Details
-
Type:
Bug
-
Status: Closed
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 2.0.2
-
Fix Version/s: 2.0.2
-
Component/s: None
-
Labels:None
-
Environment:
All
-
Sprint:Sprint 3 - 2.0.2
Description
An issue has arisen (spurred by activation e-mail generation) that may (effectively) require an onboarding step.
Essentially, we need a way to provide a canonical base URL for the environment in order to build activation e-mail links. Currently, this is being assembled as:
https:// [realm name] [client request URL (including port)] [/reseller?uuid=nnn&token=mmm]
A few issues crop up here – we don't have HTTPS available through the dev/integration and QA environments (though this could potentially be corrected). Using the request URL to form the link presents a potential security concern in terms of redirecting activation clicks by a malicious user, though this is a fairly low-risk scenario. Utilizing the ".admaxlocal.com" domain as a static suffix suffers from not being futureproof, and relying on development configurations (hosts files, etc) to avoid potentially interacting with production platforms.
I don't see an easy way out of this other than a reseller or system property which manually defines a canonical base URL for accessing the environment.
