From d789ca6b4071d9e952fbbeb90e48c6d4eaac8bec Mon Sep 17 00:00:00 2001
From: Manuel <5673677+mtrezza@users.noreply.github.com>
Date: Wed, 3 Mar 2021 00:53:02 +0100
Subject: [PATCH] Fix password reset, email verification for custom endpoint
 (#7236)

* fixed incorrect endpoint for password reset and email verification

* added tests
---
 spec/PagesRouter.spec.js | 79 +++++++++++++++++++++++++++++++++++++++-
 src/Config.js            | 12 +++++-
 2 files changed, 88 insertions(+), 3 deletions(-)

diff --git a/spec/PagesRouter.spec.js b/spec/PagesRouter.spec.js
index 6a22657ba7..01ab1a97d7 100644
--- a/spec/PagesRouter.spec.js
+++ b/spec/PagesRouter.spec.js
@@ -63,7 +63,7 @@ describe('Pages Router', () => {
       expect(response.status).toBe(200);
     });
 
-    it('responds with 404 if publicServerURL is not confgured', async () => {
+    it('responds with 404 if publicServerURL is not configured', async () => {
       await reconfigureServer({
         appName: 'unused',
         pages: { enableRouter: true },
@@ -971,5 +971,82 @@ describe('Pages Router', () => {
         expect(response.text).toBe('Not found.');
       });
     });
+
+    describe('custom endpoint', () => {
+      it('password reset works with custom endpoint', async () => {
+        config.pages.pagesEndpoint = 'customEndpoint';
+        await reconfigureServer(config);
+        const sendPasswordResetEmail = spyOn(
+          config.emailAdapter,
+          'sendPasswordResetEmail'
+        ).and.callThrough();
+        const user = new Parse.User();
+        user.setUsername('exampleUsername');
+        user.setPassword('examplePassword');
+        user.set('email', 'mail@example.com');
+        await user.signUp();
+        await Parse.User.requestPasswordReset(user.getEmail());
+
+        const link = sendPasswordResetEmail.calls.all()[0].args[0].link;
+        const linkResponse = await request({
+          url: link,
+          followRedirects: false,
+        });
+        expect(linkResponse.status).toBe(200);
+
+        const appId = linkResponse.headers['x-parse-page-param-appid'];
+        const token = linkResponse.headers['x-parse-page-param-token'];
+        const username = linkResponse.headers['x-parse-page-param-username'];
+        const publicServerUrl = linkResponse.headers['x-parse-page-param-publicserverurl'];
+        const passwordResetPagePath = pageResponse.calls.all()[0].args[0];
+        expect(appId).toBeDefined();
+        expect(token).toBeDefined();
+        expect(username).toBeDefined();
+        expect(publicServerUrl).toBeDefined();
+        expect(passwordResetPagePath).toMatch(new RegExp(`\/${pages.passwordReset.defaultFile}`));
+        pageResponse.calls.reset();
+
+        const formUrl = `${publicServerUrl}/${config.pages.pagesEndpoint}/${appId}/request_password_reset`;
+        const formResponse = await request({
+          url: formUrl,
+          method: 'POST',
+          body: {
+            token,
+            username,
+            new_password: 'newPassword',
+          },
+          headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+          followRedirects: false,
+        });
+        expect(formResponse.status).toEqual(200);
+        expect(pageResponse.calls.all()[0].args[0]).toContain(
+          `/${pages.passwordResetSuccess.defaultFile}`
+        );
+      });
+
+      it('email verification works with custom endpoint', async () => {
+        config.pages.pagesEndpoint = 'customEndpoint';
+        await reconfigureServer(config);
+        const sendVerificationEmail = spyOn(
+          config.emailAdapter,
+          'sendVerificationEmail'
+        ).and.callThrough();
+        const user = new Parse.User();
+        user.setUsername('exampleUsername');
+        user.setPassword('examplePassword');
+        user.set('email', 'mail@example.com');
+        await user.signUp();
+
+        const link = sendVerificationEmail.calls.all()[0].args[0].link;
+        const linkResponse = await request({
+          url: link,
+          followRedirects: false,
+        });
+        expect(linkResponse.status).toBe(200);
+
+        const pagePath = pageResponse.calls.all()[0].args[0];
+        expect(pagePath).toMatch(new RegExp(`\/${pages.emailVerificationSuccess.defaultFile}`));
+      });
+    });
   });
 });
diff --git a/src/Config.js b/src/Config.js
index 0dacc5cbe0..6bf70e10d3 100644
--- a/src/Config.js
+++ b/src/Config.js
@@ -451,7 +451,7 @@ export class Config {
   }
 
   get requestResetPasswordURL() {
-    return `${this.publicServerURL}/apps/${this.applicationId}/request_password_reset`;
+    return `${this.publicServerURL}/${this.pagesEndpoint}/${this.applicationId}/request_password_reset`;
   }
 
   get passwordResetSuccessURL() {
@@ -466,7 +466,15 @@ export class Config {
   }
 
   get verifyEmailURL() {
-    return `${this.publicServerURL}/apps/${this.applicationId}/verify_email`;
+    return `${this.publicServerURL}/${this.pagesEndpoint}/${this.applicationId}/verify_email`;
+  }
+
+  // TODO: Remove this function once PagesRouter replaces the PublicAPIRouter;
+  // the (default) endpoint has to be defined in PagesRouter only.
+  get pagesEndpoint() {
+    return this.pages && this.pages.enableRouter && this.pages.pagesEndpoint
+      ? this.pages.pagesEndpoint
+      : 'apps';
   }
 }