Skip to content

style: reset password contents #32

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
hib4 merged 7 commits into from
May 22, 2025
Merged

style: reset password contents #32

hib4 merged 7 commits into from
May 22, 2025

Conversation

@hib4
Copy link
Member

@hib4 hib4 commented May 22, 2025

No description provided.

@hib4 hib4 self-assigned this May 22, 2025
@hib4 hib4 merged commit f3a0af5 into dev May 22, 2025
@github-actions
Copy link

github-actions bot commented May 22, 2025

PR Code Suggestions ✨

Explore these optional code suggestions:

CategorySuggestion                                                                                                                                    Impact
Possible issue
Ensure unique question order

You have two questions with order: 4 in the PROFILE state, which will collide in
ordering. Increment the file question’s order to 5 to ensure unique sequencing.

functions/src/utils/fake_data_populator.ts [151-155]

 q = {
   id: faker.string.uuid(),
-  order: 4,
+  order: 5,
   state: APPLICATION_STATES.PROFILE,
   text: "Profile Photo",
Suggestion importance[1-10]: 6

__

Why: Two questions in the PROFILE state both use order: 4, which will collide; bumping the file question to 5 maintains unique sequencing.

Low
General
Add alias for reset endpoint

Renaming the endpoint may break existing clients still calling /request-reset. Add
the old route as an alias to maintain backward compatibility during transition.

functions/src/routes/auth.ts [15]

+router.post("/request-reset", requestPasswordReset);
 router.post("/reset-password", requestPasswordReset);
Suggestion importance[1-10]: 6

__

Why: Introducing the old /request-reset route alongside /reset-password preserves backward compatibility and avoids breaking existing clients.

Low
Security
Encode reset link URL

If link contains unsafe characters it may break the HTML or introduce injection.
Wrap it with encodeURI to ensure it’s properly escaped in the href.

functions/src/controllers/auth_controller.ts [450]

-<a href="${link}" style="background-color: #4299e1; color: white; padding: 12px 24px; text-decoration: none; border-radius: 6px; display: inline-block; font-weight: bold; margin-bottom: 25px;">Reset Password</a>
+<a href="${encodeURI(link)}" style="background-color: #4299e1; color: white; padding: 12px 24px; text-decoration: none; border-radius: 6px; display: inline-block; font-weight: bold; margin-bottom: 25px;">Reset Password</a>
Suggestion importance[1-10]: 5

__

Why: Wrapping link with encodeURI ensures the URL is properly escaped and helps prevent injection or formatting issues, though risk is low for internal links.

Low

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@hib4 hib4

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@hib4 @jasukej