Nice to meet you, I am umihei.
I was looking into your nodemailer and authentication using JWT Token and saw your article on Apr 13th, 2023 11:19 p.m.
https://viblo.asia/p/nodejs-expressで安全なパスワードリ�% 82%BB%E3%83%83%E3%83%88%E6%A9%9F%E8%83%BD%E3%82%92%E5%AE%9F%E8%A3%85%E3%81%99%E3%82%8B-0gdJz7aGLz5
The post method for updating passwords did not work.
The get and post using postman worked fine, but when I post in the browser using ejs, the req.query.token is undefined.
Therefore, in the post method, the following description is used to deal with this issue.
Thank you for reaching out about the issue you encountered with the password reset functionality when using EJS templates. I appreciate you sharing the details.
The reason it works in Postman but not in the browser with EJS is because of how the token is being passed.
However, when submitting the form from the EJS template in the browser, the token is not being included as a query parameter in the URL. Instead, it seems the token is only present in the Referer header of the request.
To resolve this, you have a couple options:
Include the token as a hidden input field in your EJS form:
<formaction="/auth/reset-password"method="POST"><inputtype="hidden"name="token"value="<%= token %>"><!-- other form fields --><buttontype="submit">Reset Password</button></form>
Then in your /auth/reset-password route handler, you can access the token from req.body.token instead of req.query.token.
Alternatively, you can extract the token from the Referer header as you have done:
And then use headerToken in place of req.query.token in your resetPassword controller function.
I recommend going with option 1 and including the token in the form body if possible, as it is a more standard and explicit way of passing data from a form submission.
The reason it works smoothly in Postman is because Postman allows you to construct the request URL and parameters exactly as needed. But when submitting a standard form in the browser, the form data is sent in the request body by default.
I hope this helps clarify the issue and provides a solution! Let me know if you have any other questions.
Thông tin liên hệ: nguyenanhtuan161095@gmail.com
Facebook: https://m.facebook.com/TuanNA200
Zalo: 0374226770
Hello NGUYỄN ANH TUẤN
Nice to meet you, I am umihei. I was looking into your nodemailer and authentication using JWT Token and saw your article on Apr 13th, 2023 11:19 p.m. https://viblo.asia/p/nodejs-expressで安全なパスワードリ�% 82%BB%E3%83%83%E3%83%88%E6%A9%9F%E8%83%BD%E3%82%92%E5%AE%9F%E8%A3%85%E3%81%99%E3%82%8B-0gdJz7aGLz5
The post method for updating passwords did not work. The get and post using postman worked fine, but when I post in the browser using ejs, the req.query.token is undefined.
Therefore, in the post method, the following description is used to deal with this issue.
const refererURL = req.headers.referer; const headerToken = refererURL.substring(46);
In ejs, I post the new password. If there is a way to get the req.query.token in this way, I would appreciate your advice. Thank you in advance.
Hi umihei,
Thank you for reaching out about the issue you encountered with the password reset functionality when using EJS templates. I appreciate you sharing the details.
The reason it works in Postman but not in the browser with EJS is because of how the token is being passed.
In Postman, you are explicitly adding the token to the URL as a query parameter, like this: http://localhost:3000/auth/reset-password?token=copiedToken
However, when submitting the form from the EJS template in the browser, the token is not being included as a query parameter in the URL. Instead, it seems the token is only present in the
Refererheader of the request.To resolve this, you have a couple options:
Then in your
/auth/reset-passwordroute handler, you can access the token fromreq.body.tokeninstead ofreq.query.token.Refererheader as you have done:And then use
headerTokenin place ofreq.query.tokenin yourresetPasswordcontroller function.I recommend going with option 1 and including the token in the form body if possible, as it is a more standard and explicit way of passing data from a form submission.
The reason it works smoothly in Postman is because Postman allows you to construct the request URL and parameters exactly as needed. But when submitting a standard form in the browser, the form data is sent in the request body by default.
I hope this helps clarify the issue and provides a solution! Let me know if you have any other questions.
Best regards, Tuấn