($user, $loginUrl); |
236 | 252 | $this->eventDispatcher->dispatch($event, AdminEvents::LOGIN_LOSTPASSWORD); |
237 | 253 |
|
|
0 commit comments