WSO2 Identity Server {password-reset-link}

Question

I am following: https://docs.wso2.com/display/IS500/Recover+with+Notification

Everything is working up until sendRecoveryNotification().

I can send a password reset email, but the email just has "{password-reset-link}" written literally, rather than the URL defined in targetEpr with confirmation key appended.

The {key} tag is also written literally in the email so I am unable to build the link manually (I was expecting that it might output the confirmation key).

There does not appear to be anything useful in the logs.

Anyone had this problem before?

Answer 1

I have not seen this, but there must be an issue with your userParameters context

org.wso2.carbon.identity.mgt.mail.DefaultEmailSendingModule.replacePlaceHolders() has this code:

public static String replacePlaceHolders(String text, Map<String, String> userParameters) {

    if (userParameters != null) {
        for (Map.Entry<String, String> entry : userParameters.entrySet()) {
            String key = entry.getKey();
            if (key != null && entry.getValue() != null) {
                text = text.replaceAll("\\{" + key + "\\}", entry.getValue());
            }
        }         }

    return text;
}

so if the token isn't replaced, it must not have been in the userParameters passed in.

That may be a help...

Also, there the reset email template is FUBAR and will not work as sent in the product.

The link in the email template is this: http://localhost:[PORT]/InfoRecoverySample/infoRecover/verify?confirmation={confirmation-code}

A correct reset link that works must have the {user-name} token also:

http://localhost:[PORT]/InfoRecoverySample/infoRecover/verify?confirmation={confirmation-code}&username={user-name}

Yes, it took a use with WSO2 to get that. I asked this be fixed in the release product