You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, when a user tries to reset their password, an email is sent with a link that leads to a page where the user can redefine its password. However, this link uses the first value of the host configuration as the Management Server's domain. For some environments, it may not be interesting to expose the Management Server's IP in the URL.
In order to fix this, the Management Server's domain definition workflow was refactored. Now, the request's domain is obtained. Then, GUI themes whose common names match the request's domain are fetched (being the common name a wildcard or the domain itself). If a theme is found, the request's domain is used for the password reset link.
Nevertheless, if no theme is found, the value of the user.password.reset.mail.domain.url global configuration is obtained. If the configuration has a defined value, it is used as the email's domain. But, if no value is defined, the current behavior is maintained and the first IP address of the host configuration is used.
With the refactoring, logs were also added to the domain selection process, allowing an easier troubleshooting process.
Types of changes
Breaking change (fix or feature that would cause existing functionality to change)
New feature (non-breaking change which adds functionality)
Bug fix (non-breaking change which fixes an issue)
Enhancement (improves an existing feature and functionality)
Cleanup (Code refactoring and cleanup, that may add test cases)
Build/CI
Test (unit or integration test code)
Feature/Enhancement Scale or Bug Severity
Feature/Enhancement Scale
Major
Minor
Screenshots (if appropriate):
How Has This Been Tested?
Without any GUI theme and the user.password.reset.mail.domain.url set as null, I requested a password reset link. Then, I validated that the host configuration first IP was used, and the right protocol and port were set automatically.
Management's IP test
2026-05-21 11:26:24,195 DEBUG [o.a.c.u.UserPasswordResetManagerImpl] (qtp1845623216-27:[ctx-20e31090]) (logid:dded0813) Searching for GUI theme with common name that matches the request's domain: [192.168.122.200]
2026-05-21 11:26:24,196 DEBUG [o.a.c.u.UserPasswordResetManagerImpl] (qtp1845623216-27:[ctx-20e31090]) (logid:dded0813) No GUI theme was found with a common name that matches the request's domain.
2026-05-21 11:26:24,198 DEBUG [o.a.c.u.UserPasswordResetManagerImpl] (qtp1845623216-27:[ctx-20e31090]) (logid:dded0813) Using the first IP address in the [host] configuration for the reset password email domain because the [user.password.reset.mail.domain.url] configuration is not defined.
Then, I set the user.password.reset.mail.domain.url configuration to another domain and requested a new password reset link. After checking the email, It was possible to observe that the configuration's value was used.
Configuration test
2026-05-21 11:32:42,926 DEBUG [o.a.c.u.UserPasswordResetManagerImpl] (qtp1845623216-369:[ctx-90b4d491]) (logid:cfe79631) Searching for GUI theme with common name that matches the request's domain: [192.168.122.200]
2026-05-21 11:32:42,927 DEBUG [o.a.c.u.UserPasswordResetManagerImpl] (qtp1845623216-369:[ctx-90b4d491]) (logid:cfe79631) No GUI theme was found with a common name that matches the request's domain.
2026-05-21 11:32:42,928 DEBUG [o.a.c.u.UserPasswordResetManagerImpl] (qtp1845623216-369:[ctx-90b4d491]) (logid:cfe79631) Defaulting reset link's domain to the [user.password.reset.mail.domain.url] configuration value: [labdomain.com.br].
At last, I created a GUI theme with a common name and also mapped it to my local /etc/hosts file. I used the configured common name to access the application login page, and requested a password reset link. When I received it, it was possible to observe that the reset link's domain was the GUI theme's configured common name.
GUI theme test
026-05-21 11:44:16,999 DEBUG [o.a.c.u.UserPasswordResetManagerImpl] (qtp1845623216-404:[ctx-069fe969]) (logid:f7f485e0) Searching for GUI theme with common name that matches the request's domain: [laboratorio.com]
2026-05-21 11:44:17,001 DEBUG [o.a.c.u.UserPasswordResetManagerImpl] (qtp1845623216-404:[ctx-069fe969]) (logid:f7f485e0) GUI theme with ID 1 was found; using request's domain for password reset link.
❌ Patch coverage is 8.82353% with 31 lines in your changes missing coverage. Please review.
✅ Project coverage is 18.09%. Comparing base (a470914) to head (dc4bcb1). ⚠️ Report is 27 commits behind head on main.
@winterhazel a [SL] Jenkins job has been kicked to build packages. It will be bundled with no SystemVM templates. I'll keep you posted as I make progress.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Currently, when a user tries to reset their password, an email is sent with a link that leads to a page where the user can redefine its password. However, this link uses the first value of the
hostconfiguration as the Management Server's domain. For some environments, it may not be interesting to expose the Management Server's IP in the URL.In order to fix this, the Management Server's domain definition workflow was refactored. Now, the request's domain is obtained. Then, GUI themes whose common names match the request's domain are fetched (being the common name a wildcard or the domain itself). If a theme is found, the request's domain is used for the password reset link.
Nevertheless, if no theme is found, the value of the
user.password.reset.mail.domain.urlglobal configuration is obtained. If the configuration has a defined value, it is used as the email's domain. But, if no value is defined, the current behavior is maintained and the first IP address of thehostconfiguration is used.With the refactoring, logs were also added to the domain selection process, allowing an easier troubleshooting process.
Types of changes
Feature/Enhancement Scale or Bug Severity
Feature/Enhancement Scale
Screenshots (if appropriate):
How Has This Been Tested?
Without any GUI theme and the
user.password.reset.mail.domain.urlset asnull, I requested a password reset link. Then, I validated that thehostconfiguration first IP was used, and the right protocol and port were set automatically.Management's IP test
Then, I set the
user.password.reset.mail.domain.urlconfiguration to another domain and requested a new password reset link. After checking the email, It was possible to observe that the configuration's value was used.Configuration test
At last, I created a GUI theme with a common name and also mapped it to my local
/etc/hostsfile. I used the configured common name to access the application login page, and requested a password reset link. When I received it, it was possible to observe that the reset link's domain was the GUI theme's configured common name.GUI theme test