fix: use token_hash with /auth/confirm route for password reset link
All checks were successful
Staging Build / build (push) Successful in 2m36s

This commit is contained in:
DanielS
2026-06-25 00:54:10 +02:00
parent 5652ce1098
commit 69c8e8e5c1

View File

@@ -85,10 +85,12 @@ export async function resetPassword(email: string) {
});
if (error) throw error;
const linkData = data as any;
let resetLink = linkData?.properties?.action_link || linkData?.action_link || linkData?.link || '';
if (!resetLink) throw new Error('Reset link not generated');
// Fix: replace localhost URLs with actual site URL
resetLink = resetLink.replace(/http:\/\/localhost:\d+/g, process.env.NEXT_PUBLIC_SITE_URL || 'https://staging.hephex.de');
// Extract token_hash from the generated link properties
const tokenHash = linkData?.properties?.hashed_token;
if (!tokenHash) throw new Error('Recovery token not generated');
// Build link pointing to our own /auth/confirm route
const siteUrl = process.env.NEXT_PUBLIC_SITE_URL || 'https://staging.hephex.de';
const resetLink = `${siteUrl}/auth/confirm?token_hash=${tokenHash}&type=recovery&next=/auth/update-password`;
await sendMail({
to: email,
subject: 'Passwort zurücksetzen',